رفتن به محتوا
WordPress.org

فارسی

  • پوسته‌ها
  • افزونه‌ها
  • اخبار
  • پشتیبانی
  • درباره
  • تیم وردپرس فارسی
  • دریافت وردپرس
دریافت وردپرس
WordPress.org

Plugin Directory

Loggedin – Limit Concurrent Sessions

  • ثبت یک افزونه
  • علاقه‌مندی‌های من
  • ورود
  • ثبت یک افزونه
  • علاقه‌مندی‌های من
  • ورود

Loggedin – Limit Concurrent Sessions

توسط Joel James
دانلود
Live Preview
  • جزئیات
  • نقد و بررسی‌ها
  • نصب
  • توسعه
پشتیبانی

توضیحات

Loggedin caps the number of simultaneous WordPress sessions a user account is allowed to hold. When the cap is reached, you choose what happens next — log out the oldest device, log out every other device, or block the new login outright. It’s the lightweight, no-bloat way to stop account sharing on membership sites, LMS courses, paid communities, and any WordPress install where one paid account shouldn’t be open on five devices at once.

The plugin hooks straight into WordPress’s standard authentication pipeline and uses the native WP_Session_Tokens API, so it works on every host, with every theme, and alongside every login plugin you might already run. No cron jobs, no background polling, no third-party services.

How it works

A “session” in WordPress is the authenticated token created the moment a user logs in — one per browser, per device. Two browsers on the same laptop count as two sessions; a phone and a desktop count as two. Closing a tab does not end a session — the token lives server-side until the user explicitly signs out or another login displaces it.

Loggedin watches every login attempt:

  1. Counts the user’s current active sessions.
  2. Compares that count to the limit you’ve configured.
  3. Applies the rule you’ve picked — silently make room for the new login, or reject the new login with an error on wp-login.

There’s a one-click Force Logout panel in the admin to clear every session for a specific user when someone’s locked out by the cap and can’t reach their other devices. Identify the user by ID, email, or username — all three work.

Who it’s for

  • Membership sites — MemberPress, Paid Memberships Pro, Restrict Content Pro, WooCommerce Memberships, etc. Stop one paid account from being shared across a household, a classroom, or a Discord server.
  • Online courses & LMS — LearnDash, LifterLMS, TutorLMS, Sensei. Make sure the seat someone paid for is actually used by that someone.
  • Subscription stores — WooCommerce Subscriptions, Easy Digital Downloads recurring. Keep subscriber counts honest.
  • Corporate intranets & client portals — Enforce a one-device-at-a-time policy for staff or client accounts.
  • BuddyPress / BuddyBoss communities — Reduce ban-evasion and duplicate-account abuse.
  • Compliance-driven sites — Healthcare, finance, education installs where audit policy requires a per-account session cap.

Features

  • Global concurrent-login limit — Pick any number from 1 upwards as the per-user cap.
  • Three built-in modes — Logout Oldest (kick the user’s oldest device, keep the rest), Logout All (the new login becomes the only active session), or Block New (reject the login and show an error on wp-login).
  • Admin Force Logout — Type a user ID, email, or username and clear every active session for that user in one click.
  • Works with any session storage — Uses the standard WP_Session_Tokens API. Stock WordPress, Redis, Memcached — all supported (the Logout Oldest mode needs the default user-meta storage; the other modes work everywhere).
  • Customizable error message — Override the message shown when a login is blocked, via a single filter.
  • Built for developers — Every decision passes through documented PHP hooks and filters. Override the cap per user / role / capability, exempt service accounts, audit force-logouts, or splice the plugin into your own auth pipeline. Full hook reference in the developer docs.
  • Lightweight — No cron, no background polling, no remote calls. The whole plugin runs at the moment a login happens.
  • Translation-ready — Loaded with the WordPress i18n APIs; contribute translations on WordPress.org.

