Lockdown WordPress users to one login session
Earlier in the year, I was working on a WordPress powered member site, that gave the users access to restricted content for members only. Pretty simple concept. The client however, wanted to sell multiple users for the same company, but a flaw with how WordPress does the user authentication, is that a single user could be logged in on 50 computers at the same time.
This is a typical situation I find myself in with doing WordPress development, that you’ll spend half an hour reviewing other plugins that claim they do this, and after installing and testing a few, you realise they don’t actually do it and you’ve just wasted half an hour!
Fast-forward another 30 minutes and I have my own little snippet that I use as a mu-plugin, and stores a unique session for the user in their user meta that is created at login. On init, the plugin checks to to ensure the session still matches, and if it doesn’t it boots you out and requires you login.
I’m not a huge fan of the get_user_meta check every page load, but without investing a tonne of time thinking about the solution, this seems to have sold my troubles pretty quickly!
To use this on your WordPress site – simply download the plugin code below, and drop into your plugins folder, then activate it.