makers99/loggedin
Limit number of active logins for a user account in WordPress
LoggedIn - Limit Active Logins
Light weight WordPress plugin to limit number of active logins from an account. Set maximum number of concurrent logins a user can have from multiple places.
Contributors: Joel James
Requires at least: 4.0
Tested up to: 6.6
Stable tag: 1.3.1
Requires PHP: 5.6
License: GPLv2+
Description
By default in WordPress users can login using one account from unlimited devices/browsers at a time. This is not good for everyone, seriously! With this plugin you can easily set a limit for no. of active logins a user can have.
LoggedIn - Features and Advantages
- Set maximum no. of active logins for a user.
- Block new logins when the login limit is reached.
- Allow new logins while logging out from other devices when the limit is reached.
- Prevent users from sharing their account.
- Useful for membership sites (for others too).
- No complex settings. Just one optional field to set the limit.
- Super Light weight.
- Filter to bypass login limit for certain users or roles.
- Completely free to use with lifetime updates.
- Follows best WordPress coding standards.
**Development is on GitHub. Pull requests to dev brach are welcome.
Frequently Asked Questions
How can I set the limit, and where? π€
This plugin does not have a seperate settings page. But we have one configural settings to let you set the login limit.
- Go to
Settingspage in admin dashboard. - Scroll down to see the section
π Loggedin. - Set the maximum number of active logins a user can have in
Maximum Active Loginsoption.
Can I somehow allow new logins when the limit is reached? π€
You can forcefully logout the user from other devices and allow new login.
- Go to
Settingspage in admin dashboard. - Scroll down to see the section
π Loggedin. - Select the
Login LogicasAllow.
Can I block the new logins when the limit is reached? π€
You block the new logins when the user is logged in from maximum no. of devices according to the limit you set.
- Go to
Settingspage in admin dashboard. - Scroll down to see the section
π Loggedin. - Select the
Login LogicasBlock. - Now user will have to wait for the other login sessions to expire before login from new device.
How long a login session exist? How long the user needs to wait for new login? π€
That depends. If the βRemember Meβ box is checked while login, WordPress will keep the user logged in for 14 days by default. If βRemember Meβ is not checked, 2 days will be the active login session time.
You can change that period using, auth_cookie_expiration filter.
function loggedin_auth_cookie_expiration( $expire ) {
// Allow for a month.
return MONTH_IN_SECONDS;
}
add_filter( 'auth_cookie_expiration', 'loggedin_auth_cookie_expiration' );How can I forcefully logout a user from all devices? π€
You can forcefully logout a user from all the devices he has logged into. Get his WordPress user ID and,
- Go to
Settingspage in admin dashboard. - Scroll down to see the section
π Loggedin. - Enter user ID of the user you would like to logout.
- Click
Force Logout.
Can I bypass this limit for certain users or roles? π€
Yes, of course. But this time you are going to add few lines of code. Don't worry. Just copy+paste this code in your theme's functions.php file or in custom plugin:
function loggedin_bypass_users( $bypass, $user_id ) {
// Enter the user IDs to bypass.
$allowed_users = array( 1, 2, 3, 4, 5 );
return in_array( $user_id, $allowed_users );
}
add_filter( 'loggedin_bypass', 'loggedin_bypass_users', 10, 2 );Or if you want to bypass this for certain roles:
function loggedin_bypass_roles( $prevent, $user_id ) {
// Array of roles to bypass.
$allowed_roles = array( 'administrator', 'editor' );
$user = get_user_by( 'id', $user_id );
$roles = ! empty( $user->roles ) ? $user->roles : array();
return ! empty( array_intersect( $roles, $allowed_roles ) );
}
add_filter( 'loggedin_bypass', 'loggedin_bypass_roles', 10, 2 );Changelog
Please see here.