When running WordPress sites with multiple users, there are always chances of a hack attack. Idle users in such websites impose higher risk in that scenario. When a user sits idle for too long, a hacker can gain access to the WordPress site even without the login credentials. That is the core reason for institutions with websites containing confidential data to put an Auto Log Out for their idle users.
Now, if you are a single owner of multiple WordPress sites, remembering the password for each website may feel troublesome for you. Usually, WordPress seeks authentication from users once in every two weeks. Keeping all those tricky/complex passwords in mind and remember them once in every two weeks? Impossible. That is where it becomes necessary to extend the Auto Log Out time of your WordPress account.
In this article, we will discuss two plugins to auto log out your WordPress account, and another plugin to delay your website from logging out and seeking authentication.
Auto Logout Idle Users with Idle User Logout Plugin
This plugin detects idle users in your WordPress and executes the action that is being specified at the admin end.You can make a quick activation of auto log out with the Idle User Logout plugin. For this, install and activate the Idle User Logout plugin and navigate to the Settings page of the plugin.
In the settings, you can see a field named Auto Logout Duration. The default value in this field will be 30 seconds. You can increase it to a higher value, say 120 seconds, if you want. After the Auto Logout time, all inactive users will get logged out automatically.
If you need complete security, it is preferred to uncheck the ‘Disable in WP Admin’ box. By unchecking this option, the plugin will log out all other admins including you if seen idle for too long. Save the Changes once you have configured the settings.
The remaining settings are in the Idle Behavior tab. Here, there is a listing of all user roles and you can set different idle behavior for each user role. You can also choose not to log the user out, but instead, land them on a default landing page or show them a popup page. Save the changes here too when you make changes.
Auto Logout Idle Users with Inactive Logout Plugin
The Inactive Logout plugin logs out WordPress users after a defined inactive time. You can modify the plugin settings to display only a wake-up message instead of logging you out.
First, install and activate the Inactive Logout plugin from wordpress.org. After activation, navigate to the admin settings and select the Inactive Logout option to configure the plugin settings.
Here, you can set the auto-logout time (idle timeout) in minutes. The default value is 2 which can be altered as you wish. After setting the time, you can add a custom message to be displayed to the inactive users at the timeout.
After editing the message, you can change other settings to modify the logout functionality. The plugin is set to work fine with the default settings, but the user can change them if they wish.
Following are the additional settings:
Popup Background – This option changes the background color of the screen when a user’s session times out. The pop background covers the screen content to keep it hidden from a viewer’s eyes.
Disable Timeout Countdown – With this feature enabled, you can remove the countdown warning and directly logout the idle users.
Show Warn Message Only –If you only need to display a warning message instead of the auto-logout, you can enable this option.
Disable Concurrent Logins – With this option enabled, no user can log in from different devices at a time.
Enable Redirect – This feature redirects the users to any other page you preset.
After modifying the settings, save the changes for them to come into action.
- Setting Up Timeout Settings Based on User Roles
In the Advanced Management tab of the plugin settings, you can set timeout rules based on user roles and capabilities. In the Enable Multi-User Feature fields, select and add the user roles you need to assign different settings than the global settings.
These user roles will be listed below with fields to assign timeout in minutes and the redirect page. It also comes with checkboxes to disable the settings and concurrent logins. Save the changes after modifying the settings.
Now, while logged into your website and sitting idle, you will encounter a countdown popup which tells you that you’re being timed and should choose to stay signed in. Click on the continue button to keep signed in. If you haven’t clicked Continue before the time runs out, you’ll be logged out automatically.
Add More Security with Two Factor Authentication
After you have enabled the auto-logout plugin, it may seem everything is safe and fixed. But the one issue that will persist is the pre-saved usernames and passwords. These credentials will keep on appearing even when your WordPress auto-logouts from the admin. Anyone passing by can just click on login to access your Dashboard.
One method to create more difficult access to a stranger is by enabling the two-factor authentication at the WordPress login. This involves an OTP (a one-time password) generated on your mobile phone. This helps to ensure that no stranger logins with your saved credentials. There are plugins to activate two-factor authenticated login in WordPress.
Extending Auto Logout Time with Configure Login Timeout Plugin
WordPress provides a normal authentication timeout of 2 days and a ‘Remember Me’ authentication timeout of 2 weeks. Yet, it may be difficult to log in every 2 days or weeks when you have multiple accounts to deal with.
If you prefer to extend the default WordPress authentication timeout, you’ll find the Configure Login Timeout plugin handy. The plugin lets you configure the normal as well as the ‘Remember Me’ authentication timeouts. This feature is most helpful while using localhost websites where you won’t prefer regular logins. In that case, assign whatever time you like and keep on with using WordPress.
Hope you liked reading the article. Try out these plugins with your WordPress site and let us know the feedback in the comments section. Wishing you a happy WordPressing!
Have A Look At Our Top Rated WooCommerce Plugins ThemeHigh