Automatically Log out Idle Users in WordPress

Automatically Log out Idle Users in WordPress

More than we admit, we leave the browser opens and move to other tasks. But, unfortunately, our accounts sit idle at that time, prone to various security risks.

With WordPress, you can automatically log out idle users. The inactive users have to log in again to resume working.

Payment gateways, banking websites, and websites with sensitive data follow this rule. Logout the inactive accounts, and make them start from the beginning.

In this short article, I will show you how you can do the same on your WordPress website.

Why automatically log out idle users?

Idle WordPress users are a security risk. 

If the account is logged in without any activity, the chances of session and cookie hijacking increase. At that point, hackers can run scripts to take over the account without actually using the login credentials. 

Besides hackers, having an idle account could also mean the user is not present to interact with it. The person could take a break, get busy with other tasks, or be distracted by random activity.

Meanwhile, the account is sitting idle with no one looking at it. Strangers can take a peek and see what they are not supposed to find.

Basically, by logging out the idle WordPress users, you secure their accounts from any unethical use.

Hacked website take resources and time during clean up. It is better to keep them secure.

How to automatically Log Out?

To automatically log out idle users in WordPress, you have to download a small plugin.

Automatically Log out Idle Users in WordPress with Inactive Logout

Activate the plugin. Open the plugin setting from the Settings » Inactive Logout.

Settings to Inactive Logout

Let’s understand and configure the Inactive Logout plugin.

Inactive Logout Plugin Setting

Inactive logout Setting Page

Idle Timeout: Enter the time to allow the users to site idly without any log out. Select the minutes and pick the duration accordingly. Not too long or short. By default, 15 minutes is a-okay time.

However, if your business is dealing with sensitive information, then you should lower the duration.

Idle Message Content: Show a short and straightforward message to the users before the account automatically logoff. It will show a little notice that they have been logged out of the account due to inactivity, and need to log in to resume.

Popup Background: A simple yet effective setting to protect the user’s information. Selecting this option will change the color of the browser screen. Hence, the content on the screen will not be visible to anyone trying to peek at the display.

Timeout Countdown Period: Before the log-off, the user will see a countdown. If in that period, the user chooses to do some activity, the log-out will be canceled.

By default, it is 10 seconds.

Disable Timeout Countdown: Turn off the countdown and directly log out the user after ‘x’ minutes of no activity. 

Disable Login Popup: Do not show the login popup and only display the message that the user has been logged out due to idleness.

Show Warn Message Only: Instead of auto-logout the user, display the warning message. The message will cover the screen if the popup background is enabled. 

Disable Concurrent Logins: Check this option to prevent concurrent logins. The user will not be able to use one account to log in from two different devices simultaneously. Instead, the user has to log out first from the one device to log in from the second device.

This is something NetFlix and OTT use. They never let the one account logged in from various devices at the same time.

Enable Redirect: By default, the user will be redirected to the WordPress login screen after the timeout. However, you can choose to redirect the user to the page of your liking.

Review the changes and settings. Click on the ‘Save Settings’ button to save the changes.

Different timeout settings based on user roles

The Inactive Logout plugins allow you to set the timeout duration according to the WordPress user roles.

Go the the ‘Advance Management’ tab on the plugin’s Settings page. At first, you may not see all these settings. So you have to check the ‘Multi-Role Timeout’ option.

Role Based Timeout Active Logout to Automatic Log Out Idel WordPress Users

Then you need to select the user roles you want to set up a different timeout duration than global settings. 

At the next step, you will choose the timeout in minutes, select a page to redirect the users, or completely disable the timeout setting for that user role.

After making and reviewing changes, click on the ‘Save Changes’ button to store the setting. 

If you wish to see the plugin working, you have to do nothing. Log in to your account, and do nothing for the timeout duration (that you picked). You will see a box like this.

Session Timeout

The users who click on the continue button can resume working without any break or log out.

If you don’t click on the Continue button, you will be automatically logged out and see the log-in screen. Or a modified log-in screen made by the plugin.

Session Timeout Login page

That’s it.

You have set up the automatic log-out feature for idle users in WordPress.

Wrap Up

Automatically log out idle users in WordPress is one more step towards WordPress security. But without multiple security touchpoints, it will not contribute to the website protection much.

You should always use a strong password and limit the failed login attempts. Also, add the security question to the WordPress page and change the login URL.

If you are looking for a powerful WordPress hosting that takes care of the security, too, ServerGuy is for you.

In this article, I showed you how to log out the idle users automatically. If there is any doubt or questions, please leave them in the comment section.

Latest WordPress Tips, Guides, & News

Stay updated with new stuff in the WP ecosystem including exclusive deals, how-to articles, new plugins, and more. 100% WordPress Goodness, a promise!

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top

We can help you. Right now.

Fast growing merchants depend ServerGuy for high-performance hosting. Experience counts. Let's get started.

Talk to a sales representative

USA / Worldwide

+1.714.2425683

India

+91.9852704704

Core Web Vitals Book COver

Is your website ready for Core Web Vitals?

Take this FREE book with you and optimize your store for speed.

Learn all about new Google new ranking factors and get that top ranking.