📦 Add-ons

Extend Loggedin with these official add-ons:

  • Active Sessions — See exactly who’s signed in right now, drill into each device per user, and sign out a single session — or every session — in one click.
  • Limit Per User — Override the global session cap for an individual user account directly from their WordPress profile. Perfect for tiered access or trusted-staff exemptions.
  • Limit Per Role — Set a different concurrent-session cap per WordPress role. Give administrators more headroom while keeping subscribers tight, or vice versa.
  • Real-time Logout — Detect logouts in near-real-time. When Loggedin terminates a session, the user’s other open tabs reload to wp-login automatically — no waiting for the next page click.

📚 Documentation

  • Getting started
  • General settings
  • Force Logout (Manage Sessions)
  • Add-ons overview
  • Developer docs — hooks, filters, REST

🐛 Bug reports

Found a bug? File it on the Loggedin GitHub repository.

GitHub is for bug reports and development-related issues only. For end-user support, please use the WordPress.org support forums.

عکس‌های صفحه

General Settings — concurrent-login limit and login logic.
General Settings — concurrent-login limit and login logic.
Force Logout — admin Force Logout panel.
Force Logout — admin Force Logout panel.

نصب

  1. Install Loggedin from the WordPress.org plugin directory (Plugins → Add New → search “Loggedin”) or upload the ZIP under Plugins → Add New → Upload Plugin. Full instructions: how to install a plugin.
  2. Activate the plugin.
  3. Go to Users → Loggedin to configure the concurrent-login limit and pick the rule applied when the limit is reached.

That’s it. The default — limit of 1, Logout All mode — already prevents account sharing on a fresh install.

سوالات متداول

Will this stop users from sharing their WordPress password?

It stops simultaneous sharing — two people can’t be signed in to the same account on different devices at the same time once the cap is set to 1. They can still take turns logging in if you don’t want to block the new login outright. Pick Block New mode to refuse the second login entirely and force the password-sharer to also log out the first device, which most people won’t do.

Does this work with WooCommerce, MemberPress, LearnDash, BuddyPress, etc.?

Yes. Loggedin hooks into the standard WordPress authentication pipeline (wp_authenticate_user and check_password), so any plugin that logs users in through the normal WordPress flow — which is essentially every membership, LMS, e-commerce, and community plugin — is covered automatically. No integration code required.

Can I set different limits for administrators and subscribers?

Yes, with the official Limit Per Role add-on. It adds a per-role panel to the settings page where you can give each WordPress role its own cap (e.g. administrators: 5, editors: 3, subscribers: 1). Users with multiple roles get the highest configured limit.

Can I set a different limit for one specific user?

Yes, with the official Limit Per User add-on. It adds a field to the WordPress profile screen so you can override the global cap on a per-user basis — useful for shared editorial accounts, executive users, or anyone who legitimately needs more sessions than your default.

Will current users be logged out when I install or change the limit?

No. Loggedin only acts when a new login happens. Existing sessions stay active until they expire, the user logs out, or a future login displaces them under the rule you’ve configured.

Where can I find the settings for Loggedin?

In the WordPress admin, go to Users → Loggedin. You’ll see two tabs — Settings for the cap and login logic, and Add-ons for installing and licensing first-party extensions.

What are the available login logic options?

The plugin offers three built-in modes:

  • Logout Oldest — When the limit is reached, the user’s single oldest active session is terminated to make room for the new login. Closest match to consumer “remember me” UX.
  • Logout All — When the limit is reached, every other active session for the user is terminated and the new login becomes the only active session.
  • Block New — When the limit is reached, the new login attempt is rejected with an error on wp-login.

Additional modes can be added via the loggedin_logics filter. See the General Settings docs for details.

How long does a login session last?

The duration of a WordPress login session is controlled by WordPress, not Loggedin.

  • “Remember Me” checked at login → session lasts 14 days.
  • “Remember Me” not checked → session lasts 2 days.

Customize the duration with the standard auth_cookie_expiration filter:

function custom_auth_cookie_expiration( $expire ) {
    return MONTH_IN_SECONDS; // 30 days for every login.
}

add_filter( 'auth_cookie_expiration', 'custom_auth_cookie_expiration' );

What if a user has reached the limit but doesn’t know which devices are active?

