WordPress

How to Restrict User Login to One Device in WordPress

Published on 14. October, 2024

People often share their Netflix logins with friends. To prevent password sharing from getting out of hand, online services have now started limiting the number of devices that can use one account at a time.

Many of our readers run membership websites and offer online courses. They tell us that they are just as concerned about people sharing their login details because it leads to a loss of income for their business. That’s why they would like to set up similar login restrictions.

In this article, we will explain how to limit each user’s login to just one device on your WordPress website. By the end of this guide, you’ll know how to protect your content and ensure only paying members can access it, helping your online business stay fair and profitable.

Why Restrict User Login to One Device in WordPress?

Streaming services face the challenge of users sharing their login credentials. In 2023, Netflix reported that about 100 million households were sharing passwords globally. That’s huge!

Many WordPress websites, especially membership and e-learning sites, have the same problem. By default, WordPress users can log in from unlimited devices and browsers simultaneously.

This practice seems harmless to those users, but it can significantly impact a website’s revenue and user experience. For example:

  • Membership sites offer special content to people who pay. When users share logins, fewer people buy memberships. This means less money for the site owner.
  • When students share their online learning logins, other users do not need to buy the course. Plus, it makes it hard to offer personalized help or know who finishes the course.

When you limit user logins to one device, you can know how many real users you have, make more money, and maintain the value of your content or services. Besides that, you will provide a fair experience to all paying users and keep your website safer.

Limiting logins isn’t about not trusting users. It’s about keeping the website fair and making sure it can keep running. This helps both the website owner and the honest users.

Restricting User Login to One Device in WordPress (Easy)

The first thing you need to do is install and activate the free Loggedin – Limit Active Logins plugin. You can find step-by-step help in our guide on how to install a WordPress plugin.

Upon activation, the plugin starts to work automatically and limits each user to 3 active logins.

Depending on the settings, the user may not be able to log in on a new device once this limit has been reached until they log out from one of their other devices. More on that below.

This User's Login Limit Has Been Reached

Note: After logging in to WordPress, the user will usually remain logged in even if they close their web browser. They need to manually log out using the ‘Howdy’ menu at the top right corner of the screen.

You can configure the plugin by visiting Settings » General in your WordPress dashboard and then scrolling down to the ‘Loggedin Settings’ section.

Here, you can change the number in the ‘Maximum Active Logins’ field to allow a different number of logins.

Loggedin Plugin Settings

The ‘Login Logic’ setting determines what happens when the user reaches the maximum active login limit:

  • Allow: They can log in on a new device but will be automatically logged out of all other devices.
  • Block: They will not be able to log in on the new device until their other login sessions expire.

So, if you wish to restrict user login to just one device, then you need to set the ‘Maximum Active Logins’ to 1 and the ‘Login Logic’ to Block.

Or, if you don’t mind which device they use as long as they are logged on to just one device at a time, then you should set ‘Maximum Active Logins’ to 1 and ‘Login Logic’ to Allow.

Don’t forget to click the ‘Save Changes’ button to store your settings.

The plugin also allows you to force logout a single user from all devices. Simply enter their user ID and then click the ‘Force Logout’ button.

You can learn how to find a user ID in our guide on how to find post, category, tag, comments, or user ID in WordPress.

Bypassing Login Restrictions for Certain Users or Roles (Advanced)

You can bypass these login restrictions for certain users or user roles.

For example, you may want to make sure that your site administrators and editors are not accidentally locked out. Or you may have an important team member who works on different computers in multiple locations.

However, to do this, you will need to add custom code snippets to your WordPress theme’s functions.php file. Even a tiny mistake can break your WordPress site and make it inaccessible, so you should take a look at our guide on how to easily add custom code in WordPress.

We recommend you use WPCode because it is the safest way to add code snippets, and you will not need to manually edit the functions.php file.

Bypassing Login Restrictions for Certain Users

Simply install and activate the free version of WPCode and then navigate to Code Snippets » + Add Snippet in your WordPress dashboard.

Next, hover your mouse over the ‘Add Your Custom Code (New Snippet)’ entry and then click the ‘Use snippet’ button that appears.

Adding a New Snippet in WPCode

A popup at the bottom of the screen will ask you to select the code type for your snippet.

You should click the ‘PHP Snippet’ option.

Select the PHP Snippet Option in WPCode

This will open the Create Custom Snippet page, where you can add the code you need. You can start by adding a title for the snippet, such as ‘Bypass Login Restrictions for Certain Users’.

After that, you should copy the code snippet below and paste it into the ‘Code Preview’ pane:

function loggedin_bypass_users( $bypass, $user_id ) {

    // Enter the user IDs to bypass.
    $allowed_users = array( 1, 2, 3, 4, 5 );

    return in_array( $user_id, $allowed_users );
}

add_filter( 'loggedin_bypass', 'loggedin_bypass_users', 10, 2 );

Now look at the line that starts with $allowed_users = array. You need to replace ‘1, 2, 3, 4, 5’ with the user IDs for the specific users you wish to bypass the restriction. You can add any number of user IDs, and they should be separated by commas.

You can learn how to find a user ID in our guide on how to find post, category, tag, comments, or user ID in WordPress

Finally, you need to toggle the snippet to ‘Active’ and then click the ‘Save Snippet’ button to store your settings.

Code Snippet so Certain Users Bypass Login Restrictions

Bypassing Login Restrictions for Certain Roles

You can follow the same steps to add a code snippet to bypass login restrictions for certain roles.

Simply create a new code snippet called ‘Bypass Login Restrictions for Certain Roles’ and then paste the following code snippet in the ‘Code Preview’ pane:

function loggedin_bypass_roles( $prevent, $user_id ) {

    // Array of roles to bypass.
    $allowed_roles = array( 'administrator', 'editor' );

    $user = get_user_by( 'id', $user_id );

    $roles = ! empty( $user->roles ) ? $user->roles : array();

    return ! empty( array_intersect( $roles, $whitelist ) );
}

add_filter( 'loggedin_bypass', 'loggedin_bypass_roles', 10, 2 );

This snippet bypasses the restriction for the ‘administrator’ and ‘editor’ roles. You can add any other roles, such as ‘author’, in single quotation marks and separated by commas.

Be sure to toggle the snippet to ‘Active’ and click the ‘Save Snippet’ button when you are done.

Code Snippet so Certain Roles Bypass Login Restrictions

We hope this tutorial helped you learn how to restrict user login to one device in WordPress. You may also want to see our ultimate guide on creating a WordPress membership site or our expert pick of the best WordPress LMS plugins.

OceanWP - a free Multi-Purpose WordPress theme