Automatically Log Out Inactive Users in WordPress for Security

How to automatically log out idle users in wordpressWordpress plugin to log out inactive usersSet wordpress to log out users after inactivityAutomatically log out users in wordpress after set timeWordpress idle user logout settingsPlugin to log out idle users in wordpressConfigure wordpress to log out inactive usersWordpress auto logout for inactive usersHow to log out users automatically in wordpressWordpress logout idle users plugin

Explanation

This code snippet helps you automatically log out users who have been inactive on your WordPress site for a certain period. Here's how it works:

Start a Session: The code begins by starting a session when someone visits your site. This is like opening a file to keep track of user activity.
Check User Activity: Every time a page is loaded, the code checks if the user is logged in. If they are, it looks at the time since their last activity. If it's been more than 30 minutes (or whatever time you set), it logs them out and sends them back to the homepage.
Update Activity Time: If the user is still active, it updates the time of their last activity to the current time, so the countdown starts over.
End Session on Logout: When a user logs out, the session is ended, which is like closing the file that was tracking their activity.

Note: You can change the timeout period by adjusting the number of seconds in the code. For example, 1800 seconds equals 30 minutes.

Code
<?php
// Automatically log out inactive users after a set time in WordPress

// Hook into 'init' to start the session
add_action('init', 'wp_dudecom_start_session', 1);
function wp_dudecom_start_session() {
    if (!session_id()) {
        session_start();
    }
}

// Hook into 'wp' to check user activity
add_action('wp', 'wp_dudecom_check_user_activity');
function wp_dudecom_check_user_activity() {
    if (is_user_logged_in()) {
        $timeout = 1800; // Set timeout period in seconds (e.g., 1800 seconds = 30 minutes)
        
        if (isset($_SESSION['last_activity']) && (time() - $_SESSION['last_activity'] > $timeout)) {
            wp_logout();
            wp_redirect(home_url()); // Redirect to home page after logout
            exit;
        }
        
        $_SESSION['last_activity'] = time(); // Update last activity time
    }
}

// Hook into 'wp_logout' to destroy session
add_action('wp_logout', 'wp_dudecom_end_session');
function wp_dudecom_end_session() {
    session_destroy();
}
?>

Instructions

To implement the automatic logout feature for inactive users in WordPress, follow these steps:

File Location: Add the code to your theme's functions.php file or create a custom plugin file.

Prerequisites: No additional plugins or settings are required.

Implementation Steps:

Access Your WordPress Files:
- Log in to your WordPress admin dashboard.
- Navigate to Appearance > Theme Editor if you are adding the code to functions.php, or go to Plugins > Editor if you are creating a custom plugin.
Locate the Correct File:
- If using functions.php, find it in the right-hand sidebar under Theme Files.
- If creating a custom plugin, create a new file with a .php extension in the wp-content/plugins directory.
Insert the Code:
- Copy the provided code snippet.
- Paste it at the end of the functions.php file or into your new plugin file.
Save Changes:
- Click Update File if editing functions.php.
- If using a custom plugin, save the file and activate the plugin through the WordPress admin under Plugins.
Test the Functionality:
- Log in to your WordPress site and remain inactive for the set timeout period (e.g., 30 minutes).
- Ensure you are automatically logged out and redirected to the homepage after the timeout.

If you need assistance with implementation or require more advanced functionality, consider reaching out to wp-dude.com for expert WordPress support.