Title: Loggedin – Limit Concurrent Sessions Author: Joel James Published: 1. Juli 2016 Last modified: 27. Juni 2026 --- Plugins suchen ![](https://ps.w.org/loggedin/assets/banner-772x250.png?rev=3548008) ![](https://ps.w.org/loggedin/assets/icon.svg?rev=3348320) # Loggedin – Limit Concurrent Sessions Von [Joel James](https://profiles.wordpress.org/joelcj91/) [Herunterladen](https://downloads.wordpress.org/plugin/loggedin.3.0.1.zip) [Live-Vorschau](https://de.wordpress.org/plugins/loggedin/?preview=1) * [Details](https://de.wordpress.org/plugins/loggedin/#description) * [Rezensionen](https://de.wordpress.org/plugins/loggedin/#reviews) * [Installation](https://de.wordpress.org/plugins/loggedin/#installation) * [Entwicklung](https://de.wordpress.org/plugins/loggedin/#developers) [Support](https://wordpress.org/support/plugin/loggedin/) ## Beschreibung **Loggedin** caps the number of simultaneous WordPress sessions a user account is allowed to hold. When the cap is reached, you choose what happens next — log out the oldest device, log out every other device, or block the new login outright. It’s the lightweight, no-bloat way to stop account sharing on membership sites, LMS courses, paid communities, and any WordPress install where one paid account shouldn’t be open on five devices at once. The plugin hooks straight into WordPress’s standard authentication pipeline and uses the native `WP_Session_Tokens` API, so it works on every host, with every theme, and alongside every login plugin you might already run. No cron jobs, no background polling, no third-party services. ### How it works A „session“ in WordPress is the authenticated token created the moment a user logs in — one per browser, per device. Two browsers on the same laptop count as two sessions; a phone and a desktop count as two. Closing a tab does **not** end a session — the token lives server-side until the user explicitly signs out or another login displaces it. Loggedin watches every login attempt: 1. Counts the user’s current active sessions. 2. Compares that count to the limit you’ve configured. 3. Applies the rule you’ve picked — silently make room for the new login, or reject the new login with an error on wp-login. There’s a one-click **Force Logout** panel in the admin to clear every session for a specific user when someone’s locked out by the cap and can’t reach their other devices. Identify the user by ID, email, or username — all three work. ### Who it’s for * **Membership sites** — MemberPress, Paid Memberships Pro, Restrict Content Pro, WooCommerce Memberships, etc. Stop one paid account from being shared across a household, a classroom, or a Discord server. * **Online courses & LMS** — LearnDash, LifterLMS, TutorLMS, Sensei. Make sure the seat someone paid for is actually used by that someone. * **Subscription stores** — WooCommerce Subscriptions, Easy Digital Downloads recurring. Keep subscriber counts honest. * **Corporate intranets & client portals** — Enforce a one-device-at-a-time policy for staff or client accounts. * **BuddyPress / BuddyBoss communities** — Reduce ban-evasion and duplicate-account abuse. * **Compliance-driven sites** — Healthcare, finance, education installs where audit policy requires a per-account session cap. ### Features * **Global concurrent-login limit** — Pick any number from 1 upwards as the per- user cap. * **Three built-in modes** — Logout Oldest (kick the user’s oldest device, keep the rest), Logout All (the new login becomes the only active session), or Block New (reject the login and show an error on wp-login). * **Admin Force Logout** — Type a user ID, email, or username and clear every active session for that user in one click. * **Works with any session storage** — Uses the standard `WP_Session_Tokens` API. Stock WordPress, Redis, Memcached — all supported (the Logout Oldest mode needs the default user-meta storage; the other modes work everywhere). * **Customizable error message** — Override