Search for answers or browse our knowledge base.
Getting started with WordPress User Session Management
Managing WordPress user sessions helps you keep your users and website safer. Through policies and active management, you can:
- See who is logged in to your website in realtime
- Block multiple WordPress sessions
- Terminate idle sessions to prevent hijacking
- View users’ events
- Terminate active sessions in real-time
- Clean expired session data
WP Activity Log’s User Session Management module offers a blend of policies and real-time management to provide you with the tools you need to stay in control at all times.
Configuring WordPress User Session Management policies
User Session Management policies enable you to set up rules that automate how user sessions are handled and what restrictions, if any, apply.
To configure User Session Management policies, first navigate to WP Activity Log > Logged In Users > Users Sessions Management.
Policies can be enabled as follows:
- Have one policy for all users
- Have one policy for all users except one or more roles
- Have one policy for one role
- Have different policies for different roles
To enable policies, first, navigate to the appropriate tab, choosing All for all users or a role tab to set up policies for that specific role. Next, tick the Enable session policies checkbox.
By default, policies for all users are automatically inherited by all roles. You can break this inheritance for any role you want by unticking the Inherit the session policies checkbox on the role’s policy page.
Next, you can configure the User Session policies as follows:
Do you want to allow two or more people to login simultaneously with the same username?
As the name implies, this policy allows you to limit multiple users logging in at the same time using the same user account. You can limit multiple sessions in a number of ways:
Allow one session only: This option allows one session and automatically blocks any subsequent attempt to log in with the same user account
Allow one session only and override current session: This option allows subsequent attempt to log in with the same user account while terminating the current session
Allow up to sessions and block the rest: This option allows the specified number of sessions with the same user account and blocks any further attempts.
Configure a Blocked Session Notification for Users
Here, you can set a custom error message to show to the user whenever a login attempt is blocked due to the configured Multiple Sessions policy.
Blocked Sessions Error: Enter the message you would like to display to users here.
Do you want to terminate idle sessions automatically?
Idle sessions can present security risks. Terminating them is considered to be a security best practice.
Terminate Idle Sessions: Tick this checkbox to terminate idle sessions automatically. You will also need to enter the number of hours a session must be idle for before it is terminated.
Once ready, click Save for the policy to go into effect.
Managing WordPress users’ sessions in real time
You can view and manage WordPress user sessions in real time through WP Activity Log. To get started, navigate to WP Activity Log > Logged In Users.
In the main window, you can see all the users that are logged in at the moment. The user role, the start time of the session, the Session ID, and other details can be seen in this view.
For each user session, you can view the user’s events by clicking on the Show me this user’s events button. This will open the Log Viewer with the appropriate filters in place to quickly view that user’s activities.
You can also terminate any session by clicking on the Terminate Session button for that user session.
The plugin also offers you the option to terminate all active sessions by clicking on the Terminate All Sessions button at the top-right corner of the page:
Upon clicking this option, you can choose whether you want to terminate your session as well:
Learn how to manage WordPress user sessions in greater depth by visiting the KB articles below:
