Omschrijving
WP Bouncer restricts the number of simultaneous logins for your WordPress users. It aims to deter people from sharing their login credentials for your site, which is especially important for a paid membership site.
How it Works
- The plugin stores a random
FAKESESSIDfor each user when they log in. - If a user is logged in, on each page load (init hook), WP Bouncer checks if the
FAKESESSIDstored in the user’s cookies is the same as the last login stored in a transient (fakesessid_user_login). - If the two values do no match, WP Bouncer logs the user out and redirects them to a warning message.
- If the WP_BOUNCER_HEARTBEAT_CHECK is defined to true, JavaScript will be loaded to bounce users when a new user logs in with the same login. This is useful for sites with page caching.
Admin accounts (specifically users with the “manage_options” capability) are excluded from bounces.
Allow a Specific Number of Active Sessions
By default, WP Bouncer only allows one session per user. But, you can use this plugin to offer bulk memberships to corporate, education, or other group-type customers via a shared login.
Use the wp_bouncer_number_simultaneous_logins filter to allow a defined number of active “sessions”.
Example Use Case
- User A logs in as “user”. Their
FAKESESSID, say “SESSION_A” is stored in a WordPress option. - User B logs in as “user”. Their
FAKESESSID, say “SESSION_B” is overwrites the stored WordPress option. - User A tries to load a page on your site, WP Bouncer catches them and logs them out, redirecting them to the warning message.
- User B can browse around the site as normal… unless…
- User A logs in again as “user”. Their
FAKESESSID, “SESSION_A_v2” is stored in the WordPress option. - Now user B would be logged out if they load another page.
Hooks and Filters
wp_bouncer_ignore_adminsfilter: if returning false even admins will be bounced.wp_bouncer_redirect_urlfilter: can be used to change the URL redirected to after being bounced.wp_bouncer_number_simultaneous_loginsfilter: can be set to limit logins to a number other than 1. 0 means unlimited logins.wp_bouncer_login_flag: runs right before bouncing (can be used to potentially stop the bouncing).wp_bouncer_session_idshook: used to filter session ids when saving them. Passes $session_ids, $old_session_ids (before any were removed/bounced), and the current user’s ID as parameters.wp_bouncer_session_lengthhook: used to filter how long the session ids transients are set. This way, you can time the transients to expire at a specific time of day. Note that the transient is saved on every page load, so if you set it to 5 minutes, it’s going to push it out 5 minutes on every page load. You should try to set it to (the number of seconds until midnight) or something like that.
Future Improvements
- Settings page to choose where users are taken after being bounced.
- Keep track of how many bounces there are and lock the account down if there are so many in a small time frame.
Support the Plugin Authors
If you like this plugin, please check out Jason’s work with Paid Memberships Pro (http://www.paidmembershipspro.com) and Andrew’s work at Reaktiv Studios (http://reaktivstudios.com/).
Schermafdrukken
Warning message shown when a user is bounced.
Installatie
This section describes how to install the plugin and get it working.
- Upload
wp-bouncerto the/wp-content/plugins/directory. - Activate the plugin through the ‘Plugins’ menu in WordPress.
- To enable JavaScript checks, add the following code to your wp-config.php:
define( ‘WP_BOUNCER_HEARTBEAT_CHECK’, true );
FAQ
- I need something strong to keep people from sharing accounts.
-
We’ve found that using a 2-Factor-Authentication scheme on your site is a good way to keep people from sharing accounts. When we tried to design an advanced version of WP-Bouncer, it was basically 2FA. So try that.
Beoordelingen
29 januari 2019
This is the best plugin i have !! Thank you very much o developer, its a cool work !
2 februari 2018
love the concept behind this plugin, but it doesn't seem to do what I expected it to do judging by the description, which is to remove one user from accessing a page when the another is accessing it.
I'm using Woo and Groups plugins to restrict access to content pages. With this plugin, both users are able to access the page and everything on it at the same time (downloads, movies, discussions). The "bouncing" action seems to only occur when trying to access my-account, but the rest of the site seems untouched.