the message shown when a login is blocked, via a single filter. * **Built for developers** — Every decision passes through documented PHP hooks and filters. Override the cap per user / role / capability, exempt service accounts, audit force-logouts, or splice the plugin into your own auth pipeline. Full hook reference in the [developer docs](https://docs.duckdev.com/loggedin/developer-docs). * **Lightweight** — No cron, no background polling, no remote calls. The whole plugin runs at the moment a login happens. * **Translation-ready** — Loaded with the WordPress i18n APIs; contribute translations on WordPress.org. ### 📦 Add-ons Extend Loggedin with these official [add-ons](https://duckdev.com/addons/loggedin/): * **[Active Sessions](https://duckdev.com/addon/loggedin-active-sessions/)** — See exactly who’s signed in right now, drill into each device per user, and sign out a single session — or every session — in one click. * **[Limit Per User](https://duckdev.com/addon/limit-per-user/)** — Override the global session cap for an individual user account directly from their WordPress profile. Perfect for tiered access or trusted-staff exemptions. * **[Limit Per Role](https://duckdev.com/addon/limit-per-role/)** — Set a different concurrent-session cap per WordPress role. Give administrators more headroom while keeping subscribers tight, or vice versa. * **[Real-time Logout](https://duckdev.com/addon/real-time-logout/)** — Detect logouts in near-real-time. When Loggedin terminates a session, the user’s other open tabs reload to wp-login automatically — no waiting for the next page click. ### 📚 Documentation * [Getting started](https://docs.duckdev.com/loggedin/getting-started) * [General settings](https://docs.duckdev.com/loggedin/general-settings) * [Force Logout (Manage Sessions)](https://docs.duckdev.com/loggedin/manage-sessions) * [Add-ons overview](https://docs.duckdev.com/loggedin/addons/) * [Developer docs — hooks, filters, REST](https://docs.duckdev.com/loggedin/developer-docs) ### 🐛 Bug reports Found a bug? File it on the [Loggedin GitHub repository](https://github.com/Joel-James/loggedin/issues). _GitHub is for bug reports and development-related issues only. For end-user support, please use the WordPress.org [support forums](https://wordpress.org/support/plugin/loggedin/)._ ## Screenshots [⌊General Settings — concurrent-login limit and login logic.⌉⌊General Settings — concurrent-login limit and login logic.⌉[ **General Settings** — concurrent-login limit and login logic. [⌊Force Logout — admin Force Logout panel.⌉⌊Force Logout — admin Force Logout panel .⌉[ **Force Logout** — admin Force Logout panel. ## Installation 1. Install Loggedin from the WordPress.org plugin directory (**Plugins Add New search„ Loggedin“**) or upload the ZIP under **Plugins Add New Upload Plugin**. Full instructions: [how to install a plugin](https://docs.duckdev.com/general/installing-plugin). 2. Activate the plugin. 3. Go to **Users Loggedin** to configure the concurrent-login limit and pick the rule applied when the limit is reached. That’s it. The default — limit of `1`, **Logout All** mode — already prevents account sharing on a fresh install. ## FAQ ### Will this stop users from sharing their WordPress password? It stops _simultaneous_ sharing — two people can’t be signed in to the same account on different devices at the same time once the cap is set to `1`. They can still take turns logging in if you don’t want to block the new login outright. Pick ** Block New** mode to refuse the second login entirely and force the password-sharer to also log out the first device, which most people won’t do. ### Does this work with WooCommerce, MemberPress, LearnDash, BuddyPress, etc.? Yes. Loggedin hooks into the standard WordPress authentication pipeline (`wp_authenticate_user` and `check_password`), so any plugin that logs users in through the normal WordPress flow — which is essentially every membership, LMS, e-commerce, and