When users close the browser window without logging out from a WordPress website, their session is not terminated.
Idle WordPress sessions make session hijacking easier and can also lead to a number of problems, especially if you want to limit or block simultaneous logged in WordPress users sessions. This post explains how you can configure the WP Activity Log plugin to automatically terminate idle WordPress users sessions.
Terminating idle WordPress users sessions
- Login to your WordPress dashboard and click the Logged In Users entry in the WP Activity Log plugin menu.
- Click on the Users Sessions Management tab.
- Select the profile for which you want to configure this. If you want to configure this for all profiles, configure the setting in the All tab.
- Tick the checkbox Terminate Idle Sessions to enable such functionality.
- Configure for how long a user session should be idle before it is terminated automatically by the plugin.
- Click Save Changes to save the settings.
How does the idle session termination work?
The process is very simply. Once you enable this setting:
- The plugin sets a cron job on the WordPress website that runs every hour.
- When the cron job runs it checks the time of every user’s last change.
- If the time of the last change is longer than the configured number of hours, that session is automatically terminated.
Refer to the WordPress users sessions management manual for more information on how you can manage, limit and block multiple user sessions.