The Limit Logins Add On restricts simultaneous logins for the same user account, ensuring members cannot share their login credentials with others. Login protection like this is especially beneficial for paid membership sites, where shared logins can result in revenue loss or unfair usage.

Key features of the Limit Logins Add On include:

  • Restrict Simultaneous Logins: Prevent users from logging in on multiple devices or browsers simultaneously.
  • Customizable Session Limits: Adjust the number of active sessions allowed per user to suit your needs.
  • Admin-Controlled Reset Options: Allow administrators to manually reset user sessions, either upon request or when account abuse is detected.
  • Redirect Options: Send flagged users to a customizable URL when multiple logins are detected.
  • Security Enhancements: The peace of mind to know that session limits are helping to protect your valuable membership content.

Table of contents

How It Works

The Limit Logins Add On tracks user sessions by assigning a unique “session ID” to each login attempt. When a user logs in:

  1. The plugin assigns a unique session ID and stores it in a WordPress transient and the user’s cookies.
  2. On every page load, the Add On compares the stored session ID with the latest session ID for that user.
  3. If the IDs do not match, the system logs out the user and redirects them to the WordPress login page or a custom URL.

By default, the Add On allows only one active session per user. You can modify this behavior to accommodate multiple simultaneous logins, if desired.

Installation

You must have the Paid Memberships Pro plugin installed and activated with a valid license type to use this Add On.

  1. Navigate to Memberships > Add Ons in the WordPress admin.
  2. Locate the Add On and click Install Now.
    • To install this plugin manually, download the .zip file above, then upload the compressed directory via the Plugins > Add New > Upload Plugin screen in the WordPress admin.
  3. Activate the plugin through the Plugins screen in the WordPress admin.

Settings

This Add On has no settings required. Once installed and activated, all of your users will immediately have a single active login session enforced. You can customize the default behavior in the ways outlined below:

Session Limits

By default, this Add On limits users to one active session. To modify this behavior you can use the pmpro_limit_logins_number_simultaneous_logins filter.

A primary reason you would want increase this limit is to offer bulk memberships to corporate, education, or other group-type customers via a single shared login.

Learn How: Allow a Specific Number of Active Sessions For a Single User Account With the Limit Logins Add On

Redirect URL

When a user reaches their login limit, they redirected to the site’s login page. You can customize the URL where users are redirected if flagged for simultaneous logins using the pmpro_limit_logins_redirect_url filter.

Managing Sessions

Administrators can manage user sessions directly from the WordPress admin interface.

  1. Navigate to the Users > All Users screen
  2. Locate the user in the list.
  3. Do not edit the user. Instead, hover over the username to reveal actions.
  4. Click the Reset Sessions link to clear all active sessions for the selected user.
  5. The system forces the user to log in the next time they load your site.

Note: If you suspect the user’s account was compromised or shared, you can also edit the user and reset their password so the shared login credentials no longer work.

Action and Filter Hooks

apply_filters( 'pmpro_limit_logins_ignore_admins', true );

The default Add On behavior is to ignore admins when flagging users. You can include admins and limit their login sessions by setting this filter to false. This filter replaces the former filter: wp_bouncer_ignore_admins.

apply_filters( 'pmpro_limit_logins_number_simultaneous_logins', 1 );

Modify the number of simultaneous logins allowed per user. Default: 1. Replaces the former filter: wp_bouncer_number_simultaneous_logins.

apply_filters( 'pmpro_limit_logins_redirect_url', wp_login_url() );

Customize where a flagged user is redirected to, after logging them out. This replaces the former filter: wp_bouncer_redirect_url.

apply_filters( 'pmpro_limit_logins_session_length', $session_length, $current_user->ID );

Adjust the duration of session timeouts. Default: 30 days. This filter replaces wp_bouncer_session_length.

apply_filters( 'pmpro_limit_logins_session_ids', $session_ids, $old_session_ids, $current_user->ID );

Modify the session IDs when saving them. Replaces the former filter: wp_bouncer_session_ids.

apply_filters( 'pmpro_limit_logins_login_flag', $logout, $session_ids );

Control whether a flagged login should trigger a logout. This filter replaces wp_bouncer_login_flag.

apply_filters( 'pmpro_limit_logins_reset_sessions_cap', $cap );

Customize the capability required to reset user sessions. Default: edit_users. This replaces wp_bouncer_reset_sessions_cap.

This is a Standard Add On.

Standard Add Ons are included in all premium membership plans.

View PricingLog In