This plugin helps to minimize some security concerns. It will automatically sign an inactive user out after a specified time period of inactivity.
|Author:||Stuart Baxter (profile at wordpress.org)|
|WordPress version required:||2.7|
|WordPress version tested:||3.3.2|
|Added to WordPress repository:||22-03-2012|
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|Total downloads:||5 902|
Click to start download
This plugin helps to minimize certain security risks involved with session stealing. It allows you to automatically sign a user out after he has been inactive for a specified period of time. This plugin also works with BuddyPress. The default time period is set to one day. This means that if a user was logged into your site and did not come back after 24 hours, he would be logged out due to inactivity. However, if he performed any sort of activity on your site (e.g. browsed a new page) between his latest activity and 24 hours after that, then he would not be logged out. You can change this time period to whatever suits your needs. Additionally, you can specify a page where the user will be redirected to when he gets logged out (e.g. a landing page to notify the user he has been logged out for inactivity). However, this is optional and you can make the user not be redirected when he gets automatically logged out. No redirection is the default setting.
How can I set up the time period of inactivity correctly?
You need to change the value of the constant AUTOMATIC_SIGN_OUT_MAXIMUM_TIME to the time you specify. The time is measured in seconds, so 60 = 1 minute, 60 * 60 = 1 hour, 60 * 60 * 24 = 1 day.
Here are some examples:
define(‘AUTOMATIC_SIGN_OUT_MAXIMUM_INACTIVITIY_TIME’, 60 * 60 * 24); // 1 day
define(‘AUTOMATIC_SIGN_OUT_MAXIMUM_INACTIVITIY_TIME’, 60 * 60); // 1 hour
define(‘AUTOMATIC_SIGN_OUT_MAXIMUM_INACTIVITIY_TIME’, 60); // 1 minute
What if I don’t specify a redirection address?
If you don’t specify a redirection address and leave it as the default site_url() then the user will not be redirected anywhere when he is automatically logged out.
However, if you want to change it to an actual address, then replace site_url() with “http://www.yourwebsite.com/”. (Remember to include the quotations.)