community plugin— is covered automatically. No integration code required. ### Can I set different limits for administrators and subscribers? Yes, with the official [Limit Per Role add-on](https://duckdev.com/addon/limit-per-role/). It adds a per-role panel to the settings page where you can give each WordPress role its own cap (e.g. administrators: 5, editors: 3, subscribers: 1). Users with multiple roles get the highest configured limit. ### Can I set a different limit for one specific user? Yes, with the official [Limit Per User add-on](https://duckdev.com/addon/limit-per-user/). It adds a field to the WordPress profile screen so you can override the global cap on a per-user basis — useful for shared editorial accounts, executive users, or anyone who legitimately needs more sessions than your default. ### Will current users be logged out when I install or change the limit? No. Loggedin only acts when a _new_ login happens. Existing sessions stay active until they expire, the user logs out, or a future login displaces them under the rule you’ve configured. ### Where can I find the settings for Loggedin? In the WordPress admin, go to **Users Loggedin**. You’ll see two tabs — **Settings** for the cap and login logic, and **Add-ons** for installing and licensing first- party extensions. ### What are the available login logic options? The plugin offers three built-in modes: * **Logout Oldest** — When the limit is reached, the user’s single oldest active session is terminated to make room for the new login. Closest match to consumer„ remember me“ UX. * **Logout All** — When the limit is reached, every other active session for the user is terminated and the new login becomes the only active session. * **Block New** — When the limit is reached, the new login attempt is rejected with an error on wp-login. Additional modes can be added via the `loggedin_logics` filter. See the [General Settings docs](https://docs.duckdev.com/loggedin/general-settings#login-logic) for details. ### How long does a login session last? The duration of a WordPress login session is controlled by WordPress, not Loggedin. * „Remember Me“ checked at login session lasts **14 days**. * „Remember Me“ not checked session lasts **2 days**. Customize the duration with the standard `auth_cookie_expiration` filter: ``` function custom_auth_cookie_expiration( $expire ) { return MONTH_IN_SECONDS; // 30 days for every login. } add_filter( 'auth_cookie_expiration', 'custom_auth_cookie_expiration' ); ``` ### What if a user has reached the limit but doesn’t know which devices are active? Administrators can force-logout every session for the user from the dashboard: 1. Go to **Users Loggedin** in the WordPress admin. 2. Scroll to the **Force Logout** panel at the bottom of the Settings tab. 3. Enter the user’s ID, email address, or username and click **Force Logout**. All active sessions for that user are terminated immediately. ### Does Loggedin work with Redis / Memcached / external session storage? Yes for the **Logout All** and **Block New** modes — both go through the standard` WP_Session_Tokens` API, which respects whatever storage backend WordPress is configured to use. The **Logout Oldest** mode needs the default user-meta storage because the WP API doesn’t expose a „drop the oldest“ primitive; pick Logout All instead if your sessions live elsewhere. ### Is Loggedin GDPR-compliant? Loggedin stores no personal data itself. It only counts and manipulates WordPress session tokens that already exist in your database via the standard `WP_Session_Tokens` API. No external services are called, no telemetry is sent. ### Does Loggedin slow down logins? No. The work Loggedin does on each login is one query for the user’s existing session tokens and an in-memory count — measured in microseconds. No HTTP calls, no cron jobs, no background polling. ### Can I customize the error message shown when a login is blocked? Yes, via the `loggedin_error_message` filter: ``` add_filter( 'loggedin_error_message', function ( $message ) { return 'Your account is already signed in elsewhere. Sign out from another device to continue.'; } ); ``` See the [developer docs](https://docs.duckdev.com/loggedin/developer-docs) for every filter and action the plugin exposes. ## Rezensionen ![](https://secure.gravatar.com/avatar/484802c719c69b738102ad3161a3d525b188c752ad36109725aeae22171ead58? s=60&d=retro&r=g) ### 󠀁[Espectacular](https://wordpress.org/support/topic/espectacular-57/)󠁿 [promedios](https://profiles.wordpress.org/promedios/) 2. Februar 2026 Sencillamente práctico y funcional ![](https://secure.gravatar.com/avatar/51260d31fcb53d59741287d0b25fa9aaec20782fdb7debbc00577d529f86c9fb? s=60&d=retro&r=g) ### 󠀁[A must have plugin](https://wordpress.org/support/topic/a-must-have-plugin-420/)󠁿 [frazard99](https://profiles.wordpress.org/frazard99/) 4. Januar 2026 Keep it up! ![](https://secure.gravatar.com/avatar/03f451f696eee9a4d87f6d076b2edf4e2cc90a71eb4c1c4d6160f8eb6a8ddc31? s=60&d=retro&r=g) ### 󠀁[Love it, works like a charm](https://wordpress.org/support/topic/love-it-works-like-a-charm-2/)󠁿 [DL](https://profiles.wordpress.org/dlinstedt/) 26. September 2025 Super cool plugin, lightweight, just works. ![](https://secure.gravatar.com/avatar/55715a2b7ede500fed12457acae41c12a1c1653c9ada140e8ac2a0d1a6029523? s=60&d=retro&r=g) ### 󠀁[Works perfectly for me](https://wordpress.org/support/topic/works-perfectly-for-me-37/)󠁿 [zchas42](https://profiles.wordpress.org/zchas42/) 4. August 2025 Sell eLearning courses, need to prevent login sharing – combined with 2 factor authentication this plugin does the job very nicely. ![](https://secure.gravatar.com/avatar/081aa9336e308ce8f2671c01da05a8f18c1c0d5473ee3773d0a3e5cd212b1599? s=60&d=retro&r=g) ### 󠀁[Excellent](https://wordpress.org/support/topic/excellent-13990/)󠁿 [emmauelbright](https://profiles.wordpress.org/emmauelbright/) 12. Juli 2025 I like it ![](https://secure.gravatar.com/avatar/63941a5092f4c9f39e933d63eb816ad8cddc9e9c5179806b832790468f801254? s=60&d=retro&r=g) ### 󠀁[Great plugin](https://wordpress.org/support/topic/great-plugin-40561/)󠁿 [jacseq](https://profiles.wordpress.org/jacseq/) 3. Juni 2025 In use by us since at least two years. Simple and works properly. [ Alle 110 Rezensionen lesen ](https://wordpress.org/support/plugin/loggedin/reviews/) ## Mitwirkende und Entwickler „Loggedin – Limit Concurrent Sessions“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt: Mitwirkende * [ Joel James ](https://profiles.wordpress.org/joelcj91/) * [ Duck Dev ](https://profiles.wordpress.org/duckdev/) „Loggedin – Limit Concurrent Sessions“ wurde in 5 Sprachen übersetzt. Danke an [die Übersetzer](https://translate.wordpress.org/projects/wp-plugins/loggedin/contributors) für ihre Mitwirkung. [Übersetze „Loggedin – Limit Concurrent Sessions“ in deine Sprache.](https://translate.wordpress.org/projects/wp-plugins/loggedin) ### Interessiert an der Entwicklung? [Durchstöbere den Code](https://plugins.trac.wordpress.org/browser/loggedin/), sieh dir das [SVN-Repository](https://plugins.svn.wordpress.org/loggedin/) an oder abonniere das [Entwicklungsprotokoll](https://plugins.trac.wordpress.org/log/loggedin/) per [RSS](https://plugins.trac.wordpress.org/log/loggedin/?limit=100&mode=stop_on_copy&format=rss). ## Änderungsprotokoll #### 3.0.1 * New: `loggedin.admin.tabs` JS filter — addons can register their own React component as a tab in the Loggedin admin nav, with optional `before` / `after` positioning hints. Powers the new Active Sessions addon. * New: Cross-sell banner on the Force Logout panel routed through `loggedin.settings. force_logout.cross_sell` so addons can hide or replace it once installed. * Improve: Addon card layout aligned with the 404 to 301 plugin — primary CTA pinned to the left of the footer, „More details“ link on the right, title-cased license button labels. * Fix: The v2 v3 settings migration never ran on existing installs, leaving