Beschrijving

WP Bouncer restricts the number of simultaneous logins for the same WordPress user account. The plugin’s goal is to deter people from sharing their login credentials for your site, which is especially important for a paid membership, premium content, or eLearning site.

How WP Bouncer Protects Shared User Logins

De plugin slaat een willekeurige FAKESESSID op voor elke gebruiker wanneer deze logint.
If a user is logged in, on each page load (init hook), WP Bouncer checks if the FAKESESSID stored in the user’s cookies is the same as the last login stored in a transient (fakesessid_user_login).
If the two values do no match, WP Bouncer logs the user out and redirects them to the WordPress login page or a custom page using the wp_bouncer_redirect_url filter.

If the WP_BOUNCER_HEARTBEAT_CHECK is defined to true, JavaScript will be loaded to bounce users when a new user logs in with the same login. This is useful for sites with page caching.

Beheerdersaccounts of gebruikers met de rechten “manage_options” worden uitgesloten van bounces.

Or, Allow a Specific Number of Active Sessions

By default, WP Bouncer only allows one session per user.

You can use this plugin to offer bulk memberships to corporate, education, or other group-type customers via a shared login.

Use the wp_bouncer_number_simultaneous_logins filter to allow a defined number of active “sessions”.

Bekijk het recept

Gebruiksvoorbeelden voor WP Bouncer

User A logs in as “user”. Their FAKESESSID, say “SESSION_A” is stored in a WordPress option.
User B logs in as “user”. Their FAKESESSID, say “SESSION_B” is overwrites the stored WordPress option.
User A tries to load a page on your site, WP Bouncer catches them and logs them out, redirecting them to the warning message.
Gebruiker B kan gewoon op de site rondkijken… Tenzij…
User A logs in again as “user”. Their FAKESESSID, “SESSION_A_v2” is stored in the WordPress option.
Nieuwe gebruiker B zou worden uitgelogd als hij een andere pagina laadt.

Hooks en Filters

wp_bouncer_ignore_admins filter: if returning false even admins will be bounced.
wp_bouncer_redirect_url filter: can be used to change the URL redirected to after being bounced.
wp_bouncer_number_simultaneous_logins filter: can be set to limit logins to a number other than 1. 0 means unlimited logins.
wp_bouncer_login_flag: loopt vlak voor het bouncen (kan gebruikt worden om het bouncen eventueel te stoppen).
wp_bouncer_session_ids hook: used to filter session ids when saving them. Passes $session_ids, $old_session_ids (before any were removed/bounced), and the current user’s ID as parameters.
wp_bouncer_session_length hook: used to filter how long the session ids transients are set. This way, you can time the transients to expire at a specific time of day. Note that the transient is saved on every page load, so if you set it to 5 minutes, it’s going to push it out 5 minutes on every page load. You should try to set it to (the number of seconds until midnight) or something like that.

Steun de plugin auteurs

If you like this plugin, please check out Jason’s work with Stranger Studios and Paid Memberships Pro and Andrew’s work at his personal site.

Installatie

WP Bouncer installeren vanuit WordPress

Ga naar de plugins pagina in je dashboard en selecteer “Nieuwe plugin”
Search for “WP Bouncer”
Zoek deze plugin en klik op “Installeren”
Activeer “WP Bouncer” via het menu “Plugins” in WordPress

WP Bouncer handmatig installeren

Upload the wp-bouncer folder to the /wp-content/plugins/ directory
Activeer “WP Bouncer” via het menu “Plugins” in WordPress

Instellingen

There are no settings for this plugin. If you want to modify the default behavior to instead enable JavaScript checks, add the following code to your wp-config.php:

define( ‘WP_BOUNCER_HEARTBEAT_CHECK’, true );

FAQ

Ik heb iets sterks nodig om mensen ervan te weerhouden accounts te delen.: We’ve found that using a 2-Factor-Authentication scheme on your site is a good way to keep people from sharing accounts. When we tried to design an advanced version of WP-Bouncer, it was basically 2FA. So try that.

Beoordelingen

mosotws 25 augustus 2020 2 reacties

До меня уже писал joefoe 02.02.2018 love the concept behind this plugin, but it doesn't seem to do what I expected it to do judging by the description, which is to remove one user from accessing a page when the another is accessing it. I'm using Woo and Groups plugins to restrict access to content pages. With this plugin, both users are able to access the page and everything on it at the same time (downloads, movies, discussions). The "bouncing" action seems to only occur when trying to access my-account, but the rest of the site seems untouched. So it kind of works on WP 4.9.2 I guess... but not in the way I hoped. It might be due to my membership setup... it's not exactly vanilla. I Googled and found a few lines of code for functions.php that only allow one user to be logged in per account... very simple and ultralight, and it instantly logs out the other user when a new user logs on. No real need for a plugin. У меня ситуация полностью идентичная, я ожидал, что плагин заблокирует вход в учётную запись со второго устройства. По факту же он не блокирует параллельного входа и купив одну учётную запись, группа людей сможет ею пользоваться и получать доступ к материалам с платным доступом. К плагину описание вводящее в заблуждение. Если кто-то знает как решить проблему таким же путём как это сделал автор цитируемого мною комментария - отзвитесь.

