Many people share their Netflix accounts with friends. To combat excessive password sharing, online services have begun to restrict the number of devices that can access a single account simultaneously.
Numerous readers who operate membership sites and provide online courses express their concerns about login credential sharing, as it can lead to revenue loss for their businesses. Consequently, they are interested in implementing similar login restrictions.
In this article, we will guide you on how to limit each user’s login to just one device on your WordPress site. By the end of this tutorial, you will understand how to safeguard your content and ensure that only paying members can access it, thereby maintaining fairness and profitability for your online business.
Reasons to Limit User Logins to a Single Device in WordPress
Streaming platforms face the issue of users sharing their login information. In 2023, Netflix revealed that approximately 100 million households worldwide were sharing passwords. That’s a staggering number!
Many WordPress sites, particularly membership and e-learning platforms, encounter the same challenge. By default, WordPress allows users to log in from an unlimited number of devices and browsers at the same time.
While this practice may seem harmless to users, it can have a significant negative effect on a website’s revenue and overall user experience. For instance:
- Membership sites provide exclusive content to paying users. When logins are shared, fewer individuals are likely to purchase memberships, resulting in reduced revenue for the site owner.
- When students share their online course logins, it discourages others from purchasing the course. Additionally, it complicates the ability to offer personalized support or track course completion.
By restricting user logins to a single device, you can accurately assess the number of genuine users, increase revenue, and preserve the integrity of your content or services. This approach also ensures a fair experience for all paying users and enhances the security of your website.
Limiting logins is not a matter of distrust; rather, it is about maintaining fairness on the website and ensuring its sustainability. This benefits both the site owner and the honest users.
How to Restrict User Login to One Device in WordPress (Simple Guide)
To get started, install and activate the free Loggedin – Limit Active Logins plugin. You can follow our detailed guide on how to install a WordPress plugin for assistance.
Once activated, the plugin automatically limits each user to three active logins.
Depending on your settings, users may be unable to log in on a new device once they reach this limit until they log out from one of their other devices. More details on this are provided below.
Important Note:Once a user logs into WordPress, they typically remain logged in even after closing their web browser. To log out, they must manually select the ‘Howdy’ menu located at the top right corner of the screen.
To configure the plugin, navigate to Settings » General in your WordPress dashboard and scroll down to the ‘Loggedin Settings’ section.
In this section, you can modify the number in the ‘Maximum Active Logins’ field to set a different limit on logins.
The ‘Login Logic’ option defines the behavior when a user reaches the maximum active login limit:
- Allow: Users can log in on a new device but will be automatically logged out from all other devices.
- Block: Users will not be able to log in on the new device until their other sessions expire.
If you want to limit user access to just one device, set the ‘Maximum Active Logins’ to 1 and choose ‘Login Logic’ as Block.
Alternatively, if you are okay with users logging in on any device as long as they are only logged in on one at a time, set ‘Maximum Active Logins’ to 1 and ‘Login Logic’ to Allow.
Remember to click the ‘Save Changes’ button to apply your settings.
The plugin enables you to log out a specific user from all devices. Just enter their user ID and click the ‘Force Logout’ button.
You can discover how to locate a user ID by referring to our guide on finding post, category, tag, comment, or user IDs in WordPress.
Advanced Method for Bypassing Login Restrictions for Specific Users or Roles
This allows you to exempt certain users or user roles from the login restrictions.
For instance, you may want to ensure that your site administrators and editors are not unintentionally locked out. Alternatively, you might have a key team member who works from various computers in different locations.
To implement this, you will need to insert custom code snippets into your WordPress theme’s functions.php file. Even a small error can disrupt your WordPress site and render it inaccessible, so please refer to our guide on how to safely add custom code in WordPress.
We recommend using WPCode as it provides the safest method for adding code snippets without the need to manually edit the functions.php file.
Exempting Specific Users from Login Restrictions
Simply install and activate the free version of WPCode, then go toCode Snippets » + Add Snippetin your WordPress dashboard.
Next, move your mouse over the ‘Add Your Custom Code (New Snippet)’ option and click the ‘Use snippet’ button that appears.
A popup will appear at the bottom of the screen prompting you to choose the code type for your snippet.
Select the ‘PHP Snippet’ option.
This will take you to the Create Custom Snippet page, where you can input the necessary code. Begin by giving your snippet a title, such as ‘Bypass Login Restrictions for Specific Users’.
Next, copy the code snippet provided below and paste it into the ‘Code Preview’ section:
function loggedin_bypass_users( $bypass, $user_id ) { // Specify the user IDs to bypass. $allowed_users = array( 1, 2, 3, 4, 5 ); return in_array( $user_id, $allowed_users );
}
add_filter( 'loggedin_bypass', 'loggedin_bypass_users', 10, 2 );
Now locate the line that begins with $allowed_users = array. You need to replace ‘1, 2, 3, 4, 5’ with the user IDs of the specific users you want to exempt from the restriction. You can include any number of user IDs, separated by commas.
Discover how to locate a user ID by referring to our comprehensive guide on finding post, category, tag, comment, or user IDs in WordPress.
To finalize your settings, switch the snippet to ‘Active’ and click the ‘Save Snippet’ button.
Allowing Certain Roles to Bypass Login Restrictions
You can use the same procedure to insert a code snippet that enables specific roles to bypass login restrictions.
Create a new code snippet titled ‘Bypass Login Restrictions for Certain Roles’ and paste the following code into the ‘Code Preview’ section:
function loggedin_bypass_roles( $prevent, $user_id ) { // List of roles that can bypass restrictions. $allowed_roles = array( 'administrator', 'editor' ); $user = get_user_by( 'id', $user_id ); $roles = ! empty( $user->roles ) ? $user->roles : array(); return ! empty( array_intersect( $roles, $allowed_roles ) );
}
add_filter( 'loggedin_bypass', 'loggedin_bypass_roles', 10, 2 );
This snippet allows users with the ‘administrator’ and ‘editor’ roles to bypass login restrictions. You can include additional roles, such as ‘author’, by placing them in single quotes and separating them with commas.
Make sure to set the snippet to ‘Active’ and click the ‘Save Snippet’ button when you finish.
We trust this tutorial has guided you in limiting user logins to a single device in WordPress. You might also be interested in our comprehensive guide on building a WordPress membership site or our selection of the top WordPress LMS plugins.
If you enjoyed this article, please subscribe to our YouTube Channel for WordPress video tutorials. You can also connect with us on Twitter and Facebook.