legacy option keys in place after the upgrade. #### 3.0.0 * New: Modern React-powered admin under Users Loggedin with two tabs — Settings( concurrent-login limit + login logic + Force Logout panel) and Add-ons (catalogue + license management). * New: REST API at `/loggedin/v1/` for settings, session management and add-on licensing. * New: Unified `loggedin_settings` option registered with `show_in_rest`, readable and writable by the React admin and by external integrations through the standard core-data flow. * New: Force Logout panel now accepts a user ID, email or username — the resolver detects the input shape automatically. * New: Add-ons module powered by Freemius — official add-ons (Real-time Logout, Limit Per User, Limit Per Role) self-register via the new `loggedin_register_addon` filter and appear in the Add-ons tab. * New: JavaScript extension slot — add-ons can append their own React `PanelBody` to the Settings tab via the `loggedin.settings.panels` filter. * New: Documented PHP hook surface — `loggedin_init`, `loggedin_settings_defaults`,` loggedin_admin_script_vars`, `loggedin_addons_catalog`, `loggedin_destroy_oldest_session` and more. * Improve: Reorganised plugin structure (PSR-4 namespaces under `DuckDev\Loggedin\`) and aligned with WordPress Coding Standards. * Improve: Comprehensive sanitisation pass across every input and option write path. * Improve: PHP 7.4 is now the minimum supported version. #### 2.0.4 * Improve: Review-notice scheduling now respects the dismiss state on every admin page load. * Fix: Invalid nonce action prevented review notices from being dismissed. #### 2.0.3 * Improve: Removed leftover debug code that shipped accidentally in 2.0.2. For the full release history, see the [changelog](https://docs.duckdev.com/loggedin/changelog). ## Meta * Version **3.0.1** * Zuletzt aktualisiert **vor 2 Tagen** * Aktive Installationen **8.000+** * WordPress-Version ** 6.0 oder höher ** * Getestet bis **7.0** * PHP-Version ** 7.4 oder höher ** * Sprachen * [Chinese (Taiwan)](https://tw.wordpress.org/plugins/loggedin/), [English (US)](https://wordpress.org/plugins/loggedin/), [German](https://de.wordpress.org/plugins/loggedin/), [Russian](https://ru.wordpress.org/plugins/loggedin/), [Spanish (Mexico)](https://es-mx.wordpress.org/plugins/loggedin/) und [Swedish](https://sv.wordpress.org/plugins/loggedin/). * [Übersetze in deine Sprache](https://translate.wordpress.org/projects/wp-plugins/loggedin) * Schlagwörter * [concurrent login](https://de.wordpress.org/plugins/tags/concurrent-login/)[force logout](https://de.wordpress.org/plugins/tags/force-logout/) [login limit](https://de.wordpress.org/plugins/tags/login-limit/)[prevent account sharing](https://de.wordpress.org/plugins/tags/prevent-account-sharing/) [user sessions](https://de.wordpress.org/plugins/tags/user-sessions/) * [Erweiterte Ansicht](https://de.wordpress.org/plugins/loggedin/advanced/) ## Bewertungen 4.9 von 5 Sternen. * [ 105 5-Sterne-Rezensionen ](https://wordpress.org/support/plugin/loggedin/reviews/?filter=5) * [ 2 4-Sterne-Rezensionen ](https://wordpress.org/support/plugin/loggedin/reviews/?filter=4) * [ 0 3-Sterne-Rezensionen ](https://wordpress.org/support/plugin/loggedin/reviews/?filter=3) * [ 2 2-Sterne-Rezensionen ](https://wordpress.org/support/plugin/loggedin/reviews/?filter=2) * [ 1 1-Sterne-Rezension ](https://wordpress.org/support/plugin/loggedin/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/loggedin/reviews/#new-post) [Alle Rezensionen anzeigen](https://wordpress.org/support/plugin/loggedin/reviews/) ## Mitwirkende * [ Joel James ](https://profiles.wordpress.org/joelcj91/) * [ Duck Dev ](https://profiles.wordpress.org/duckdev/) ## Support Behobene Probleme in den letzten zwei Monaten: 0 von 1 [Support-Forum anzeigen](https://wordpress.org/support/plugin/loggedin/) ## Spenden Möchtest du die Weiterentwicklung dieses Plugins unterstützen? [ Für dieses Plugin spenden ](https://paypal.me/JoelCJ)