There are all sorts of tools and practices we can employ to manage the security of our WordPress Websites including the ability to log out inactive users from our website.
Seldom a thing that admins are concerned about, but a definite potential threat is logging out inactive users.
If you are a security conscious website admin and are looking for a way to automatically log out idle users in WordPress, I hope you find this article helpful.
If you have used internet banking before, then I bet you have seen this function in practice.
Banks and financial institutions are some of the most security-conscious organizations, and they tend to go to lengths to ensure the data and money of their clients are safe.
Why You Need to Log out Inactive Users in WordPress?
Being able to log out inactive users is particularly important in cases where users tend to get distracted and leave sessions running.
If one accessed a secure website on a less secure machine or network, for instance using a public machine like in an office or internet café.
When you do not log out, the next person accessing the machine can easily do anything with an account that is still logged in and has access to privileged information.
The best thing to do in that case is to configure your WordPress website to log out inactive users automatically.
Let us get started.
Before we start, let me sound an alarm.
Installation anything that alters in any way the default functioning of especially the core WordPress installation or theme is risky.
Things may turn sore very fast.
So before you do anything like that, I beseech thee to backup your website, files, and database.
WPvivid backup plugin is a free and easy to use plugin you can install and configure to automatically save copies of your website on different cloud storage network.
Do not say you were not warned.
How to Log out Inactive Users in WordPress Automatically?
Well, you can do it with PHP, or you can use a WordPress plugin.
In this article, we shall use, Inactive Logout a free WordPress plugin.
It is a very simple to use plugin that does all it promises.
Install and activate the plugin
Login to the admin area of your WordPress website.
Navigate to Plugins from the Left menu and from the submenu click Add New.
In the search box enter Inactive Logout, when the results are populated click Install Now and then activate.
Configuring Inactive Logout to Log out inactive users
When you have activated the plugin, go to settings and then Inactive Logout.
Under basic settings, set the idle timeout. That is the number of minutes a users session will be idle for it is logged out.
Enter the message content – what the user is shown before they are logged out.
On the same page scroll down and check the checkbox beside the other settings you want to enforce on your website.
- There is the popup Background – the default is transparent.
- Disable Timeout countdown – if you want the user to be logged out immediately, the default unchecked will show a user a 10-second countdown before they are logged out.
- Show warning message only without logging out the user.
- Disable concurrent logins in different locations
- And enable redirect, by default the user is taken to the login screen when they are logged out. From here you can set a different page where users can be redirected to.
Save your settings when you are done.
Under advanced management. You can enable the Multi-user or Multi-role timeout functionality.
This feature enables you to set different timeout constraints for different user roles on your website.
By default it is unchecked, select the check box beside Multi Timeout.
Then from the drop down of Enable Multi-user feature, select the roles you want to add.
After the idle time elapses, the user is logged out. With the default settings, they are shown the login screen.
I also kept the transparent background, but, you can change this as we did earlier in the basic settings.
Pretty easy, right?
In this article, I introduced you to Inactive Logout – a great WordPress plugin that enables you to log out inactive users.
We installed and configured it; then we saw how it in action.
It’s a pretty straight forward and handy plugin that will enhance the security of your website.
My parting words are before you install this plugin, or just about any plugin, especially those that have the potential to mess with sensitive areas of your WordPress website; back up your website.
You will be grateful if things don’t go as hoped.
In the comment section below, you can leave your questions and feedback on this plugin. Let us also know what alternative plugins you have used before or are using now.
You may also want to limit WordPress login attempts to prevent brute attack.