This plugin helps to minimize certain security risks involved with session stealing. It allows you to automatically sign a user out after he has been inactive for a specified period of time. This plugin also works with BuddyPress. The default time period is set to one day. This means that if a user was logged into your site and did not come back after 24 hours, he would be logged out due to inactivity. However, if he performed any sort of activity on your site (e.g. browsed a new page) between his latest activity and 24 hours after that, then he would not be logged out. You can change this time period to whatever suits your needs. Additionally, you can specify a page where the user will be redirected to when he gets logged out (e.g. a landing page to notify the user he has been logged out for inactivity). However, this is optional and you can make the user not be redirected when he gets automatically logged out. No redirection is the default setting.
- Upload the *.zip copy of this plugin into your WordPress through your Plugin admin page.
- Activate the plugin through the Plugins menu in WordPress
- Adjust the time period and redirection site if needed. (See below to learn how to configure these settings)
- If you want to test the plugin to see if it’s working, then change the time period of inactivity to a few seconds. If you
get logged out after those few seconds of inactivity, then it works!
- How can I set up the time period of inactivity correctly?
You need to change the value of the constant AUTOMATIC_SIGN_OUT_MAXIMUM_TIME to the time you specify. The time is measured in seconds, so 60 = 1 minute, 60 * 60 = 1 hour, 60 * 60 * 24 = 1 day.
Here are some examples:
define(‘AUTOMATIC_SIGN_OUT_MAXIMUM_INACTIVITIY_TIME’, 60 * 60 * 24); // 1 day
define(‘AUTOMATIC_SIGN_OUT_MAXIMUM_INACTIVITIY_TIME’, 60 * 60); // 1 hour
define(‘AUTOMATIC_SIGN_OUT_MAXIMUM_INACTIVITIY_TIME’, 60); // 1 minute
- What if I don’t specify a redirection address?
If you don’t specify a redirection address and leave it as the default site_url() then the user will not be redirected anywhere when he is automatically logged out.
However, if you want to change it to an actual address, then replace site_url() with “http://www.yourwebsite.com/”. (Remember to include the quotations.)
Works but outdated code throws PHP errors in WP_DEBUG
Contributors & Developers
“Automatic Sign Out For Inactivity” is open source software. The following people have contributed to this plugin.Contributors
Interested in development?