Lockdown WordPress users to one login session
Earlier in the year, I was working on a WordPress powered member site, that gave the users access to restricted content for members only. Pretty simple concept. The client however, wanted to sell multiple users for the same company, but a flaw with how WordPress does the user authentication, is that a single user could be logged in on 50 computers at the same time.
This is a typical situation I find myself in with doing WordPress development, that you’ll spend half an hour reviewing other plugins that claim they do this, and after installing and testing a few, you realise they don’t actually do it and you’ve just wasted half an hour!
Fast-forward another 30 minutes and I have my own little snippet that I use as a mu-plugin, and stores a unique session for the user in their user meta that is created at login. On init, the plugin checks to to ensure the session still matches, and if it doesn’t it boots you out and requires you login.
I’m not a huge fan of the get_user_meta check every page load, but without investing a tonne of time thinking about the solution, this seems to have sold my troubles pretty quickly!
To use this on your WordPress site – simply download the plugin code below, and drop into your plugins folder, then activate it.
Do you work in digital media or publishing? Join our newsletter.
If you've made it this far on one of our posts, you're probably someone who'd find value in our email newsletter where we send analysis, insights and curated links for the digital publishing and media world. You can subscribe below and opt out any time.