Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
25 Million+
Websites using our plugins
Years of WordPress experience
WordPress tutorials
by experts

How to Force Logout All Users in WordPress

Editorial Note: We earn a commission from partner links on WPBeginner. Commissions do not affect our editors' opinions or evaluations. Learn more about Editorial Process.

Do you want to force all users in WordPress to log out?

If you suspect that your WordPress may be hacked or just need users to log in again, then there is no default option to do that in WordPress.

In this article, we will show you how to easily force logout all users in WordPress.

Why Force All Users in WordPress to Log Out?

If you run a WordPress membership site or an LMS plugin and you need all logged-in users to re-login, then this tutorial is for you.

You may want to do this for different reasons.

For example, if you suspect that your WordPress website is hacked, then forcing users to log out will allow you to properly clean up your hacked WordPress site.

Or if you are using a membership or pay-per-view site and fear that users may be sharing their passwords to access content, then this method will come in handy. After logging them out, you can stop them from sharing passwords.

Another scenario is when you use a public computer or WiFi without using a VPN service. If you’re not sure that you properly logged out, then this method will end all logged-in user sessions.

That being said, let’s take a look at how to easily log out all users in WordPress.

How to Force All WordPress Users to Log Out

For this tutorial, you will be editing wp-config.php, which is a WordPress configuration file. We highly recommend that you back up your wp-config.php file before making any changes to it.

First, you will need to connect to your website using FTP or via File Manager in cPanel. Once connected, you will find the wp-config.php file in your site’s root folder.

Editing wp-config.php file via FTP

You can right-click and select edit to open the file in a text editor.

Inside your wp-config.php file you will find a code block that would look something like this:

define('AUTH_KEY',         'K2#m<|[UO==4Nv c+Ox+^]NH.H*6DmQRJntnj|SwKg)>,>O-z/IeRr?>5lmx`Hf:');
define('SECURE_AUTH_KEY',  '-Qf(}6G(zB`(D*)]fe;iEw?M]PU>BY:$Ni6]~mYCfZ68l_M@R<5E_ICbPUVk.Vf@');
define('LOGGED_IN_KEY',    '6R6:bur.^!Q1K-/H!$]A$g3JaaO]r|B&zu~{-*})|+C|<V,^c|f^vlhp$urvTr7>');
define('NONCE_KEY',        'LM7}+||^qoISh4#q_ ST%#x0vke+TQD(^$W{lVQ_TyV!%,N++H)4+>uSZl6Z%W[3');
define('AUTH_SALT',        'PpS;19y?W31AY@:=,RC;&0kkNXNkP -v=Lr;ghGft:?WV5vA-lje|h{A19Tfzq$[');
define('SECURE_AUTH_SALT', '+H.u}x4u<6-^HY+<?oRkZ{9T)E_)rR+uy.3Rpm*Z&S|UUO|5Wh6cn9.2pq+o4P[M');
define('LOGGED_IN_SALT',   'I{uT;rv5S`JRRs}=1+Ls_3YMDR^;|U[&x^Oy!yg2-:BO%|0W@c-n|SY8D3zo7-8-');
define('NONCE_SALT',       ':0Y`/h3JhwMRNCj~z[1}N@5QKp0|-s4C+XR~/-q6PfZ&Q.qFY5-]qS|L,CNbv>/z');

It’s possible that each of these lines just has ‘put your unique phrase here’ as the second parameter.

These lines are called authentication keys and salts. To learn more about them see our guide on WordPress security keys.

Next, you need to visit the WordPress Salts generator page. This page randomly creates new key strings that you can use in your wp-config.php file.

Generating WordPress security keys

You need to replace your existing keys with the new ones that you just generated. Once done, make sure to save your changes and upload your wp-config.php file back to the server.

Changing the salts will automatically log everyone out of your website, forcing them to re-login.

Improving Password Security for All Users on Your WordPress Site

If you run a membership website or allow users to register on your site, then users are likely to use easy-to-remember and weak passwords.

Weak passwords are easy to crack and pose a security challenge for your website.

If you suspect that your website is hacked, then you may want to safely reset passwords for all users on your WordPress site. This will allow them to generate new passwords for their user accounts.

However, users can still use the same password that they had before. To avoid this from happening again, you can enforce strong passwords for all users on your WordPress site.

One of the most common questions we get whenever we recommend using strong passwords is how to remember all those difficult passwords.

The answer is simple, you don’t need to. There are apps available that can manage passwords for you. See our guide on how to manage WordPress passwords for more on this topic.

We hope this article helped you learn how to force logout all users in WordPress. You may also want to see our complete step-by-step WordPress security guide for beginners and our expert pick of the best YouTube video gallery plugins for WordPress.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

6 CommentsLeave a Reply

  1. Syed Balkhi says

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

  2. Jiří Vaněk says

    I tried changing the keys in the wp-config.php file, but as soon as I saved the file, WordPress gave me an error regarding the MySQL login. Where could the problem be?

    • WPBeginner Support says

      If you have a backup of your wp-config file, ensure you only deleted the salt keys and not other settings in your file.


      • Jiří Vaněk says

        Yes, I restored the file from the backup and tried two more times. On the third attempt, I succeeded, but I don’t know where the problem was. As you mentioned, I probably deleted an extra part of the code, but I was not aware of it at all. Thank you for the advice.

    • WPBeginner Support says

      Hi Evan,

      Most likely reason for this is that WordPress couldn’t find your wp-config.php file. Please make sure that you have uploaded your wp-config.php file in the root folder of your website.


Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.