Ilham W. Ramadhani 29 januari 2019

This is the best plugin i have !! Thank you very much o developer, its a cool work !

joefoe 2 februari 2018

love the concept behind this plugin, but it doesn't seem to do what I expected it to do judging by the description, which is to remove one user from accessing a page when the another is accessing it. I'm using Woo and Groups plugins to restrict access to content pages. With this plugin, both users are able to access the page and everything on it at the same time (downloads, movies, discussions). The "bouncing" action seems to only occur when trying to access my-account, but the rest of the site seems untouched. So it kind of works on WP 4.9.2 I guess... but not in the way I hoped. It might be due to my membership setup... it's not exactly vanilla. I Googled and found a few lines of code for functions.php that only allow one user to be logged in per account... very simple and ultralight, and it instantly logs out the other user when a new user logs on. No real need for a plugin.

Snaggers 22 juli 2017

Hi, Just like to say this is a great plugin and is a real asset for people who run membership sites. Stops members abusing a site by sharing their login details with friends. I have just one suggestion for a future release. It would be great if there was a log file or similar where admins could see in detail which users were being kicked off by WP Bouncer and when. Thanks guys, Andrew

29 juni 2017

Plugin doesn't do anything at WP 4.8. Doesn't break the site, doesn't bounce duplicate logins... Nothing.

jinnahdorothy 1 maart 2017

Thank you!!! Keep it going

Lees alle 9 beoordelingen

Bijdragers & ontwikkelaars

“WP Bouncer – Limit Simultaneous Logins” is open source software. De volgende personen hebben bijgedragen aan deze plugin.

“WP Bouncer – Limit Simultaneous Logins” is vertaald in 2 talen. Dank voor de vertalers voor hun bijdragen.

Vertaal “WP Bouncer – Limit Simultaneous Logins” naar jouw taal.

Interesse in ontwikkeling?

Bekijk de code, haal de SVN repository op, of abonneer je op het ontwikkellog via RSS.

Changelog

1.5.1 – 2023-01-30

ENHANCEMENT: Added filter wp_bouncer_ajax_timeout to adjust timeout (default 5000).
VERBETERING: ondersteuning voor vertalingen toegevoegd.
BUG FIX: Removed unused login warning file and screenshot from the SVN repository that is not used in this plugin.
BUG OPLOSSING: opgeloste verkeerd gespelde constante voor plugin versie en gebruik in JS bestand laden.

1.5 – 2021-06-02

VERBETERING: het bestand login-warning.php verwijderd. In plaats daarvan verwijzen we door naar de wp-login.php pagina en tonen we een bericht.
BUG OPLOSSING: URL’s aangepast naar https en metatags aangepast naar noindex/nofollow.

1.4.1 – 2020-01-01

BUG OPLOSSING: opgelost probleem waarbij gebruikers niet werden omgeleid naar de waarschuwingspagina wanneer ze waren uitgelogd.

1.4 – 2019-01-16

BUG OPLOSSING: opgelost probleem met hoe dingen werden opgeslagen in transients. (Bedankt, zackdn op gitHub)
FEATURE: Added JavaScript to bounce users in case the PHP bouncer is not running (e.g. when using page caching). To enable this, add define( 'WP_BOUNCER_HEARTBEAT_CHECK', true ); to your wp-config.php (without the backticks).

1.3.1

Een typfout opgelost.
Getest tot WP 4.8

1.3

Added a user action link (hover over a user on the users.php page in the dashboard) to reset all sessions for a user.
Added wp_bouncer_session_ids hook to filter session ids when saving them. Passes $session_ids, $old_session_ids (before any were removed/bounced), and the current user’s ID as parameters.
Added wp_bouncer_session_length hook to filter how long the session ids transients are set. This way, you can time the transients to expire at a specific time of day. Note that the transient is saved on every page load, so if you set it to 5 minutes, it’s going to push it out 5 minutes on every page load. You should try to set it to (the number of seconds until midnight) or something like that.

1.2

Enkele typefouten opgelost in de variabelen gebruikt om de sessie-id’s te genereren.
The fakesessid_{user_login} transients are now storing arrays of session ids. This allowed for multiple (but limited) sessions per user if wanted.
Toegevoegd wp_bouncer_ignore_admins filter, indien deze false retourneert worden zelfs beheers gebounced.
Added wp_bouncer_redirect_url filter, which can be used to change the URL redirected to after being bounced.
Added wp_bouncer_number_simultaneous_logins filter, which can be set to limit logins to a number other than 1. 0 means unlimited logins.
Added wp_bouncer_login_flag in case you want to hook in and do something right before bouncing (or potentially stop the bouncing).

1.1

Admin accounts (specifically users with “manage_options” capability) are excluded from bounces. This will eventually be a setting once we setup a settings page.
Readme veranderingen.

1.0.1

Opgeloste bug met hoe transiënten werden ingesteld en gekregen.
Removed code in track_login that made sure you were logging in from login page. This will allow wp bouncer to kick in when logging in via wp_signon, etc.
Moved redirect url to a class property. Will eventually add a settings page for this and any other setting/configuration value.

1.0

Eerste uitgave!

Не блокирует параллельный вход в систему

Great Work !

limited function on 4.9.2, sadly

Great Plugin

Doesn’t work at 4.8

Very useful and it works right!