Prevent users from sharing login credentials in WordPress

Login One User Instance Code Snippet (cropped)
Standard

As any Information Governance expert will tell you, sharing usernames and passwords is bad! Fortunately we can boost your WordPress security with this tip.

Although nothing is as good as educating your users as to why they shouldn’t be sharing their usernames and passwords, in WordPress we can certainly make it difficult for them to do so.

Simply add this snippet to your functions.php file:

This snippet only allows one instance of a user credentials to be logged into to the site at once. So if your users are sharing their details, only one will be allowed in the system at a time (and the other people logging in with the same credentials will get kicked out).

Not only will this boost your sites security, but it should encourage your users to login with their own details (after a few times of being kicked out).

Prevent Shared User Details within your WordPress Project

Want to put restrictions in place to stop users sharing login details in your WordPress project, along with a whole host of additional features? Why not checkout the Kapow! WordPress Boilerplate by Make Do? It is fully modular, and the concurrent login snippet comes as part of the Kapow Core part of the framework (the concurrent login code can be found in the GitHub repo).

Kapow! Logo

Kapow!

Kapow! can be used to provided a full VVV powered development workflow, but feel free to use just the parts that you need. If you need support in using the framework just get in touch.

Matt Watson

Technical Lead at Make Do
Matt Watson is the co-founder and technical lead of WordPress agency Make Do. Matt loves writing and learning about code, and considers himself lucky to be doing what he loves for a living. Find out more about Matt, or get in touch to hire Matt for your project.

2 thoughts on “Prevent users from sharing login credentials in WordPress

  1. alberttrotter

    i am facing issues at line
    $sessions = WP_Session_Tokens::get_instance( get_current_user_id() );
    can anyone help????

Leave a Reply