When users close the browser window without logging out from the WordPress site, their session is not terminated.
Idle WordPress sessions make session hijacking easier, and sometimes create problems, especially if you want to manage the number of simultaneous logged in WordPress users sessions. This post explains how you can configure the WP Security Audit Log plugin to automatically terminate idle WordPress users sessions.
Terminating Idle WordPress Users Sessions
Login to your WordPress dashboard and click the Logged In Users entry in the WP Security Audit Log plugin menu. Click on the Users Sessions Management tab to access the settings.
Tick the checkbox Terminate Idle Sessions to enable such functionality. Then configure for how long a user session should be idle before it is terminated automatically by the plugin from the drop down menu. Click Save Changes to save the settings.
How Does the Idle Session Termination Work?
The process is very simply. Once you enable this option:
- The plugin sets a cron job on the WordPress website that runs every hour.
- When the cron job runs it checks the time of every user’s last change.
- If the time of the last change is longer than the configured number of hours, that session is automatically terminated.