Earlier on WPBeginner we showed you how to keep WordPress from forgetting you with Always Remember me. This allows you to stay logged in to your WordPress site. However, there are a lot of people who access their WordPress site using public networks and computers. The remember me option below the login form sets a cookie which keeps you logged in for two weeks. This could be a potential security risk for people who are accessing their WordPress admin area from public computers. In this article, we will show you how to remove the remember me option from your WordPress login page.
Video Tutorial
If you don’t like the video or need more instructions, then continue reading.
First thing you need to do is install and activate the Remember Me Not plugin for WordPress. Upon activation, the plugin completely removes the remember me check box from the WordPress login page.
Using Remember Me Not will force you and all registered users of your site to sign in each time they want to start a new session in WordPress admin area. They can save the username and password in their browser’s storage, but they can not set the remember me option to stay logged in for two weeks. We would also like to advise that whenever you are accessing your WordPress admin area from a public computer or network, simply make a habit to log out when you are done working on your website.
We hope that this article helped you remove the remember me option from your WordPress login. Would you ever use this on your site? Let us know in the comments below.
NOTE TO MODERATOR:
That line to delete did not display properly, I completely forgot that this comment section is HTML friendly…
This is the correct code, spaces added to keep the display intact…
< input name="rememberme" type="checkbox" id="rememberme" value="forever" / >
Actually, instead of either CSS display:none or using an addition to the function.php file, open the wp-login.php and remove the following line
<input name="rememberme" type="checkbox" id="rememberme" value="forever" />
We haven’t tried testing it by moving the wp-login.php to the child theme as we have a checklist of things to do with each WP upgrade, this being one of them….
Go to your function.php file and add this to the end…
//Hide Remember Me check box from WordPress login page
add_action(‘login_head’, ‘har_remember_me_not’);
function har_remember_me_not()
{
echo ‘.forgetmenot { display:none; }’;
}
Not sure if it will fix the security issue noted by NATHAN CORBIER but it will reduce the number of plugins you have by one…
Is there also not a file to reduce the time set for a user staying logged in when the ‘remember me’ box is ticked such as a cookie etc?
@Nathan +1 – Plugin’s way is better. .css change to display:none is a mask. You could of course incorporate this plugin code into the functions.php file of a theme if you want to permanently remove the functionality but this is a user/site owner preference. I would build this into a option for the theme to allow the user to decide.
Setting the rememberme ID to display:none; isn’t a good fix. Bots, smart people who inspect source, or a browser that simply ignores display:none will still show it, and still allow the form to be submitted with that checked.
If you are plugging what you consider to be a security hole, don’t half ass it by “making the check mark go away.” It hasn’t left, its just your browser is nice enough to honor the CSS display attribute.
The hole still exists.
instead of doing a regex on login_form you can also just set the css class to display none
p.forgetmenot { display:none;}
Rather than a plugin, couldn’t you add this to your CSS
p.forgetmenot {display:none;}
Thanks,
Bob
Hi, thanks for that great tip – is there a solution to remove this without using a plugin?
Thanks.
please seem comment above. Just add
‘p.forgetmenot {display:none;}’ to your css stylesheet.
Thanks,
Bob