How to Force Logout All Users in WordPress

How To Force Logout All Users In WordPress

Do you want to force logout all users in WordPress? If you suspect that your WordPress may be hacked or just need users to login again, then there is no default option to do that in WordPress. In this article, we will show you how to easily force logout all users in WordPress.

Why and When You May Want to Force Log out All Users in WordPress?

If you run a WordPress membership site or an LMS plugin, and you need all logged in users to re-login, then this tutorial is for you.

You may want to do this for different reasons. For example, if you suspect that your WordPress site is hacked, then forcing logout will allow you to properly clean up your hacked WordPress site.

Next, if you are using a membership or pay per view site and fear that users may be sharing their passwords to access content, then this method will come in handy. After logging them out, you can stop them from sharing passwords.

Another scenario is that when you use a public computer or WiFi without using a VPN service. If you are not sure that you properly logged out, then this method will end all logged in sessions.

That being said, let’s take a look at how to easily logout all users in WordPress.

Force Log Out All WordPress Users

For this tutorial, you will be editing WP Config file called wp-config.php. We highly recommend that you backup your wp-config.php file before making any changes to it.

First you will need to connect to your website using FTP or via File Manager in cPanel. Once connected, you will find the wp-config.php file in your site’s root folder.

You can right click and select edit to open the file in a text editor.

Inside your wp-config.php file you will find a code block that would look like this:

define('AUTH_KEY',         'K2#m<|[UO==4Nv c+Ox+^]NH.H*6DmQRJntnj|SwKg)>,>O-z/IeRr?>5lmx`Hf:');
define('SECURE_AUTH_KEY',  '-Qf(}6G(zB`(D*)]fe;iEw?M]PU>BY:$Ni6]~mYCfZ68l_M@R<5E_ICbPUVk.Vf@');
define('LOGGED_IN_KEY',    '6R6:bur.^!Q1K-/H!$]A$g3JaaO]r|B&zu~{-*})|+C|<V,^c|f^vlhp$urvTr7>');
define('NONCE_KEY',        'LM7}+||^qoISh4#q_ ST%#x0vke+TQD(^$W{lVQ_TyV!%,N++H)4+>uSZl6Z%W[3');
define('AUTH_SALT',        'PpS;19y?W31AY@:=,RC;&0kkNXNkP -v=Lr;ghGft:?WV5vA-lje|h{A19Tfzq$[');
define('SECURE_AUTH_SALT', '+H.u}x4u<6-^HY+<?oRkZ{9T)E_)rR+uy.3Rpm*Z&S|UUO|5Wh6cn9.2pq+o4P[M');
define('LOGGED_IN_SALT',   'I{uT;rv5S`JRRs}=1+Ls_3YMDR^;|U[&x^Oy!yg2-:BO%|0W@c-n|SY8D3zo7-8-');
define('NONCE_SALT',       ':0Y`/h4JhwMRNCj~z[1}N@5QKp0|-s4C+XR~/-q6PfZ&Q.qFY5-]qS|L,CNbv>/z');

It is also possible that each of these lines just have ‘put your unique phrase here’ as the second parameter.

These lines are called authentication keys and salts. To learn more about them see our guide on WordPress security keys.

Next, you need to visit the WordPress Salts generator page. This page randomly creates new key strings that you can use in your wp-config.php file.

Generating WordPress security keys

You need to replace your existing keys with the new ones that you just generated. Once done, make sure to save your changes and upload your wp-config.php file back to the server.

Changing the salts will automatically log everyone out of your website, forcing them to relogin.

Improving Password Security for All Users on Your WordPress Site

If you run a membership website or allow users to register on your site, then users are likely to use easy to remember and weak passwords.

Weak passwords are easy to crack and pose a security challenge for your website.

If you suspect that your website is hacked, then you may want to safely reset passwords for all users on your WordPress site. This will allow them to generate new passwords for their accounts.

However, users can still use the same password that they had before. To avoid this from happening again, you can enforce strong passwords for all users on your WordPress site.

One of the most common question we get whenever we recommend using strong passwords is how to remember all those difficult passwords?

The answer is simple, you don’t need to. There are apps available that can manage passwords for you. See our guide on how to manage WordPress passwords for more on this topic.

Post Series: Security & Privacy