WordPress popularity and users are growing rapidly. Along with that, we get news of cyber attacks and many websites being hacked and exploited on a daily basis. In this case, you may assume that your website is too small to gain the attention of hackers and bots. But even your own account can be exploited.
In case you are away and forgot to log out and kept your site logged open then your account can pose a security risk. Someone could hijack the session and access your account. When an account sits for too long without interaction, it increases the chances of session hijacking from unauthorized users. Hacker can gain control of the account without actually using credentials. This is one of the major points why most of the banks, financial sites that offer online banking, credit card payments or financial services automatically log out users after a certain period of inactivity. Today in this tutorial we are going to show you why it is important to log out idle users and how you can log out inactive users and improve your WordPress security.
Why do you need to Log Out Inactive Users in WordPress?
When a user stays inactive for too long after logging in, hackers may run a session or cookie hijacking method to gain unauthorized access to your site. Also, while you are logged into the WordPress dashboard, your web browser may be sending frequent requests to your server, depending on what kind of plugins you have installed.
If you don’t log out and leave your computer for a while, WordPress will continue to send requests to your server. For this reason, it is also recommended that you log out of WordPress when you’re not working on your computer or website. But we don’t always remember to log out, do we? That’s why you can set inactive users log out plugins available in the WordPress repository to keep your WordPress blog secure. This plugin can help make sure you are logged out after a certain amount of time and help keep your site protected.
How to Automatically Log Out Inactive Users in WordPress?
Today, we are featuring the Idle User Logout plugin. It’s a simple system that is easy to set up and use. Although this plugin hasn’t been updated in quite some time, we did verify it to work with WordPress 5.2. This plugin is great for both multi-author blogs and other WordPress blogs. First of all, you need to install and activate the idle user logout plugin.
After activating, you can directly go to the WordPress Dashboard Settings. And you can see Idle User Logout Plugin.
The plugin lets you configure the following settings:
- Idle Time – specify how long (in seconds) that users can be idle before your site will log them out
- Disable in WP Admin – log out all browsers and session except WP Admin
Click on “Idle Behaviour” for more settings. It consists of the settings for all the type of users. You can set the timing for the administrator, contributor, editor depending on your choice.
You can also choose the impact after these users get logged out.
You can redirect them to a new page or the login page. Many membership website owners redirect their users to the blog page or a special page.
And Finally, click on Save Changes and you’re job is done! To check if it worked, try it yourself by checking Disable in WP Admin box. Another method to test your settings is by opening up an anonymous web browser session from your incognito browser window.
That’s all. We hope this article helped you learn how to automatically log out idle users in WordPress.If you want more tutorials related to WordPress security then please check these articles out.
- Essential WordPress Security Plugins For 2019
- How to block an IP Address in WordPress
- How to Create a Temporary Login for WordPress without Password?