People often share their Netflix logins with friends. To prevent password sharing from getting out of control, online services have now started limiting the number of devices that can use one account at a time.
Many of our readers run membership websites and offer online courses. They tell us they are equally concerned about people sharing their login details as it results in a loss of income for their business. That's why they want to set up similar login restrictions.
In this article, we'll explain how to limit each user's login to just one device on your WordPress website. At the end of this guide, you'll learn how to protect your content and ensure only paying members can access it to keep your online business fair and profitable.
Why limit user login in WordPress to one device?
Streaming services face the challenge of users sharing their login credentials. In 2023, Netflix reported that approximately 100 million households worldwide shared passwords. This is huge!
Many WordPress websites, especially membership and e-learning websites, have the same problem. By default, WordPress users can log in with an unlimited number of devices and browsers at the same time.
This practice may seem harmless to these users, but it can have a significant impact on a website's revenue and user experience. For example:
- Membership sites offer specific content for paying people. When users share logins, fewer people buy memberships. This means less money for the website owner.
- When students share their online learning logins, other users are not required to purchase the course. Additionally, it is difficult to offer individual help or know who is completing the course.
Restricting user logins to one device helps you know how many real users you have, earn more money, and preserve the value of your content or services. Additionally, they provide a fair experience for all paying users and make your website more secure.
Limiting logins isn't about not trusting users. It's about keeping the site fair and ensuring it remains available. This helps both the website owner and the honest users.
Restrict User Login to One Device in WordPress (Easy)
First you need to install and activate the free plugin “Loggedin – Limit Active Logins”. For step-by-step instructions on how to install a WordPress plugin, see our guide.
Once activated, the plugin starts working automatically and limits each user to 3 active logins.
Depending on the settings, once this limit is reached, the user may not be able to log in to a new device until they log out of one of their other devices. More on this below.
Note: After logging into WordPress, the user typically remains logged in even if they close their web browser. You must log out manually using the “Howdy” menu in the top right corner of the screen.
You can configure the plugin by clicking Settings » General in your WordPress dashboard and then scroll down to the “Loggedin Settings” section.
Here you can change the number in the “Maximum Active Registrations” field to allow for a different number of registrations.
The Login Logic setting determines what happens when the user reaches the maximum active login limit:
- Allow: You can sign in on a new device, but you will be automatically signed out of all other devices.
- Block: They will not be able to log in to the new device until their other login sessions have expired.
So if you want to limit user login to only one device, you need to set Maximum Active Logins to 1 and Login Logic to Block.
Or if you don't care what device they use, as long as they're only logged in to one device at a time, you should set Maximum Active Logins to 1 and Login Logic to Allow.
Don't forget to click the “Save Changes” button to save your settings.
The plugin also allows you to force logout of a single user from all devices. Simply enter your user ID and then click the “Force Log Out” button.
Learn how to find a user ID with our guide to finding posts, categories, tags, comments or user IDs in WordPress.
Bypass login restrictions for specific users or roles (Advanced)
You can bypass these login restrictions for specific users or user roles.
For example, you may want to ensure that your site administrators and editors don't accidentally get banned. Or you have a key team member working on different computers in multiple locations.
However, to do this, you need to add custom code snippets to your WordPress theme's functions.php file. Even a small mistake can cause your WordPress site to become broken and inaccessible. So take a look at our guide on how to easily add custom code in WordPress.
We recommend using WPCode as it is the safest way to add code snippets and you don't have to manually edit the functions.php file.
Bypass login restrictions for specific users
Simply install and activate the free version of WPCode and then navigate to Code snippets » + Add snippet in your WordPress dashboard.
Next, hover your mouse over the “Add custom code (new snippet)” entry and then click the “Use Snippet” button that appears.
A popup will appear at the bottom of the screen asking you to select the code type for your snippet.
You should click on the “PHP Snippet” option.
This will open the Create Custom Snippet page where you can add the code you need. You can start by adding a title for the snippet, such as: B. “Bypass login restrictions for certain users”.
After that, you should copy and paste the following code snippet into the Code Preview area:
function login_bypass_users( $bypass, $user_id ) { // Enter the user IDs to bypass. $allowed_users = array( 1, 2, 3, 4, 5 ); return in_array( $user_id, $allowed_users ); } add_filter( 'loggedin_bypass', 'loggedin_bypass_users', 10, 2 );
Now look at the line that starts with $allowed_users = array. You must replace “1, 2, 3, 4, 5” with the user IDs of the specific users for whom you want to bypass the restriction. You can add as many user IDs as you want, they should be separated by commas.
Learn how to find a user ID with our guide to finding posts, categories, tags, comments or user IDs in WordPress
Finally, you need to set the snippet to “Active” and then click the “Save Snippet” button to save your settings.
Bypass login restrictions for specific roles
You can follow the same steps to add a code snippet to bypass login restrictions for specific roles.
Simply create a new code snippet called “Bypass login restrictions for specific roles” and then paste the following code snippet into the Code Preview area:
function login_bypass_roles( $prevent, $user_id ) { // Array of roles to bypass. $allowed_roles = array( 'administrator', 'editor' ); $user = get_user_by( 'id', $user_id ); $roles = ! empty( $user->roles )? $user->roles : array(); return! empty( array_intersect( $roles, $whitelist ) ); } add_filter( 'loggedin_bypass', 'loggedin_bypass_roles', 10, 2 );
This snippet bypasses the restriction for the Administrator and Editor roles. You can choose any other roles, e.g. For example, add “author” in single quotes separated by commas.
Make sure to set the snippet to Active and click the Save Snippet button when you're done.
We hope this tutorial helped you learn how to limit user login to one device in WordPress. You may also want to see our ultimate guide to creating a WordPress membership site or our expert picks for the best WordPress LMS plugins.
If you enjoyed this article, please subscribe to our YouTube channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Create your very own Auto Publish News/Blog Site and Earn Passive Income in Just 4 Easy Steps
