Do you want to force log out all users in WordPress? If you suspect that your WordPress may be hacked or you simply need to get users back in, then there is no default option to do so in WordPress. In this article, we will show you how to easily force log out all users in WordPress.
If you run a WordPress membership site or LMS plugin, and need to get all logged in users back in, this tutorial is for you.
You may want to do this for different reasons. For example, if you suspect your WordPress site is hacked, force logging out will allow you to properly clean up your hacked WordPress site.
Next, if you're using a pay-per-view or membership site and you're worried about users sharing their passwords to access content, this method will come in handy. After you disconnect them, you can prevent them from sharing passwords.
Another scenario is when you use a public computer or WiFi without using a VPN service. If you are not sure if you have successfully logged out, this method will end all logged in sessions.
With that said, let's take a look at how to easily log out all users in WordPress.
For this tutorial, you will edit a WP configuration file called wp-config.php. We recommend that you make a backup of your wp-config.php file before making any changes to it.
You will first need to connect to your website via FTP or via the File Manager in cPanel. Once connected, you will find the wp-config.php file in the root folder of your site.
You can right click and select edit to open the file in a text editor.
Inside your wp-config.php file you will find a block of code that would look like this:
define ('AUTH_KEY', 'K2 # m,> O-z / IeRr?> 5lmx'Hf:'); define ('SECURE_AUTH_KEY', '-Qf ( 6G (zB' (D *)] fe; iEw? M] PU> BY: $ Ni6] ~ mYCfZ68l_M @ RuSZl6Z% W [3 '); define ('AUTH_SALT', 'PpS; 19y? W31AY @: =, RC; & 0kkNXNkP -v = Lr; ghGft:? WV5vA-lje | h A19Tfzq $ ['); define ('SECURE_AUTH_SALT', '+ H.u x4u<6-^HY+/z');
It is also possible that each of these lines has 'put your unique phrase here' as the second parameter.
These lines are called authentication keys and salts. To learn more about them, check out our guide on WordPress security keys.
Next, you need to visit the WordPress salt generator page. This page randomly creates new key strings that you can use in your wp-config.php file.
You need to replace your existing keys with the new ones you just generated. Once done, make sure to save your changes and upload your wp-config.php file back to the server.
Changing the salts will automatically log all users out of your website, forcing them to log back in.
If you run a membership website or allow users to sign up for your site, users are likely using easy-to-remember and weak passwords.
Weak passwords are easy to crack and pose a security challenge to your website.
If you suspect your website is hacked, you may want to securely reset passwords for all users on your WordPress site. This will allow them to generate new passwords for their accounts.
However, users can still use the same password they had before. To prevent this from happening again, you can enforce strong passwords for all users on your WordPress site.
One of the most common questions we get when we recommend using strong passwords is how to remember all those difficult passwords?
The answer is simple, it is not necessary. There are apps available that can manage passwords for you. Check out our guide on how to manage WordPress passwords for more information on this topic.
We hope this article helped you learn how to force log out all users in WordPress. You can also view our complete step-by-step WordPress security guide for beginners.
If you enjoyed this article, please subscribe to our WordPress YouTube Channel video tutorials. You can also find us on Twitter and Facebook.