Did you know account sharing could be taking place on your membership site?
By default, WordPress allows multiple sessions from a single user account. This means that if the login details of a member’s account have been shared, more than one person could be accessing your site with the username and password for that user.
If this is something that you don’t want to be allowed on your website, the following guide on how to prevent account sharing on your membership site will help you put a stop to concurrent logins in WordPress.
But before we show you how to prevent account sharing on your membership site, let’s quickly look at why you might want to put a stop to this practice.
Why Prevent Account Sharing on Your Membership Site
If you’re running a membership site, one of the main downsides of account sharing is lost revenue.
If you make it easy for one of your members to give other non-members access to your content by sharing their account details, there’s a good chance you’ll lose out on membership fees you might have otherwise collected.
Some people argue against this point. They claim that, if these users weren't given free access via unauthorized account sharing, they wouldn’t have paid for an account anyway. However, even if this is true, it still has a negative impact on your business when people log in to your site without paying.
Here are a few of the reasons why…
Increased Hosting Costs
One reason you don't want users logging in without paid access is that each visitor to your membership site eats into the bandwidth and traffic allowances of your web hosting plan.
These unauthorized users could be stealing resources that you have to pay your web host for.
Negative Impact on Site Performance
Furthermore, if you run a membership site with 100 members, you can choose a hosting plan that has the specifications to handle that volume of traffic and activity.
Choosing the right plan will ensure that your site loads quickly and your members are happy with its performance. But if there’s account sharing going on, and there are actually 150 people or more logging in to your membership site and accessing its content, your site might not be as fast you were expecting.
That means you could be delivering a frustrating user experience to your members. This might then result in higher membership churn rates.
Drain on Your Time
Then there’s the extra admin work involved with supporting these unauthorized members. More users on your site increases the volume of support emails you’ll have to deal with, covering everything from password resets and browser issues to questions about your content.
Because these unauthorized members will be accessing your content with legitimate accounts, you might not ever realize you’ve spent hours assisting someone who hasn’t paid a penny for your time.
In addition to intentional account sharing, there will also be those members who log in to your site on shared computers and check the “Remember Me” box on the WordPress login page.
These members won’t have meant to allow account sharing with others, but the access they provide could still pose a serious security risk to your website. The unauthorized people who access your membership in this way won’t have any loyalty to the member whose account they’re now sharing.
As a result, these users might decide to cause mischief and mayhem on your membership site, deleting content, leaving inappropriate comments, and negatively interacting with your website and its members in other ways that are detrimental to your business. It might sound ridiculous, but it's more common than you might think.
So with this in mind, know that even if you trust your members not to engage in account sharing with others, they could still unintentionally give away access.
Are You Ready to Take Action?
If you started reading this article because you were curious about how to prevent account sharing on your membership site, but weren’t sure if it was necessary for your project, hopefully, the above scenarios have convinced you to take action and improve the security of your WordPress-powered membership platform.
How to Prevent Account Sharing on Your WordPress Membership Site
WordPress makes it very easy for users to share their account details, enabling multiple people to log in from different locations, all at the same time. But the good news is that there are third-party add-ons that make it almost as easy to prevent account sharing and stop double logins on your site.
Install the Free Loggedin WordPress Plugin
While there is a way to prevent access sharing and stop concurrent logins on your WordPress website by editing some code, installing a plugin is a quick and effective solution for many membership site owners.
Although there a few different plugins that can help prevent account sharing on your membership site, Loggedin is our recommended option. At the time of writing, this free plugin is regularly updated, has positive feedback from users, and works as advertised.
First, install and activate the plugin on your WordPress website by logging in to your admin area and searching for Loggedin from the Add Plugins page. Then you can start configuring how it works.
The plugin options, which can be accessed from the General Settings page in your WordPress dashboard, are very straightforward. Simply choose the number of maximum logins a user account can have (ideally just one).
You also have the option of enabling double logins by allowing new logins for an account that’s already logged in while ending the existing session for that account.
Alternatively, you can prevent concurrent logins altogether. Through the Loggedin settings, you can also force logout a user who's logged in if you need to.
As you can see, using the Loggedin plugin makes it very easy to prevent or control account sharing on your membership site. However, if you’d rather not use a plugin to achieve this, or you’d like to know how concurrent logins are enabled in WordPress, this article is a great resource on the topic.
If you’re curious to know whether account sharing is happening on your membership site, you can install the free Simple History plugin to see when and from where your members are logging in.
Hopefully, this article has inspired you to take action and prevent account sharing on your membership site – if it’s right for your project.
For the reasons above, you won’t want more than one person logging in to your membership site with the same account in most cases.
Thanks to free plugins like Loggedin, it’s never been easier to stop double logins on a WordPress website.
If you have any questions about preventing concurrent logins on your membership site, please leave a comment below.
December 5, 2019
I don't know of any plugins that have a per-account feature. But here are a few other plugins you can check out: https://wordpress.org/plugins/prevent-concurrent-logins/ (outdated) https://codecanyon.net/item/block-double-logins-protect-your-membership-site/7766127 https://codecanyon.net/item/allow-single-membership-login-protect-your-membership/22144134