Get 25% off any hosting plan at Hostgator. Use coupon code wphosting9 at Hostgator checkout
How to force all WordPress Users to Relogin
It may be necessary, for a variety of reasons, to force all your WordPress.org users to relogin without changing the password/passwords. A WordPress users login details are kept in a cookie stored on their PC, iPad, Apple Mac etc. and therefore we need to invalidate their cookies in order to force the cookies to be recreated and for the user to login when next visiting your Website.
Fortunately WordPress provides a very simple means of invalidating existing cookies. Here is how to force all users to relogin:
1. Open the wp-config.php file on your Host so that you may edit it (use notepad, notepad++ or similar)
2. Go to the section that looks like the following:
/**
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);
define(‘AUTH_SALT’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
define(‘LOGGED_IN_SALT’, ‘put your unique phrase here’);
define(‘NONCE_SALT’, ‘put your unique phrase here’);
/**
3. In your Internet Browser (Firefox, Chrome, Internet Explorer, Opera etc.) go to https://api.wordpress.org/secret-key/1.1/salt/ . You’ll see that a set of values that looks like the below has been generated (it won’t look exactly the same as below as each time the URL is visited, a unique set of values is shown):
define(‘AUTH_KEY’, ‘Mx5osjW`6K-96^AHABvmVr9l6.N}~.X#grH]{kZuS(‘);
define(‘SECURE_AUTH_KEY’, ‘GItBZ)Q$,c@tYRnv~s[&,E`i4T_=:hupl>|<|x7+Cw');
define('LOGGED_IN_KEY', 'FP&M&Mt:A$[b_{N/q+KVaNRM+mp%<v%[)21K$ECy3K');
define('NONCE_KEY', 'Q)o9M{[k?5tFz^q?`!MLcRrx)IAv58:=A_;$W,@feD');
define('AUTH_SALT', '+9Af6Xv+5 h{moT?Go E{_$>=%nn%xa!hZ~i9-1AVr');
define('SECURE_AUTH_SALT', 'M9c8%gy#*GAZm8TLW5 MA|+eIS2~|:N0cHEL)[_1fn');
define('LOGGED_IN_SALT', 'bcIJ[VGl]b7pAV=c`6I&B;a82&ov{5|7GBdMdqrjCt’);
define(‘NONCE_SALT’, ‘bQwO[t{$#,9!Q&se)M1&iHF*nF2c$El+)zGe*KkFYO');
4. Copy the text that has been generated in your Browser (from https://api.wordpress.org/secret-key/1.1/salt/).
5. Go to notepad or wherever you have wp-config.php open; delete the text as below from wp-config.php and paste the new codes where you deleted the text as below:
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
6. Save changes to wp-config.php.
You’ll notice that when you visit your WordPress login details will not longer be stored and will need to be entered afresh.
2 Responses to “How to force all WordPress Users to Relogin”
Leave a Reply
Get a WordPress Website help
I have done this like explained…but even when I restart my browser I am still logged in.
Logged into a ‘password protected’ page that is.
How do I create a ‘log off’ button that works?
I have searched everywhere and hoped this article would get me in the right direction, but it didn’t.
Help please!
Now it’s there again..?
Sorry…