User Session Management feature allows you to better control user sessions on your WordPress site and expire idle sessions and prevent account sharing. 


Let’s say you’re an administrator of a site, and you see that somehow, some way, someone else is logged into the site under your administrator username in another location – you can immediately take action against this.  Without being able to see currently active sessions, you are blind. User sessions simply give you a view on to who is on your site and where they are.

User Session Management options explanations

Option: Session Timeout

This option helps you to specify how many days after login to automatically force re-login. 

Note: WordPress default is 2 days, or 14 days if you check the "Remember Me" box.
This cannot be less than "1". Default: "2".

Option: Idle Timeout

This option helps you to specify how many hours after inactivity to automatically logout user.

Note: If the user is inactive for the number of hours specified, they will be forcefully logged out next time they return.
Set to "0" to turn off this option.

Option: Lock To Location

This option helps you to lock a user session to IP address.

Note: When selected, a session is restricted to the same IP address as when the user logged in. If a logged-in user's IP address changes, the session will be invalidated and they'll be forced to re-login to WordPress.

Option: Max Simultaneous Sessions

This option helps you to limit simultaneous sessions for the same username.

Note: The number provided here is the maximum number of simultaneous, distinct, sessions allowed for any given username.
Zero (0) will allow unlimited simultaneous sessions.

Note: You also have the ability to review user sessions.

For further reading on User Sessions, read the blog article here.