Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
25 Million+
Websites using our plugins
Years of WordPress experience
WordPress tutorials
by experts

How to Automatically Log Out Idle Users in WordPress

Editorial Note: We earn a commission from partner links on WPBeginner. Commissions do not affect our editors' opinions or evaluations. Learn more about Editorial Process.

Do you want to automatically log out idle users in WordPress?

As a security-conscious site admin, you may want to force inactive users to log in again. Banking websites and apps log out idle users to stop unauthorized users from hijacking accounts. You can do the same on your own WordPress website to improve security.

In this article, we will show you how to automatically log out inactive users in WordPress. Once logged out, users will be asked to log in again to resume what they were doing.

How to automatically logout inactive or idle users in WordPress

Why Automatically Log Out Idle Users in WordPress?

Idle users pose a security risk to your WordPress website. If someone on your team leaves their laptop unattended at a coffee shop or library, then a stranger may be able to see sensitive information, change their password, or even publish or delete some posts.

Inactive WordPress users also leave your website more vulnerable to hackers. They may be able to run scripts and take over the user’s account.

That’s why it’s a good security practice to automatically log out users who have become inactive and hide the content on their screen.

With that being said, let’s take a look at how to automatically log out idle users in WordPress.

How to Automatically Log Out Idle Users in WordPress

The first thing you need to do is install and activate the Inactive Logout plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.

Upon activation, simply go to Settings » Inactive Logout page to configure the plugin.

Settings page for Inactive Logout plugin

First, you need to enter the idle time after which a user will be automatically logged out. You can enter the time in minutes and make sure it is not too short or too long.

After that, you can enter a message that you want to be displayed to inactive users.

Below the message field, you will find more plugin options to change the auto logout functionality. The default settings will work for most websites, but you can change them if you want.

Inactive users timeout settings

You can enable the ‘Popup Background’ option if you want to change the background color of the screen when a user session times out. This will cover the user’s browser screen to keep the contents hidden from prying eyes.

The ‘Disable Timeout Countdown’ option will remove the countdown warning and will directly log out idle users.

If you don’t want to use the automatic logout feature, then you can check the ‘Show Warn Message Only’ option. Now the warning message will be displayed, but the user will not be logged out.

The ‘Disable Concurrent Logins’ option will stop your users from using the same account from different devices or browsers at the same time.

By default, the plugin displays a login popup and does not redirect users. You can enable the ‘Enable Redirect’ option to redirect users to any page you want.

After you have reviewed and changed your settings, don’t forget to click on the ‘Save Changes’ button to store them.

Setting Up Different Timeout Settings Based on User Roles

If you want to set idle timeout rules based on user roles and capabilities, then you can do so under the ‘Advanced Management’ tab on the plugin’s settings page.

First, you need to select the user roles that you want to set up differently from the global settings. After that, you will be able to select a different timeout period and redirect or even disable timeout settings for that user role.

Multi-role idle user timeout settings

Once you are satisfied with the settings, make sure you click the ‘Save Changes’ button.

To see the plugin in action, you can log in to your WordPress site and do nothing for the timeout duration in the plugin’s settings. After that, you will see a countdown timer popup appear.

Timeout countdown

You can click the ‘Continue’ button to resume working without expiring the session.

Users who don’t click the ‘Continue’ button will be logged out and will see the login screen.

Login popup

Bonus: How to Add More Security with Two-Factor Authentication

Now, one problem with this approach is that many users save their passwords using a password manager or their browser’s built-in password storage feature.

This means that their login popup will already have their username and password fields filled in. Any person can just click on the login button to access their account while they are away.

Login fields already filled in

You can make unauthorized access more difficult by adding two-step verification to the WordPress login screen.

This requires users to enter a unique one-time password generated by an app on their phone. For detailed instructions, see our guide on how to add two-factor authentication in WordPress.

Logging out inactive users and using two-factor authentication are two great ways to improve your WordPress security. Here are some additional ways to protect your login screen:

We hope this article helped you learn how to automatically log out idle users in WordPress. You may also want to see our ultimate WordPress security guide or our expert pick on the best drag-and-drop WordPress page builders.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

8 CommentsLeave a Reply

  1. Syed Balkhi says

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

  2. Gina Davis says

    I’m looking at ‘Inactive Logout’ It was updated a week ago.

    I have a co-worker holding a post hostage. So going to use this to kick from the post & website. I hope.

  3. David says

    Has anyone found plugin that will do the same thing, but that is actively updated? Reading the forum for WP Idle Logout, people are reporting it is buggy current versions of WP.


    • Yoshitoka says

      True story. I had some trouble myself with this plugin. I had to login twice before I was able to get to the wp-admin part with this plugin enabled.

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.