IMPORTANT: Support has moved to the ZATZLabs site and is no longer provided on the WordPress.org forums. Please visit the new ZATZLabs Forums. If you need a timely reply from the developer, please open a ticket.
Allows the Administrator and/or the User to control the placement of a check mark in the Remember Me checkbox on the standard WordPress login form.
Without a check mark in the Remember Me checkbox, your users will have to login every time they close their browser. With Remember Me selected, they won’t have to login again for two weeks.
- The Administrator to control whether Remember Me is the default for all logins, logins from Admin panels or logins from public web pages controlled by jonradio Private Site or equivalent plugin
- The Administrator to control if the User’s Remember Me choice is remembered and, if so, for how long
- Disabling of the plugin’s control of the Remember Me checkbox
Deciding whether this plugin is for you:
- WordPress always leaves the Remember Me checkbox empty, even if you selected it the last time you logged on;
- Without Remember Me checked, logoff occurs automatically when the browser is closed or two days have passed;
- Without Remember Me checked, some browsers will force a login when opening a new browser window;
- With Remember Me checked, logoff occurs automatically in two weeks;
- With Remember Me checked, the user remains logged in even if the browser is closed, the user’s computer is rebooted or the web site hosting server is rebooted;
- Web sites that can only be viewed by registered users (e.g. – jonradio Private Site plugin) are more likely to want Remember Me pre-selected for each user at login, as web site viewing will be more frequently repeated than WordPress Administration;
- For public or shared computers, the WordPress behaviour of leaving the Remember Me checkbox empty is a slight Security improvement, but is easily defeated by a user selecting Remember Me during login, which still leaves subsequent users logged on.
This plugin was recently adopted by David Gewirtz and ongoing support and updates will continue. Feel free to visit David’s Lab Notes for additional details and to sign up for emailed news updates.
Special thanks to Jon ‘jonradio’ Pearkins for creating the plugin and making adoption possible.
- IMPORTANT: Support has moved to the ZATZLabs site and is no longer provided on the WordPress.org forums. Please visit the new [ZATZLabs Forums](http://zatzlabs.com/forums/). If you need a timely reply from the developer, please [open a ticket](http://zatzlabs.com/submit-ticket/).
- Will this plugin work with other Login forms?
It depends on whether the other Login form provides two standard technical features of the WordPress Login form generated by wp-login.php:
- The “login_form_login” Action; and
- The “rememberme” Post field.
Both are used by this plugin.
- How much Security am I sacrificing by using this plugin?
It was a conscious security decision by WordPress developers to always present the standard WordPress Login form with the Remember Me checkbox empty.
On the other hand, savvy users quickly got into the habit of being sure the Remember Me checkbox was selected every time they logged on. There is a similar risk in office environments where a person steps away from their office computer without locking it in the sense of requiring a password be typed to gain access.
The security risk is very dependent on how many registered users will login using a public or other shared computer that does not have an effective mechanism built in for automatically deleting auth cookies when one person finishes and the next begins. There is a similar risk in office environments where a person steps away from their office computer without locking it in the sense of requiring a password be typed to gain access.
Of course, the most important security question to ask is: What level of risk do other people using the same computer as a registered user pose?
It doesn't work
Minor support update
- Correct Login “bizarre behaviour” bug caused by not returning the WP Error object to Filter ‘wp_login_errors’
- Add Settings to disable the plugin, set the Remember Me default, and remember User’s Remember Me choice
- Prepare to WordPress Plugin Directory standards.