How to Stop Users From Sharing Passwords in WordPress
By default a WordPress user can login to an account from multiple locations at the same time. This may compromise security of your multi-author WordPress site, and it can definitely hurt your profits if you run a membership site. In this article, we will show you how to stop users from sharing passwords in WordPress by blocking concurrent logins.
How WordPress Handles User Sessions?
Before we move on, lets talk a bit about how WordPress handles user sessions. Like many other web applications, WordPress uses cookies to identify a logged in user. These cookies do not contain your password, just your username and a special key as a proof that you knew the password.
Now if you access your site from a public location and by habit checked “Remember Me” button, then anyone from that computer can login to your site because WordPress allows the same username to be logged in from two different locations.
This is a bit troublesome for security, but it can also be bad for business if you run a membership site selling premium content.
Users can simply share their password with their friends and use the same login information to consume your paid content.
Now wouldn’t it be nice if you could prevent users from staying logged into the same account from multiple places?
Recently when a user asked us this question, we looked around and found a plugin that prevents concurrent logins.
Prevent Concurrent Logins and Password Sharing in WordPress
Video Tutorial