This plugin deters people from sharing their login credentials for your site, which is especially good for paid membership sites. The plugin was written in collaboration with Andrew Norcross.

  • WP Bouncer stores a random “FAKESESSID” for each user when they log in.
  • If a user is logged in, on each page load (init hook), WP Bouncer checks if the FAKESESSID stored in the user’s cookies is the same as the last login stored in a transient (fakesessid_user_login).
  • If the two values do no match, WP Bouncer logs the user out and redirects them to the WordPress login page or a custom page using the wp_bouncer_redirect_url filter.

Video Demo: WP Bouncer

Allow a Specific Number of Active Sessions

By default, WP Bouncer only allows one session per user. But, you can use this plugin to offer bulk memberships to corporate, education, or other group-type customers via a shared login.

Use the wp_bouncer_number_simultaneous_logins filter to allow a defined number of active “sessions”.

An Example

  • User A logs in as “user”. Their FAKESESSID, say “SESSION_A” is stored in a WordPress option.
  • User B logs in as “user”. Their FAKESESSID, say “SESSION_B” is overwrites the stored WordPress option.
  • User A tries to load a page on your site, WP Bouncer catches them and logs them out, redirecting them to the WordPress login screen or another custom page your define.
  • User B can browse around the site as normal… unless…
  • User A logs in again as “user”. Their FAKESESSID, SESSION_A_v2 is stored in the WordPress option.
  • Now user B would be logged out if they load another page.

Installation

You must have the Paid Memberships Pro plugin installed and activated to use this Add On.

  1. Navigate to Memberships > Add Ons in the WordPress admin.
  2. Locate the Add On and click “Install Now“.
    • Or, to install this plugin manually, download the .zip file above.
    • Upload the compressed directory (.zip) via the Plugins > Add New > Upload Plugin screen in the WordPress admin.
  3.  Activate the plugin through the Plugins screen in the WordPress admin.

Hooks and Filters

wp_bouncer_ignore_admins filter
if returning false even admins will be bounced.
wp_bouncer_redirect_url filter
can be used to change the URL redirected to after being bounced.
wp_bouncer_number_simultaneous_logins filter
can be set to limit logins to a number other than 1. 0 means unlimited logins.
wp_bouncer_login_flag
runs right before bouncing (can be used to potentially stop the bouncing).
wp_bouncer_session_ids hook
used to filter session ids when saving them. Passes $session_ids, $old_session_ids (before any were removed/bounced), and the current user’s ID as parameters.
wp_bouncer_session_length hook
used to filter how long the session ids transients are set. This way, you can time the transients to expire at a specific time of day. Note that the transient is saved on every page load, so if you set it to 5 minutes, it’s going to push it out 5 minutes on every page load. You should try to set it to (the number of seconds until midnight) or something like that.

This is a Free Add On.

Create a free account or log in to gain access to downloads and documentation.