Forcing all users to log out of WordPress can be crucial if you suspect your site might be hacked or if you need users to log in again for security reasons.
Unfortunately, WordPress doesn’t provide a built-in option to do this, so we’ll need to give you some code that adds the functionality you need.
In this article, we will guide you on how to easily force a logout for all users in WordPress, allowing you to enhance your site’s security and manage user sessions more effectively.
Why Force All Users in WordPress to Log Out?
If you run a WordPress membership site or an LMS plugin and you need all logged-in users to re-login, then this tutorial is for you.
You may want to do this for different reasons.
For example, if you suspect that your WordPress website is hacked, then forcing users to log out will allow you to properly clean up your hacked WordPress site.
Or if you are using a membership or pay-per-view site and fear that users may be sharing their passwords to access content, then this method will come in handy. After logging them out, you can stop them from sharing passwords.
Another scenario is when you use a public computer or WiFi without using a VPN service. If you’re not sure that you properly logged out, then this method will end all logged-in user sessions.
That being said, let’s take a look at how to easily log out all users in WordPress.
How to Force All WordPress Users to Log Out
For this tutorial, you will be editing wp-config.php, which is a WordPress configuration file. We highly recommend that you back up your wp-config.php file before making any changes to it.
First, you will need to connect to your website using FTP or via File Manager in cPanel. Once connected, you will find the wp-config.php file in your site’s root folder.
You can right-click and select edit to open the file in a text editor.
Inside your wp-config.php file you will find a code block that would look something like this:
define('AUTH_KEY', 'K2#m<|[UO==4Nv c+Ox+^]NH.H*6DmQRJntnj|SwKg)>,>O-z/IeRr?>5lmx`Hf:');
define('SECURE_AUTH_KEY', '-Qf(}6G(zB`(D*)]fe;iEw?M]PU>BY:$Ni6]~mYCfZ68l_M@R<5E_ICbPUVk.Vf@');
define('LOGGED_IN_KEY', '6R6:bur.^!Q1K-/H!$]A$g3JaaO]r|B&zu~{-*})|+C|<V,^c|f^vlhp$urvTr7>');
define('NONCE_KEY', 'LM7}+||^qoISh4#q_ ST%#x0vke+TQD(^$W{lVQ_TyV!%,N++H)4+>uSZl6Z%W[3');
define('AUTH_SALT', 'PpS;19y?W31AY@:=,RC;&0kkNXNkP -v=Lr;ghGft:?WV5vA-lje|h{A19Tfzq$[');
define('SECURE_AUTH_SALT', '+H.u}x4u<6-^HY+<?oRkZ{9T)E_)rR+uy.3Rpm*Z&S|UUO|5Wh6cn9.2pq+o4P[M');
define('LOGGED_IN_SALT', 'I{uT;rv5S`JRRs}=1+Ls_3YMDR^;|U[&x^Oy!yg2-:BO%|0W@c-n|SY8D3zo7-8-');
define('NONCE_SALT', ':0Y`/h3JhwMRNCj~z[1}N@5QKp0|-s4C+XR~/-q6PfZ&Q.qFY5-]qS|L,CNbv>/z');
It’s possible that each of these lines just has ‘put your unique phrase here’ as the second parameter.
These lines are called authentication keys and salts. To learn more about them see our guide on WordPress security keys.
Next, you need to visit the WordPress Salts generator page. This page randomly creates new key strings that you can use in your wp-config.php file.
You need to replace your existing keys with the new ones that you just generated. Once done, make sure to save your changes and upload your wp-config.php file back to the server.
Changing the salts will automatically log everyone out of your website, forcing them to re-login.
Improving Password Security for All Users on Your WordPress Site
If you run a membership website or allow users to register on your site, then users are likely to use easy-to-remember and weak passwords.
Weak passwords are easy to crack and pose a security challenge for your website.
If you suspect that your website is hacked, then you may want to safely reset passwords for all users on your WordPress site. This will allow them to generate new passwords for their user accounts.
However, users can still use the same password that they had before. To avoid this from happening again, you can enforce strong passwords for all users on your WordPress site.
One of the most common questions we get whenever we recommend using strong passwords is how to remember all those difficult passwords.
The answer is simple, you don’t need to. There are apps available that can manage passwords for you. See our guide on how to manage WordPress passwords for more on this topic.
We hope this article helped you learn how to force logout all users in WordPress. You may also want to see our complete step-by-step WordPress security guide for beginners and our expert pick of the best YouTube video gallery plugins for WordPress.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Jiří Vaněk
I tried changing the keys in the wp-config.php file, but as soon as I saved the file, WordPress gave me an error regarding the MySQL login. Where could the problem be?
WPBeginner Support
If you have a backup of your wp-config file, ensure you only deleted the salt keys and not other settings in your file.
Admin
Jiří Vaněk
Yes, I restored the file from the backup and tried two more times. On the third attempt, I succeeded, but I don’t know where the problem was. As you mentioned, I probably deleted an extra part of the code, but I was not aware of it at all. Thank you for the advice.
Evan
Tried this and it after changing the salt key, WP promoted me to reinstall, set up DB. Et.
WPBeginner Support
Hi Evan,
Most likely reason for this is that WordPress couldn’t find your wp-config.php file. Please make sure that you have uploaded your wp-config.php file in the root folder of your website.
Admin