Administrators can force-logout every session for the user from the dashboard:

  1. Go to Users → Loggedin in the WordPress admin.
  2. Scroll to the Force Logout panel at the bottom of the Settings tab.
  3. Enter the user’s ID, email address, or username and click Force Logout. All active sessions for that user are terminated immediately.

Does Loggedin work with Redis / Memcached / external session storage?

Yes for the Logout All and Block New modes — both go through the standard WP_Session_Tokens API, which respects whatever storage backend WordPress is configured to use. The Logout Oldest mode needs the default user-meta storage because the WP API doesn’t expose a “drop the oldest” primitive; pick Logout All instead if your sessions live elsewhere.

Is Loggedin GDPR-compliant?

Loggedin stores no personal data itself. It only counts and manipulates WordPress session tokens that already exist in your database via the standard WP_Session_Tokens API. No external services are called, no telemetry is sent.

Does Loggedin slow down logins?

No. The work Loggedin does on each login is one query for the user’s existing session tokens and an in-memory count — measured in microseconds. No HTTP calls, no cron jobs, no background polling.

Can I customize the error message shown when a login is blocked?

Yes, via the loggedin_error_message filter:

add_filter( 'loggedin_error_message', function ( $message ) {
    return 'Your account is already signed in elsewhere. Sign out from another device to continue.';
} );

See the developer docs for every filter and action the plugin exposes.

نقد و بررسی‌ها

Espectacular

promedios 2 فوریه 2026
Sencillamente práctico y funcional

A must have plugin

frazard99 4 ژانویه 2026
Keep it up!

Love it, works like a charm

DL 26 سپتامبر 2025
Super cool plugin, lightweight, just works.

Works perfectly for me

zchas42 4 آگوست 2025
Sell eLearning courses, need to prevent login sharing – combined with 2 factor authentication this plugin does the job very nicely.

Excellent

emmauelbright 12 جولای 2025
I like it

Great plugin

jacseq 3 ژوئن 2025
In use by us since at least two years. Simple and works properly.
خواندن تمامی 110 نقد و بررسی‌

توسعه دهندگان و همکاران

“Loggedin – Limit Concurrent Sessions” نرم افزار متن باز است. افراد زیر در این افزونه مشارکت کرده‌اند.

مشارکت کنندگان
  • Joel James
  • Duck Dev

“Loggedin – Limit Concurrent Sessions” به 5 زبان ترجمه شده است. با تشکر از مترجمین برای همکاری و کمک‌هایشان.

ترجمه “Loggedin – Limit Concurrent Sessions” به زبان شما.

علاقه‌ مند به توسعه هستید؟

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

گزارش تغییرات

3.0.2

  • New: Review-request notice restored, powered by the duckdev/wp-review-notice library and scoped to the Loggedin settings screen with a 7-day delay.
  • Improve: Legacy review-notice state migrated to the new storage keys so users who already dismissed the prompt stay dismissed.
  • Improve: Admin notices now render inside the plugin’s centered page column instead of above the header, matching the 404 to 301 shell.
  • Fix: Left-hand gap between the plugin header and the admin sidebar caused by WordPress’s default #wpcontent padding.

3.0.1

  • New: loggedin.admin.tabs JS filter — addons can register their own React component as a tab in the Loggedin admin nav, with optional before / after positioning hints. Powers the new Active Sessions addon.
  • New: Cross-sell banner on the Force Logout panel routed through loggedin.settings.force_logout.cross_sell so addons can hide or replace it once installed.
  • Improve: Addon card layout aligned with the 404 to 301 plugin — primary CTA pinned to the left of the footer, “More details” link on the right, title-cased license button labels.
  • Fix: The v2 → v3 settings migration never ran on existing installs, leaving legacy option keys in place after the upgrade.

