Jobayer HossanFull-Stack Developer
Start a Project

Blog

How to Automatically Log Out Idle Users in WordPress

Why Log Out Idle Users Automatically? Leaving the admin dashboard open on an unattended device is a security risk. Whether you’re running a blog, WooCommerce store, or member

How to Automatically Log Out Idle Users in WordPress

Why Log Out Idle Users Automatically?

Leaving the admin dashboard open on an unattended device is a security risk. Whether you’re running a blog, WooCommerce store, or membership site — it’s smart to log out idle users after a period of inactivity.

Let’s explore how to set up automatic session timeouts in WordPress using both plugin and code methods.

Method 1: Use a Plugin (Simple and Beginner-Friendly)

✅ Recommended Plugin: Inactive Logout

This plugin allows you to:

  • Set idle timeout duration (in minutes)
  • Show a custom warning message before logout
  • Exclude specific user roles
  • Redirect users to a custom URL after logout

Steps:

  1. Install and activate Inactive Logout plugin
  2. Go to Settings → Inactive Logout
  3. Set the timeout duration (e.g., 10 minutes)
  4. Configure warning and redirection options
  5. Save changes

Method 2: Add Custom Code (Lightweight + No Plugin)

You can also implement this manually using JavaScript + PHP:

Step 1: Enqueue Idle Timer Script


// functions.php
function enqueue_idle_logout_script() {
  if (is_user_logged_in()) {
    wp_enqueue_script('idle-logout', get_template_directory_uri() . '/js/idle-logout.js', array('jquery'), null, true);
    wp_localize_script('idle-logout', 'logoutSettings', array(
      'logoutURL' => wp_logout_url(home_url()),
      'timeout'   => 900000 // 15 minutes in milliseconds
    ));
  }
}
add_action('wp_enqueue_scripts', 'enqueue_idle_logout_script');

Step 2: Create JS File (idle-logout.js)


let timer;
function resetTimer() {
  clearTimeout(timer);
  timer = setTimeout(() => {
    window.location.href = logoutSettings.logoutURL;
  }, logoutSettings.timeout);
}

['click', 'mousemove', 'keydown', 'scroll', 'touchstart'].forEach(evt => {
  document.addEventListener(evt, resetTimer, false);
});

resetTimer();

💡 Place this file inside your theme’s /js/ directory.

Optional Enhancements

  • Show a countdown timer or warning popup before logout
  • Apply different timeouts based on user role using current_user_can()
  • Trigger email or admin notifications for inactive users

Conclusion

Automatically logging out idle users protects your WordPress site from potential security threats, especially when devices are shared or left unattended. Whether you go with a plugin or a custom script, it’s a small tweak that offers big peace of mind.

Back to all articles