WP Bouncer – Limit Simultaneous Logins

WP Bouncer restricts the number of simultaneous logins for the same WordPress user account. The plugin’s goal is to deter people from sharing their login credentials for your site, which is especially important for a paid membership, premium content, or eLearning site.

How WP Bouncer Protects Shared User Logins

• De plugin slaat een willekeurige FAKESESSID op voor elke gebruiker wanneer deze logint.
• If a user is logged in, on each page load (init hook), WP Bouncer checks if the FAKESESSID stored in the user’s cookies is the same as the last login stored in a transient (fakesessid_user_login).
• If the two values do no match, WP Bouncer logs the user out and redirects them to the WordPress login page or a custom page using the wp_bouncer_redirect_url filter.

If the WP_BOUNCER_HEARTBEAT_CHECK is defined to true, JavaScript will be loaded to bounce users when a new user logs in with the same login. This is useful for sites with page caching.

Beheerdersaccounts of gebruikers met de rechten “manage_options” worden uitgesloten van bounces.

Or, Allow a Specific Number of Active Sessions

By default, WP Bouncer only allows one session per user.

You can use this plugin to offer bulk memberships to corporate, education, or other group-type customers via a shared login.

Use the wp_bouncer_number_simultaneous_logins filter to allow a defined number of active “sessions”.

Bekijk het recept

Gebruiksvoorbeelden voor WP Bouncer

• User A logs in as “user”. Their FAKESESSID, say “SESSION_A” is stored in a WordPress option.
• User B logs in as “user”. Their FAKESESSID, say “SESSION_B” is overwrites the stored WordPress option.
• User A tries to load a page on your site, WP Bouncer catches them and logs them out, redirecting them to the warning message.
• Gebruiker B kan gewoon op de site rondkijken… Tenzij…
• User A logs in again as “user”. Their FAKESESSID, “SESSION_A_v2” is stored in the WordPress option.
• Nieuwe gebruiker B zou worden uitgelogd als hij een andere pagina laadt.

Hooks en Filters

• wp_bouncer_ignore_admins filter: if returning false even admins will be bounced.
• wp_bouncer_redirect_url filter: can be used to change the URL redirected to after being bounced.
• wp_bouncer_number_simultaneous_logins filter: can be set to limit logins to a number other than 1. 0 means unlimited logins.
• wp_bouncer_login_flag: loopt vlak voor het bouncen (kan gebruikt worden om het bouncen eventueel te stoppen).
• wp_bouncer_session_ids hook: used to filter session ids when saving them. Passes $session_ids, $old_session_ids (before any were removed/bounced), and the current user’s ID as parameters.
• wp_bouncer_session_length hook: used to filter how long the session ids transients are set. This way, you can time the transients to expire at a specific time of day. Note that the transient is saved on every page load, so if you set it to 5 minutes, it’s going to push it out 5 minutes on every page load. You should try to set it to (the number of seconds until midnight) or something like that.

Steun de plugin auteurs

If you like this plugin, please check out Jason’s work with Stranger Studios and Paid Memberships Pro and Andrew’s work at his personal site.