Dotlayer
  • News
  • Startups
  • Tutorials
  • SEO
  • Marketing
  • Interviews
No Result
View All Result
Dotlayer
  • News
  • Startups
  • Tutorials
  • SEO
  • Marketing
  • Interviews
No Result
View All Result
Dotlayer
No Result
View All Result

How to Properly Force Logout for All Users in WordPress

January 23, 2018
in Tutorials
0 0
Share on FacebookShare on Twitter

Every now and then, there is usually a need to log out all users of your WordPress website. There are a number of reasons why you may need to have all users logged out.

One of the primary reason might be to fixed a hacked or compromised WordPress website. If your website is hacked using a brute-force email attack, it might necessary to force all users out and them force them to log in again. If this is a situation that you find yourself in then this tutorial is for you.

The above scenario is just one of the instances that we need to make sure we have a clean slate for fixing a hacked website. There are plenty other reasons why you would want to log out all users of your website.

Understanding how WordPress User Login System Works

In this section, we will be going over briefly how the login system for WordPress works. We will just be doing a very high-level concept of how users are logged in and how they stay logged in.

WordPress, like any traditional LAMP – Linux Apache, MySQL and PHP application, uses HTTP sessions to maintain state. What this means is that since HTTP is stateless, the application needs a way to identify the user’s active interactions with the website.

As such, for every user, once they are logged in, a unique cookie is used to identify a users session. To make it possible to identify users, and actions on the website, every request the users make to the server contain a cookie which is used to identify the user.

On the server side, the PHP code utilizes a combination of encryption logic to decode the cookie and identify the user session. One of the parameters that the code uses is what is called an encryption salt! This allows as to form unique keys for our users.

Resetting the WordPress Salt to Force logout

As described above, since WordPress uses a salt to help hash, encrypt and decrypt the cookie, changing the value of the salt instantly invalidates all existing session with the website, making it required to log into the website.

To change this, you need to visit the wp-config.php and identify the lines that look like the snippet below:

define('AUTH_KEY',         'K2#m<|[UO==4Nv c+Ox+^NH.H*6DmQRJntnj|SwKg)>,>O-z/IeRr?>5lmx`Hf:');
define('SECURE_AUTH_KEY',  '-Qf(}6G(zB`(D*)]fe;iEwM]PU>BY:$Ni6][email protected]<[email protected]');
define('LOGGED_IN_KEY',    '6R6:bur.^!Q1K-/H!$]A$3JaaO]r|B&zu~{-*})|+C|');
define('NONCE_KEY',        'LM7}+||^qoISh4#q_ ST%x0vke+TQD(^$W{lVQ_TyV!%,N++H)4+>uSZl6Z%W[3');
define('AUTH_SALT',        'PpS;[email protected]:=,RC;&kkNXNkP -v=Lr;ghGft:?WV5vA-lje|h{A19Tfzq$[');
define('SECURE_AUTH_SALT', '+H.u}x4u<6-^HY+/z');

We fetch a new version of all these hash keys from the following URL: https://api.wordpress.org/secret-key/1.1/salt/

At this point, you just need to replace the values of the fields in the wp-config.php with the values displayed on the website. Once this is accomplished, all existing cookies which are used to identify logged in users on your WordPress site will be immediately invalidated causing users to log in.

Viola! We hope you have enjoyed reading this article about how to forcefully log out all users from your website. If you have every needed to perform this action on the website, let us know your experience with it.

ShareTweetPin
Previous Post

How to Properly Turn Off Google AMP on WordPress Without Losing Traffic and SEO Ranking

Next Post

How to Set Up and Manage the Ads.txt For WordPress

Next Post

How to Set Up and Manage the Ads.txt For WordPress

You might also like

Mint Linux vs Ubuntu: Which is Right For You?

Mint Linux vs Ubuntu: Which is Right For You?

March 12, 2022
Net Neutrality: What is it and Why Should You Care?

Net Neutrality: What is it and Why Should You Care?

March 12, 2022
Solid State Drives – Why You Should Buy One Today

Solid State Drives – Why You Should Buy One Today

March 12, 2022

Machine Learning Algorithms Every Beginner Should Know

January 25, 2022
What Is the log4j Vulnerability, log4shell, an Example Step-By-Step Exploit and How to Fixed It

What Is the log4j Vulnerability, log4shell, an Example Step-By-Step Exploit and How to Fixed It

December 11, 2021
Simple Video Call integration into Website with Jitsi

Simple Video Call integration into Website with Jitsi

May 26, 2020
  • Terms of Service
  • Privacy Policy
  • Careers

© 2021 Dotlayer.com

No Result
View All Result
  • About Us
  • Advertise
  • Blog
  • Careers
  • Contact
  • Contact Us
  • Get Featured
  • Home Layout 1
  • Home Layout 2
  • Home Layout 3
  • Privacy Policy
  • Security
  • Services
  • Subscribe To Dotlayer
  • Terms of Service
  • Write For Us

© 2021 Dotlayer.com

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In