Did you know that account sharing could be taking place on your membership site?
By default, WordPress allows multiple sessions from a single user account. This means that if the login details of a member’s account have been shared, more than one person could be accessing your site with the username and password for that user.
If this is something that you don’t want to be allowed on your website, this guide on how to prevent account sharing on your membership site will help you put a stop to concurrent logins in WordPress.
But before we show you how to prevent account sharing on your membership site, let’s quickly look at why you might want to put a stop to this practice.
Why Prevent Account Sharing on Your Membership Site
If you’re running a membership site, then one of the main downsides of account sharing will be lost revenue.
If you make it easy for one of your members to give other non-members access to your content by sharing their account details, then there’s a good chance that you’ll lose out on membership fees you might have otherwise collected.
Some people argue against this point. They claim that they wouldn’t have ever paid for an account, even if they weren’t given free access via unauthorized account sharing. However, even if this is true, that doesn’t mean them logging in without paying won’t have a negative impact on your business.
Here are some of the reasons why…
Increased Hosting Costs
One reason why people who log in but would never pay for access to your content could still have a negative impact on your finances is that each visitor to your membership site will be eating into the bandwidth and traffic allowances of your web hosting plan.
These unauthorized users could be stealing resources that you have to pay your web host for.
Negative Impact on Site Performance
Furthermore, if you run a membership site with 100 members, you can choose a hosting plan that has the specifications to handle that volume of traffic and activity.
Choosing the right plan will ensure that your site loads quickly and your members are happy with its performance. But if there’s account sharing going on, and there are actually 150 people or more logging in to your membership site and accessing its content, your site might not be as fast you were expecting, delivering a frustrating user experience to your members. This might then result in higher membership churn rates.
Drain on Your Time
Then there’s the extra admin work involved with supporting these unauthorized members. More users on your site increases the volume of support emails you’ll have to deal with, covering everything from password resets, browser issues, and questions about your content.
As these unauthorized members will be accessing your content with legitimate accounts, you might not ever realize you’ve spent hours assisting someone who hasn’t paid a penny for your time.
As well as intentional account sharing, there will also be those members who log in to your site on shared computers and check the “Remember Me” box on the WordPress login page.
These members won’t have meant to share their account details with others, but they could still pose a serious security risk to your website. The unauthorized people who access your membership in this way won’t have any loyalty to the member whose account they’re now sharing.
Due to this, they might decide to cause mischief and mayhem on your membership site, deleting content, leaving inappropriate comments, and negatively interacting with your website and its members in other ways that are detrimental to your business.
So with this in mind, even if you trust your members not to share their account details with others, they could still unintentionally give away access.
Are You Ready to Take Action?
If you started reading this article because you were curious about how to prevent account sharing on your membership site, but weren’t sure if it was necessary for your project, hopefully, the above scenarios have convinced you to take action and improve the security of your WordPress-powered membership platform.
How to Prevent Account Sharing on Your WordPress Membership Site
While WordPress makes it very easy for users to share their account details, enabling multiple people to log in from different locations, all at the same time, the good news is that there are third-party add-ons that make it almost as easy to prevent account sharing and stop double logins on your site.
Install the Free Loggedin WordPress Plugin
While there is a way to prevent access sharing and stop concurrent logins on your WordPress website by editing some code, installing a plugin is an effective solution for many membership site owners.
Although there a few different plugins that can help prevent account sharing on your membership site, Loggedin is our recommended option. At the time of writing, this free plugin has been regularly updated, has positive feedback from users, and works as advertised.
Once you’ve installed and activated the plugin on your WordPress website by logging in to your admin area and searching for Loggedin from the Add Plugins page, you can start configuring how it works.
Thankfully, the plugin options, which can be accessed from the General Settings page in your WordPress dashboard, are very straightforward. Simply choose the number of maximum logins a user account can have (ideally just one).
You also have the option of enabling double logins by allowing new logins for an account that’s already logged in but ending the existing session for that account.
Alternatively, you can just prevent concurrent logins altogether. You can also force logout a user that's logged in, through the Loggedin settings, if you need to.
As you can see, using the Loggedin plugin makes it very easy to prevent or control account sharing on your membership site. However, if you’d rather not use a plugin to achieve this, or you’d like to know how concurrent logins are enabled in WordPress, this article is a great resource on this topic.
If you’re curious to know if account sharing is happening on your membership site, you can install the free Simple History plugin to see when your members are logging in and where from.
Hopefully, this article has inspired you to take action and prevent account sharing on your membership site – if it’s right for your project.
In most cases, for the reasons outlined above, you won’t want more than one person logging in to your membership site with the same account.
Thanks to free plugins like Loggedin, it’s never been easier to stop double logins on a WordPress website.
If you have any questions about preventing concurrent logins on your membership site, please leave a comment below.
December 5, 2019
I don't know of any plugins that have a per-account feature. But here are a few other plugins you can check out: https://wordpress.org/plugins/prevent-concurrent-logins/ (outdated) https://codecanyon.net/item/block-double-logins-protect-your-membership-site/7766127 https://codecanyon.net/item/allow-single-membership-login-protect-your-membership/22144134