3.0.0

  • New: Modern React-powered admin under Users → Loggedin with two tabs — Settings (concurrent-login limit + login logic + Force Logout panel) and Add-ons (catalogue + license management).
  • New: REST API at /loggedin/v1/ for settings, session management and add-on licensing.
  • New: Unified loggedin_settings option registered with show_in_rest, readable and writable by the React admin and by external integrations through the standard core-data flow.
  • New: Force Logout panel now accepts a user ID, email or username — the resolver detects the input shape automatically.
  • New: Add-ons module powered by Freemius — official add-ons (Real-time Logout, Limit Per User, Limit Per Role) self-register via the new loggedin_register_addon filter and appear in the Add-ons tab.
  • New: JavaScript extension slot — add-ons can append their own React PanelBody to the Settings tab via the loggedin.settings.panels filter.
  • New: Documented PHP hook surface — loggedin_init, loggedin_settings_defaults, loggedin_admin_script_vars, loggedin_addons_catalog, loggedin_destroy_oldest_session and more.
  • Improve: Reorganised plugin structure (PSR-4 namespaces under DuckDev\Loggedin\) and aligned with WordPress Coding Standards.
  • Improve: Comprehensive sanitisation pass across every input and option write path.
  • Improve: PHP 7.4 is now the minimum supported version.

2.0.4

  • Improve: Review-notice scheduling now respects the dismiss state on every admin page load.
  • Fix: Invalid nonce action prevented review notices from being dismissed.

2.0.3

  • Improve: Removed leftover debug code that shipped accidentally in 2.0.2.

For the full release history, see the changelog.

اطلاعات

  • نگارش 3.0.2
  • Last updated 5 روز پیش
  • نصب‌های فعال 8,000+
  • نگارش وردپرس 6.0 یا بالاتر
  • Tested up to 7.0
  • نگارش PHP 7.4 یا بالاتر
  • زبان‌ها

    Chinese (Taiwan)، English (US)، German، Russian، Spanish (Mexico)، و Swedish.

    به زبان خودتان ترجمه کنید

  • Tags
    concurrent loginforce logoutlogin limitprevent account sharinguser sessions
  • نمایش پیشرفته

امتیازها

4.9 از 5 ستاره.
  • امتیاز 105 5-ستاره 5 ستاره 105
  • امتیاز 2 4-ستاره 4 ستاره 2
  • امتیاز 0 3-ستاره 3 ستاره 0
  • امتیاز 2 2-ستاره 2 ستاره 2
  • امتیاز 1 1-ستاره 1 ستاره 1

Your review

مشاهده همه بررسی‌ها

مشارکت کنندگان

  • Joel James
  • Duck Dev

پشتیبانی

مشکلات حل شده در دو ماه گذشته:

0 از 1

مشاهده انجمن پشتیبانی

کمک مالی

آیا تمایل دارید از پیشرفت این افزونه حمایت کنید؟

کمک مالی به این افزونه

  • درباره ما
  • اخبار
  • میزبانی
  • حریم خصوصی
  • ویترین
  • پوسته‌ها
  • افزونه‌ها
  • الگوها
  • یادگیری
  • پشتیبانی
  • توسعه‌دهندگان
  • WordPress.tv ↖
  • مشارکت کنید
  • رویدادها
  • حمایت ↖
  • پنج برای آینده
  • WordPress.com ↖
  • مت ↖
  • بی‌بی‌پرس ↖
  • بادی‌پرس ↖
WordPress.org
WordPress.org

فارسی

  • از حساب کاربری X (تویتر سابق) ما بازدید کنید
  • بازدید از حساب کاربری ما در بلواسکای
  • بازدید از حساب کاربری ما در ماستودون
  • بازدید از حساب کاربری ما در تردز
  • صفحه ی فیسبوک ما را ببینید
  • بازدید از حساب کاربری ما در اینستاگرام
  • بازدید از حساب کاربری ما در LinkedIn
  • بازدید از حساب کاربری ما در تیک‌تاک
  • کانال یوتیوب ما را ببینید
  • بازدید از حساب کاربری ما در تامبلر
کد شعر است.
The WordPress® trademark is the intellectual property of the WordPress Foundation.