How WordPress Handles User Sessions?

Prevent Concurrent Logins

Before we move on, lets talk a bit about how WordPress handles user sessions. Like many other web applications, WordPress uses cookies to identify a logged in user. These cookies do not contain your password, just your username and a special key as a proof that you knew the password.

Now if you access your site from a public location and by habit checked “Remember Me” button, then anyone from that computer can login to your site because WordPress allows the same username to be logged in from two different locations.

This is a bit troublesome for security, but it can also be bad for business if you run a membership site selling premium content.

Users can simply share their password with their friends and use the same login information to consume your paid content.

Now wouldn’t it be nice if you could prevent users from staying logged into the same account from multiple places?

Recently when a user asked us this question, we looked around and found a plugin that prevents concurrent logins.

Prevent Concurrent Logins and Password Sharing in WordPress

First thing you need to do is install and activate the Prevent Concurrent Loginsplugin. It works out of the box and there are no settings for you to configure.

You can test the plugin in action by signing in to your WordPress site from two different browsers on your computer or using the private / incognito mode.

When you try to login to your site with the same username and password on the second browser, you will be able to successfully login. However, the plugin will terminate the old session, and clicking on any link in the previous browser window will take you to the login page.

That’s all. We hope this article helped you learn how to stop users from sharing passwords in WordPress by blocking concurrent logins. You may also want to check out our guide on how to monitor user activity in WordPress with Simple History.

Also just a friendly reminder: Passwords can be hacked. If you wan to avoid this, then you need to use strong passwords on your WordPress site. You may also want to force strong passwords for all users on your WordPress site.




CALL: 07711-085-858



You have Successfully Subscribed!

Pin It on Pinterest