Running a multi author WordPress site comes with new challenges. For a security conscious site admin, inactive users may pose a session hijacking threat. This is why many banking and financial sites automatically log out an inactive user. You can implement similar functionality on your WordPress site as well. In this article, we will show you how to automatically log out idle users in WordPress.
First thing you need to do is install and activate the Idle User Logout plugin. Upon activation, simply go to Settings » Idle User Logout to configure the plugin.
Start by entering the Idle time. The default value is 20 seconds, but you can set it to a lower or higher value. Next, you need to choose whether to count idle time in WordPress admin area as well. Make sure you uncheck this box for better security.
Click on the save changes button to store your changes.
Now you need to click on the behavior tab on the plugins settings page. On this page, you can fine tune the plugin behavior. You can set different logout rules for different user roles.
You can also select what to do when a user is idle for the given time. You can log out the user and send them back to login page, redirect them to a custom page, show them a popup, etc.
Don’t forget to click on the save changes button to store your changes.
That’s all. We hope this article helped you learn how to automatically log out idle users in WordPress. You may also want to take a look at this tutorial on how to force strong passwords on users in WordPress.