By default a WordPress user can login to an account from multiple locations at the same time. This may compromise security of your multi-author WordPress site, and it can definitely hurt your profits if you run a membership site. In this article, we will show you how to stop users from sharing passwords in WordPress by blocking concurrent logins.
How WordPress Handles User Sessions?
Before we move on, lets talk a bit about how WordPress handles user sessions. Like many other web applications, WordPress uses cookies to identify a logged in user. These cookies do not contain your password, just your username and a special key as a proof that you knew the password.
Now if you access your site from a public location and by habit checked “Remember Me” button, then anyone from that computer can login to your site because WordPress allows the same username to be logged in from two different locations.
This is a bit troublesome for security, but it can also be bad for business if you run a membership site selling premium content.
Users can simply share their password with their friends and use the same login information to consume your paid content.
Now wouldn’t it be nice if you could prevent users from staying logged into the same account from multiple places?
Recently when a user asked us this question, we looked around and found a plugin that prevents concurrent logins.
Prevent Concurrent Logins and Password Sharing in WordPress
Video Tutorial
Subscribe to WPBeginner
If you don’t like the video or need more instructions, then continue reading.
First thing you need to do is install and activate the Prevent Concurrent Logins plugin. It works out of the box and there are no settings for you to configure.
You can test the plugin in action by signing in to your WordPress site from two different browsers on your computer or using the private / incognito mode.
When you try to login to your site with the same username and password on the second browser, you will be able to successfully login. However, the plugin will terminate the old session, and clicking on any link in the previous browser window will take you to the login page.
That’s all. We hope this article helped you learn how to stop users from sharing passwords in WordPress by blocking concurrent logins. You may also want to check out our guide on how to monitor user activity in WordPress with Simple History.
Also just a friendly reminder: Passwords can be hacked. If you wan to avoid this, then you need to use strong passwords on your WordPress site. You may also want to force strong passwords for all users on your WordPress site.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Google+.