Beginner's Guide for WordPress / Start your WordPress Blog in minutes

How to Automatically Log Out Idle Users in WordPress

Do you want to automatically log out idle users in WordPress? As a security-conscious site admin, you may want to force inactive users to log in again.

Banking websites and apps log out idle users to stop unauthorized users from accessing accounts. You can do the same on your own WordPress website to improve security.

In this article, we will show you how to automatically log out inactive users in WordPress. Once logged out, users will be asked to log in again to resume what they were doing.

How to automatically logout inactive or idle users in WordPress

Why Automatically Log out Idle Users in WordPress?

Idle users pose a security risk to your WordPress website. If someone on your team leaves their laptop unattended at a coffee shop or library, then a stranger may be able to see sensitive information, change their password, or even publish or delete some posts.

Inactive users also leave your website more vulnerable to hackers. They may be able to run scripts and take over the user’s account.

That’s why it’s a good security practice to automatically log out users who have become inactive and hide the content on their screen.

With that being said, let’s take a look at how to automatically log out idle users in WordPress.

How to Automatically Log Out Idle Users in WordPress

The first thing you need to do is install and activate the Inactive Logout plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, simply go to Settings » Inactive Logout page to configure the plugin.

Settings page for Inactive Logout plugin

First, you need to enter the time after which a user will be automatically logged out. You can enter the time in minutes and make sure it is not too short or too long.

After that, you can enter a message that you want to be displayed to inactive users.

Below the message field, you will find more plugin options to change logout functionality. The default settings will work for most websites, but you can change them if you want.

Inactive users timeout settings

You can enable the ‘Popup Background’ option if you want to change the background color of the screen when a user session times out. This will cover the user’s browser screen to keep the contents hidden from prying eyes.

The ‘Disable Timeout Countdown’ option will remove the countdown warning and will directly log out idle users.

If you don’t want to use the auto logout feature, then you can check the ‘Show Warn Message Only’ option. Now the warning message will be displayed but the user will not be logged out.

The ‘Disable Concurrent Logins’ option will stop your users from using the same account from different devices or browsers at the same time.

By default, the plugin displays a login popup and does not redirect users. You can enable the ‘Enable Redirect’ option to redirect users to any page you want.

After you have reviewed and changed settings, don’t forget to click on the ‘Save Changes’ button to store your settings.

Setting Up Different Timeout Settings Based on User Roles

If you want to set timeout rules based on user roles and capabilities, then you can do so under the ‘Advanced Management’ tab on the plugin’s settings page.

First, you need to select the user roles that you want to set up differently to the global settings. After that, you will be able to select a different timeout period and redirect, or even disable timeout settings for that user role.

Multi-role idle user timeout settings

Once you are satisfied with the settings, make sure you click the ‘Save settings’ button.

To see the plugin in action, you can log in to your website and do nothing for the timeout duration in the plugin’s settings. After that, you will see a countdown timer popup appear.

Timeout countdown

You can click the ‘Continue’ button to resume working without expiring the session. Users who don’t click the ‘Continue’ button will be logged out and will see the login screen.

Login popup

How to Add More Security with Two Factor Authentication

Now one problem with this approach is that many users save their passwords using a password manager or their browser’s built-in password storage feature.

This means that their login popup will already have their username and password fields filled in. Any person can just click on the login button to access their account while they are away.

Login fields already filled in

You can make unauthorized access more difficult by adding two-step verification to the WordPress login screen.

This requires users to enter a unique one-time password generated by an app on their phone. For detailed instructions, see our guide on how to add two-factor authentication in WordPress.

We hope this article helped you learn how to automatically log out idle users in WordPress. You may also want to see our ultimate WordPress security guide for more tips on securing your WordPress website.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit – a collection of WordPress related products and resources that every professional should have!

Reader Interactions

7 CommentsLeave a Reply

  1. I’m looking at ‘Inactive Logout’ It was updated a week ago.

    I have a co-worker holding a post hostage. So going to use this to kick from the post & website. I hope.

  2. Has anyone found plugin that will do the same thing, but that is actively updated? Reading the forum for WP Idle Logout, people are reporting it is buggy current versions of WP.

    Thanks.

    • True story. I had some trouble myself with this plugin. I had to login twice before I was able to get to the wp-admin part with this plugin enabled.

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.