In this tutorial, you will learn how to log out of your WordPress site securely.
Normally, you would just exit your site by typing in a different URL into your web browser, or by closing your web browser altogether without logging out. This works fine if you are working on your website on your own computer in a secure environment.
If you’re working on a shared or public computer or in an unsecured space, however, this could compromise your site’s security. Someone could access your account, get into your admin area and wreak havoc just by viewing your browser history.
To avoid leaving your account unprotected and your site exposed to tampering or hijacking, it’s best to log off when you are done working on your site.
This step-by-step tutorial shows you how to log out of WordPress and some additional ways to enhance the logout feature.
Note: When you log into your WordPress site, a “cookie” is stored in your web browser. This cookie allows WordPress to remember who you are. If you leave your site for a while and come back later, WordPress will recognize the cookie and you will not be asked to log in again.
Important: The cookie cannot tell WordPress who is actually logged into your site. If a cookie has been set in your web browser, anyone using your computer can access your admin section.
To prevent this from happening (especially when using a public or shared computer) clicking on the Log Out link will delete the cookie from your web browser. To reset the cookie just log into your WordPress site again.
Also, while you remain logged into your site’s admin area, you could be sending multiple requests to your server, depending on what kind of plugins you have installed and if you have left one or more of your post or page editing screens open (this is largely due to the WordPress autosave feature).
Leaving your computer unattended with your site open sending our frequent requests can use up server resources over the course of a day, especially if your site is hosted on a shared server. For this reason, it is also recommended that you log out of your admin area if you’re not actively working on your site.
How To End Your Session And Log Out Of WordPress
At the top of your screen on the far right-hand side of the admin toolbar is the “Howdy, User” section with your Gravatar image.
Hover over this section with your mouse and it will expand to display your name and username, with links pointing to your Profile Screen and a ‘Log Out’ link.
Click on the ‘Log Out’ link to terminate your session and log out of your WordPress site.
You will be logged out of WordPress.
How To Log Out Of All Other User Sessions In WordPress
As an added security measure, WordPress lets you log out of all current sessions except your current browser session. This is useful if, for example, you’ve left your account logged in at a public computer or if you’ve lost or misplaced your phone.
To log out of all sessions, go to the “Howdy, User Name” section and click on Edit My Profile. (Note: you can also get there by going to Users > Your Profile).
Click on the Log Out of All Other Sessions button.
You will be logged out everywhere else, except for your existing browser session.
Extending Log Out Options With WordPress Plugins
Here are some plugins you can use to extend your site’s logout functions:
If you do any banking or shopping online, you may have noticed that an “expired session” message will display on your web browser if you leave your computer unattended for a while.
Sites that offer online banking, credit card payments or financial services generally log out users after a certain period of inactivity because inactive users pose a security threat to online accounts. Someone could hijack the session and access the user’s account and financial details.
WordPress lets you do the same. You can automatically log out all inactive users on your site by installing this plugin.
This is not the same as the default WordPress “Session Expired” notice that users will sometimes get when working on their site …
The Inactive Logout plugin allows you to specify how long a user can be inactive on your site before their session is automatically expired.
To install the plugin, go to your WordPress admin dashboard’s ‘Add Plugins’ screen (Plugins > Add New), type in “inactive logout” in the keyword search field, then click the ‘Install Now’ and ‘Activate’ buttons.
After activating the plugin, go to the plugin’s settings menu (Settings > Inactive Logout) to configure it.
The plugin lets you configure and customize a number of settings, including:
- Idle Timeout: Specify how long (in minutes) users can be idle before being logged out.
- Idle Message Content: Enter a custom message that users will see when the idle timeout screen displays.
- Popup Background – Fill the background with a color or display the logout message over a transparent background.
- Disable Timeout Countdown: Select this option to give users an opportunity to continue their session after being inactive for the period of time specified in your Idle Timeout settings. Users are given 10 seconds to continue their session or logout.
With this plugin, you can also:
- Customize and display a warning message only
- Give users the option to continue working without logging them out
- Redirect them to specific pages on your site or a custom URL after logging them out.
Tip: To test your plugin’s settings while you continue working on your site, open up a private browser session (in incognito mode), navigate to your site, and let the inactive period transpire.
Log into your WordPress site in ‘incognito’ mode and let your current session go inactive for the period of time you’ve specified in your settings.
Depending on the settings you choose, you will either see a ‘Session Timeout’ warning giving you the option to stay signed in or get logged off.
You will be automatically logged out after the specified period of inactivity has transpired.
To learn more about this plugin, go here: Inactive Logout
Users can log out immediately after viewing your private content. You can also add an optional alert message informing users that they have logged out.
To learn more about this plugin, go here: Protected Posts Logout Button
This plugin replaces the default WordPress meta widget with a custom widget that displays either a “login” or “logout” link and additional information depending on whether your users are logged in or out of your site.
To learn more about this plugin, go here: Login-Logout
Congratulations! Now you know how to log out of your WordPress site. Hopefully, this tutorial has also shown you that you can extend the functionality of the WordPress logout feature using plugins to do things like:
- Configure the idle timeout so any unattended idle WordPress user sessions will be terminated automatically;
- Display a custom message to idle user sessions alerting them that their session is about to end;
- Display or disable a ‘timeout’ countdown with a warning message;
- And more.
If you need any help, please feel free to get in touch.
We are not affiliated, associated, sponsored, or endorsed by WordPress or its parent company Automattic. This site contains affiliate links to products. We may receive a commission for purchases made through these links.