How to Force Logout All Users from WordPress Site

Last modified on October 11th, 2018 by Vincy.

In a multi-user WordPress site, some scenarios make the administrator to Force log out all users. This bulk action will clear the logged in session and cookies and let the WordPress user re-login to the site.

But, there are some scenarios in which we need our WordPress users to log out and log in back to the site. In this tutorial, let us see what are all those possible scenarios that force users to log out. Also, we will see how to force all logged in users to log out by using various methods.

how to force logout all site users in wordpress

Possible Scenarios to Force Logout All Users from WordPress Site

  1. If you add some changes to the WordPress login panel to get more input from the user.
  2. If you insert any intermediate step to the authentication flow like 2-step authentication.
  3. If you plugged in add-on with email validation or phone number verification for the newly logged in users.
  4. If you suspect malfunctions randomly occur by compromising user accounts.

The above list of items shows the example cases that require us to force logout all users from WordPress.

Causes of Forcing Bulk Log Out in WordPress

If you force log out all users suddenly from your multi-user WordPress environment it will affect a volume of people. It will make them feel frustrating to accustom with the sudden unexpected state clearance action that occurs.

It will be appropriate if you give proper notification to your users before doing this in your WordPress site.

Sometimes this change will cause an impact on the WordPress settings while logout by resetting the login authentication configurations.

Taking backup will be the remedy of being lost from the impact on the changes made in WordPress configuration. The backup will be used to revert the WordPress site back to form. 

Methods to Force Log Out All WordPress Site Users

In this WordPress article, I have listed two ways of doing Bulk Logoff to forcibly log out all users in WordPress.

  1. By using Force Reauthentication WordPress plugin.
  2. By updating authentication keys in WordPress config.

Among the above two methods for logging out all users in WordPress, I prefer to use the second method. Because the Force Reauthentication plugin has not been updated in recent days.

Note: By using the second method also it is not advisable to make any sudden change on user’s logged in status without proper notification.

1) Logout WordPress Users by using Force Reauthentication plugin Bulk Action

The Force Reauthentication plugin is a free WordPress plugin and has more than 500 active installations. As I already told that this plugin is not updated in recent years and the last updated date was 6 years before.

Note: I left the research about the plugin compatibility and usability to you before using it.

In this section, I have added the screenshot of the logged-in user management interface with single-user and multi-user Log Out option.

User List with Logout Link

By installing and activating this WordPress plugin, the user list page will have a Log Out link for each user record. Also, the Bulk Action drop-down will have the Log Out option. 

The Log Out link in each user record will log out the corresponding user. Check all users and apply bulk log out action to log off all users.

Sometimes, the bulk logout option will not be shown because of the lack of compatibility with the latest WordPress version.

2) Force Logout All Users by Updating WordPress Authentication keys

In this method, we need to change the WordPress config file to update the authentication keys. Before that, make sure that you have the privilege to modify WordPress configuration. If you are unable to access the cPanel or FTP to manage files then use the above method to force user logout.

Open the wp-config file in edit mode via FTP or cPanel->File Manager. This file will contain a code block defining authentication keys and salt. This block will look like the following code snippet. 

define('AUTH_KEY',         'AUTH KEY');
define('SECURE_AUTH_KEY',  'SECURE AUTH KEY');
define('LOGGED_IN_KEY',    'LOGGED IN KEY');
define('NONCE_KEY',        'NOICE KEY');
define('AUTH_SALT',        'AUTH SALT');
define('SECURE_AUTH_SALT', 'SECURE AUTH SALT');
define('LOGGED_IN_SALT',   'LOGGED IN SALT');
define('NONCE_SALT',       'NOICE SALT);

These authentication keys and salt can be regenerated by using the WordPress.org secret-key service. The API URL to access the secret-key service is https://api.wordpress.org/secret-key/1.1/salt/

By accessing this URL, we can get the code with the new authentication keys and salt definition. At the moment in which we have changed the key and salt in the wp-config.php, then the existing cookies will be cleared and it will force logout all users. 

Conclusion

Thus, we have learned how to force all WordPress site users to log out. The methods discussed in this article will take little time to implement.

Above all, forcing logout WordPress site users is not an advisable administrative practice. Though admin is an upper hand and has all privileges over the site, force log out all of a sudden by resetting cookies will create discomfort to the users. Unless otherwise, it is vital to force to log out, this should not have happened.

↑ Back to Top

Share this Article