Web security is of prime importance these days. Just when you might think that your website does not hold any valuable information, hackers might take control of it. They might change the layout and tweak things around a bit just for fun.
Idle user sessions can lead to brute force attacks, where the hackers will use a cookie hijacking method to gain access to your site. This is why most websites these days, especially those related to the financial sector, automatically log out their inactive or idle users.
As a web site owner, you should be concerned about its safety. You can use this automatic log out feature for idle users to enhance security for your website.
As a result, inactive or idle users will be automatically kicked out after some time. Here we will see how we can configure WordPress to Automatically Log Out idle users.
Manual Method
You can manually set up WordPress to Automatically Log Out idle users using the following steps:
Paste the following code in your theme template: if(empty($id)){ wp_logout(); } In your function.php file, paste the following code: add_action('wp_logout','go_home'); function go_home(){ wp_redirect( '/wp-login.php?action=logout&custom-logout=yes' ); exit(); } //If the custom parameter is set display the message on the login screen if(!empty($_GET['custom-logout']) && strtolower($_GET['custom-logout']) == "yes"){ function custom_login_message() { $message = '<p class="message">Add your message here...</p><br />'; return $message; } add_filter('login_message', 'custom_login_message'); }
Install and Activate Logout Plugin
Use this simple and easy to use plugin to automatically log out inactive users from WordPress. Go to the WordPress Plugins area and search for Inactive Logout Plugin. Click to install and activate the Plugin.
After installing the plugin, you just need to go to settings and set the idle timeout. So now the inactive user sessions will be automatically terminated.
You can also configure a warning message to be sent to the users, alerting them that their session is about to end. It has the following features:
- Countdown feature where there is a countdown of 10 seconds before the session is terminated. This feature is optional.
- Wake Up! Message feature where instead of logging out, the system displays a wakeup message where the user is inactive for some time.
- Simple and easy to use interface
- Popup Message that can be customized.
- Multisite Support: All site settings are override.
- Idle timeout time that can be adjusted.
- Concurrent logout functionality used to prevent concurrent logouts.
- You can redirect to a different page instead of displaying just a popup box. Create a timeout page and add your content thereby creating a blank template. You can also style it individually using themes and such.
- Multiple User roles can be configured for separate timeouts and redirects
- Clean UI
- Multi-browser tab support: If the user has multiple browser tabs opened and is active in a certain browser tab, logout will not happen.
- The Inactive Logout Pro Version also has some additional features such as auto browser close and log out after an active session of 2 minutes. It can also override the priority for multiple logins.
Idle User Logout Plugin
You can use this Plugin in WordPress to Automatically Log Out idle users. Go to the Plugins area and click on the Add New button. Search for the plugin Idle User Logout.
Select the plugin that bears the same name. Install and activate the plugin. This will create a Settings link in the left admin panel.
Click on Settings from the left panel. Click on Idle User Logout. It is present in the list of tools. The list may vary according to users but Idle User Logout will be there.
You can configure how long it takes for an auto-logout to occur. The default is 20 seconds but this might be too less, so it is advisable to set it to an optimal three hundred seconds or five minutes.
If you wish you can disable idle settings for WordPress admin, that is you. If you leave this checkbox checked, idle logout won’t happen to anyone who does not have an admin account. Please do remember to save your changes.
Related Post: How to Create a WordPress Users Email List
The post How to Set WordPress to Automatically Log Out Idle Users appeared first on SKT Themes.