Limit WordPress Users to Multi-Device Logins to Improve Website Security

In some cases, you want to limit the number of user logins on your WordPress site by ensuring that each userLogin on one device only. This method not only improves the security of your website, but also prevents users from sharing login information across multiple devices. This article will detail how to use a free plugin to restrict users from logging in to a single device and how to bypass certain user or role restrictions by adding custom code snippets.

Step 1: Install and activate Loggedin - Limit Active Logins plugin

First, you need to install and activate the free Loggedin - Limit Active Logins Plugin. The following are step-by-step instructions for installing the plug-in:

1. Go to the WordPress dashboard and click plug-in (software component) " Installation of new plug-insThe
2. In the search bar in the upper right corner, type "Loggedin - Limit Active Logins"The

3. Once you have found the plugin, click mountingand then click activateThe

After installing and activating the plugin, it will by default limit each user to a maximum of 3 times a device has logged in. If a user attempts to log in on more than this number of devices, they will receive a message indicating that they have reached their maximum number of logins.

How to Configure the Loggedin Plugin

The Loggedin plugin starts working immediately after activation, but you can change its default settings as required:

1. In the WordPress dashboard, click set up " conventional (weapons)The
2. Scroll down to Login Settings section, find the section called Maximum number of active logins The options.

3. If you wish to limit users to logging in on only one device, set this number to 1.
4. Next, it is also possible to configure the Login Logic Settings. This will determine what happens when a user reaches the login limit:
   • permissible: Users will be able to log in on the new device, but their other devices will be automatically logged out.
   • discourage: Users cannot log on to the new device until the session on the other device has ended.

To ensure that users can only log in on one device, you need to set the Maximum number of active logins is set to 1, and the Login Logic set to discourageThe

strike (on the keyboard) Save Changes button to store your settings.

How to manually logout a user

The plugin also providesForced cancellation of usersfunction. With this feature, a user can be manually logged off from all devices. Below are the steps:

1. In the WordPress dashboard, go to subscribers Part.

2. Find the user you want to force logout, click Edit, find the url link and make a note of it User IDThe

3. come (or go) back set up " conventional (weapons) page, scroll down to the Login SettingsFind Forced write-offs Options.

4. Enter the user's User IDand then click Forced write-offs Button.

At this point, the user will be forced to log out from all devices and will need to log back in.

Bypass login restrictions for certain users or roles (advanced feature)

If you wish to bypass login restrictions for certain users or roles. For example, an administrator may need multiple devices to log in, or some important team members may use different devices at multiple workplaces. In this case, you can get around the restriction by adding theCustom Codesnippets to bypass these restrictions.

Bypassing user-specific login restrictions

To bypass user-specific login restrictions, you canUsing custom code snippetsto realize it. To be on the safe side, it is recommended to use the WPCode plugin to manage code snippets. Here's how it works:

1. Installation and activation WPCode Plug-ins.

2. In the WordPress dashboard, click code segment " + Add clipThe

3. Hover over the "Add custom code (new code snippet)" entry and click on the Add custom codeThe

4. In the pop-up window select PHP Snippet Options.

5. Add the following code snippet to the code editor:

function loggedin_bypass_users( $bypass, $user_id ) {

    // Enter the user IDs to bypass.
    $allowed_users = array( 1, 2, 3, 4, 5 );

    return in_array( $user_id, $allowed_users );
}

add_filter( 'loggedin_bypass', 'loggedin_bypass_users', 10, 2 );

In this code, the $allowed_users = array( 1, 2, 3, 4, 5 ); with the number you want to bypass the login restriction.User IDFor example. For example, if you want to allow users with user IDs 2 and 5 to bypass the restriction, change the code to array( 2, 5 )The

When you're done, set the code snippet to maneuverand then click Saving code snippets Button.

Bypassing role-specific login restrictions

If you want to bypass login restrictions for certain roles, such as administrator or editor, you can use the following custom code snippet to do so. The steps are as follows:

1. Create a new code snippet and name it Bypassing role-specific login restrictionsThe
2. Paste the following code snippet into the code editor:

function loggedin_bypass_roles( $prevent, $user_id ) {

    // Array of roles to bypass.
    $allowed_roles = array( 'administrator', 'editor' );

    $user = get_user_by( 'id', $user_id );

    $roles = ! empty( $user->roles ) ? $user->roles : array();

    return ! empty( array_intersect( $roles, $allowed_roles ) ); }
}

add_filter( 'loggedin_bypass', 'loggedin_bypass_roles', 10, 2 ); }

In this code, the array( 'administrator', 'editor' ) Replace the name of the character in with the name of the character you want to bypass the restriction. The character name needs to be replaced with thesingle quote(') are enclosed and separated by commas.

When you're done, set the code snippet to maneuverand click Saving code snippets Button.

summarize

By using the Loggedin - Limit Active Logins plug-in (software component)In order to improve the security of your WordPress site, you can easily limit the number of devices a user can log in to. If exceptions need to be made for certain users or roles, these restrictions can also be bypassed by adding custom code snippets. Use the WPCode Plugins can help you manage this code more securely and easily.