How prevent multiple login with same login credentials in WordPress ?

Introduction :
WordPress users can sign in to their account simultaneously from multiple locations with same username and password, lets take an example, suppose if you’re running a WordPress membership site in that case people sharing your login information and wanting more access to your site, then it will undoubtedly damage your interests and you know that WordPress has a minor security breach. You do not have to worry about this I will explain how resolves this issue (i.e. blocking simultaneous sign-ins).

How can I resolve this issue?
There are many ways to resolve this issue with free plug-ins and premium extensions, but I do not know how this works but the potential for site performance is getting worse, but here, a code that is implemented on a very light weight with a simple custom field to setup restrict the number of concurrent user logins and few WordPress hooks to handle user simultaneous sign-ins, if your are not familiar on custom fields please have a look at once my previous article “How do I add my own custom fields to the WordPress registration form ?” for beginners and its very simple, handy and every line of code was self explanatory.

Here we go, before diving into the code I have classified code as two sections, the one is create custom additional field and allow administrator to set number times user can simultaneously access sign-in, the other one is based on simultaneous sign-in limit, allow user to sign-in if not show an error message on login screen, please follow the below code snippets every line of code was self explanatory.

1.Add a new field to the admin profile page, to set session sign-in restriction to the user

2.When the administrator updates the user profile, update the new field information on the administration profile page (that is, set session sign-in restriction to the user)

Add wordpress custom field

3.Displaying additional newly created fieldĀ  at administrator manages all user page

Manage wordpress custom field
4.First of all, the meta user receives all user data for which no newly created field data has been set and sets the default value for that user to one

5.First, it is necessary to obtain all the user data set by session_tokens, make sure that each user session limit is more restricted than the limit specified by the administrator, then destroy all login sessions, so user can avoid past logs of conflicts.

6.Initially, when user trying to login, check whether the user session limit is more restricted than the limit specified by the administrator, when using “authenticate” filter hook, if it is more not allow him to login and show the error message at the login screen

a simple prevent users sharing sign-in information plugin for WordPress

Next, open the “functions.php” file of the currently active theme and leave this PHP code or create a plugin with the following header and leave this PHP code or download the full code here.

Conclusion :
In the above code snippet, only allows simultaneous sign-ins can be made based on user’s setting done by administrator default value were one at the time, if a user share his login information, only one user at a time is allowed, if other users try to sign-in with shared login information they will kick out, This not only improves the security of the site but also allows users to sign-in with their own login information due to after the user fired from the server several times.

Leave a Reply

Your email address will not be published. Required fields are marked *