So it kind of works on WP 4.9.2 I guess... but not in the way I hoped. It might be due to my membership setup... it's not exactly vanilla.
I Googled and found a few lines of code for functions.php that only allow one user to be logged in per account... very simple and ultralight, and it instantly logs out the other user when a new user logs on. No real need for a plugin.
22 juli 2017
Hi,
Just like to say this is a great plugin and is a real asset for people who run membership sites. Stops members abusing a site by sharing their login details with friends.
I have just one suggestion for a future release. It would be great if there was a log file or similar where admins could see in detail which users were being kicked off by WP Bouncer and when.
Thanks guys,
Andrew
29 juni 2017
Plugin doesn't do anything at WP 4.8.
Doesn't break the site, doesn't bounce duplicate logins... Nothing.
1 maart 2017
Thank you!!! Keep it going
3 september 2016
5 etoiles from me...
I was concerned about many people using the same login details for my membership wordpress site. I installed this plugin and don't think there has been any issues.
You can change the wording of the 'bounce' in the Dashboard going to Plugin/WP Bouncer/Edit and selecting login-warning.php
I had no conflicts with any of the other plugins that I had in play - CyberChimps Responsive theme running Jasons Paid Memberships Pro with Theme My Login.
I have never built a wordpress site before and have no coding experience so it was important to me that I found an easy-to-use solution.
This is a fantastic plugin!
I would suggest that this page shows a pic of the bounce page.
Thank you so much!
🙂
Bijdragers & ontwikkelaars
“WP Bouncer” is open source software. De volgende personen hebben bijgedragen aan deze plugin.
Bijdragers
Vertaal “WP Bouncer” naar jouw taal.
Interesse in ontwikkeling?
Bekijk de code, haal de SVN repository op, of abonneer je op het ontwikkellog via RSS.
Changelog
1.4.1 – 2020-01-01
- BUG FIX: Fixed issue where users were not redirected to the warning page when logged out.
1.4 – 2019-01-16
- BUG FIX: Fixed issue with how things were stored in transients. (Thanks, zackdn on GitHub)
- FEATURE: Added JavaScript to bounce users in case the PHP bouncer is not running (e.g. when using page caching). To enable this, add
define( 'WP_BOUNCER_HEARTBEAT_CHECK', true );to your wp-config.php (without the backticks).
1.3.1
- Fixed a typo.
- Tested up to WP 4.8
1.3
- Added a user action link (hover over a user on the users.php page in the dashboard) to reset all sessions for a user.
- Added wp_bouncer_session_ids hook to filter session ids when saving them. Passes $session_ids, $old_session_ids (before any were removed/bounced), and the current user’s ID as parameters.
- Added wp_bouncer_session_length hook to filter how long the session ids transients are set. This way, you can time the transients to expire at a specific time of day. Note that the transient is saved on every page load, so if you set it to 5 minutes, it’s going to push it out 5 minutes on every page load. You should try to set it to (the number of seconds until midnight) or something like that.
1.2
- Fixed some typos in the variables used to generate the session ids.
- The fakesessid_{user_login} transients are now storing arrays of session ids. This allowed for multiple (but limited) sessions per user if wanted.
- Added wp_bouncer_ignore_admins filter, if returning false even admins will be bounced.
- Added wp_bouncer_redirect_url filter, which can be used to change the URL redirected to after being bounced.
- Added wp_bouncer_number_simultaneous_logins filter, which can be set to limit logins to a number other than 1. 0 means unlimited logins.
- Added wp_bouncer_login_flag in case you want to hook in and do something right before bouncing (or potentially stop the bouncing).
1.1
- Admin accounts (specifically users with “manage_options” capability) are excluded from bounces. This will eventually be a setting once we setup a settings page.
- Readme changes.
1.0.1
- Fixed bug with how transients were being set and get.
- Removed code in track_login that made sure you were logging in from login page. This will allow wp bouncer to kick in when logging in via wp_signon, etc.
- Moved redirect url to a class property. Will eventually add a settings page for this and any other setting/configuration value.
1.0
- First release!