By default, WordPress users can log in to the backend on multiple computers at the same time, which can pose some security risks to your site, such as if you logged in to the WordPress backend on a public computer and forgot to log out. If users can't log in on two computers at the same time, after you log in on your own computer, the login on the other computer will be logged out, which solves this security risk. In this article, we will introduce the method of WordPress to prohibit a user from logging in on two computers at the same time.
How does WordPress handle user sessions?
Before we begin, let's take a brief look at how WordPress handles user sessions. Like many web applications, WordPress uses cookies to determine when a user is logged in. These cookies do not contain the user's password, only the username and a special key to indicate that you know the user's password.
If you're logged into WordPress from a public computer and have "Remember Me" checked, all users with access to that computer will be able to log into your WordPress backend.
Another scenario, let's say you have a website with paid content, where paid members can only read some of the articles inside the website. If the website allows logging in from different computers, these paying users can share the member account and password with any number of friends, which can cause you some financial losses. This is certainly not the fault of these paying users, the website has such loopholes that users can exploit in this way.
The easiest way to solve the above two problems is to prohibit a user from logging in on two computers at the same time, and there is a plugin that can help us do this.
Blocking a user from logging in on two computers at the same time
First install and activate Prevent Concurrent Loginsplugin, the plugin doesn't provide any setup options, you can use it after installing and activating it.
In order to verify that the plugin has taken effect, you can log in to the user's backend with the same user on different browsers, and when you log in on the second browser, you are able to log in successfully, which is fine. Then switch to the first browser, click on any link in the backend of the first browser logged in, if the login window pops up , it means that the logged in user of the first browser has been logged out, and the plugin has taken effect.
Think Tank Alert:WordPress SecurityPlug-ins just to help you increase the security of a certain aspect of the site, do not simply think that the installation of the plug-in will be absolutely safe, to enhance the site's security is the easiest way to set up a strong password and change it from time to time.
If you find an error or a different take on the article, feel free to point out the exchange in the comments.
2 thoughts on “提高WordPress安全性,禁止一个用户在两台电脑上同时登录”
Your theme is so stuck. It's not professional.
The site opens slowly and the server environment, open the site of the computer environment and other aspects of the reasons are related to the site, you are which site, you can send over, to help you diagnose.