Table of Contents
If you’re a membership site owner, naturally you want users to register for accounts. But, by default, WordPress allows multiple sessions from each user account. This makes it possible for people to access your site using shared login details.
That’s why it’s a good idea to prevent account sharing on your membership site. This will protect your revenue and increase your subscriber base in the long term. There are various ways to implement this functionality. But, it’s best to use a dedicated membership plugin that handles the process for you.
In this post, we’ll take a closer look at the reasons to prevent account sharing. Then, we’ll show you how to set it up on your membership site. Let’s dive in!
Why You Should Prevent Account Sharing on Your Membership Site
There are many reasons to prevent members from sharing accounts on your membership site.
One of the most significant reasons is that it reduces the need for individuals to sign up for their own accounts. If you offer paid subscriptions, this will have a negative impact on your revenue. Plus, it prevents you from growing your subscriber base.
What’s more, if users login to the account simultaneously, it sends more requests to your WordPress website. This could potentially crash your website if your hosting plan isn’t equipped to deal with that volume of traffic. And, you might incur charges for exceeding your plan limits.
Meanwhile, this can have a drastic impact on performance. For instance, extra members logging into your site might mean that your content doesn’t load as quickly as it should. This can be frustrating for users and impact your search engine rankings.
That’s why many streaming sites put limits on the number of simultaneous streams for a single account. Plus, you’ll often find that these websites automatically log out devices if they detect the same credentials being used in different locations.
On top of this, there are security concerns associated with account sharing. If members login from shared computers and leave sessions running (or save passwords), unauthorized people can access your site. Depending on the configuration of user roles and permissions, this might give people the ability to leave malicious comments, delete content, or steal important data.
When you have a lot of users sharing login credentials, you also lose valuable information that could have been gained if users signed up for an account. For example, you would have been able to add new subscribers to a mailing list and send out email campaigns that promote your products/services.
How to Stop Members From Sharing Login Details
There are multiple ways to tackle the login credentials sharing problem.
First off, you can enable social media login which can help considerably. This gives you access to tools like Google Gmail sign in and two-factor authentication. You can also use social media services like LinkedIn, to handle user authentication.
You can also try limiting the number of sessions, MAC, or IP addresses a member can use when accessing your paid resources. Many companies often use this method, charging different prices for more devices.
For example, lots of streaming sites including Netflix and HBO have login limits to discourage members from sharing login information with family and friends. But, many of these services present options to add extra member slots, or allow you to purchase more expensive subscriptions that accommodate multiple users.
The main idea is to make it inconvenient for a member to share their password, using methods like two-factor authentication. However, if you don’t want to add extra subscription plans or enable social login options, you can prevent account sharing using Paid Member Subscriptions (more on this in the next section).
How to Prevent Account Sharing on Membership Websites (2 Steps)
Now that you know why it’s good practice to disable account sharing, let’s take a look at how to do it. As we mentioned earlier, the best method is to install a dedicated membership plugin like Paid Member Subscriptions.
Step 1: Install and Activate Paid Member Subscriptions
Paid Member Subscriptions (PMS) is a complete membership plugin that lets you set up subscription plans, configure payment options, restrict access to premium content, and much more:
Paid Member Subscriptions Pro
Accept (recurring) payments, create subscription plans and restrict content on your website. Easily setup a WordPress membership site using Paid Member Subscriptions.
Get Paid Member SubscriptionsBetter yet, you can use the free version of PMS or purchase a premium version which gives you access to advanced add-ons like global content restriction rules and navigation menu filtering. Plus, you’ll get a full year of updates and support.
But, for this tutorial, you’ll only need the free version of the PMS plugin. So, go ahead and install the plugin directly through the WordPress dashboard by going to Plugins → Add New Plugin. After that, search for the Paid Member Subscriptions plugin and click on Install Now → Activate.
Step 2: Prevent Account Sharing in the PMS Settings
Upon successful activation of the Paid Member Subscription plugin, you’re ready to configure the settings to prevent account sharing on your membership site. To do this, click on the new Paid Member Subscriptions tab in your left-hand menu.
Then, go to Settings and you’ll land in the plugin’s general settings tab. Here, scroll down to the section that’s labelled Optimize the Login and Registration Flow for Your Members:
All you have to do is toggle the Prevent Account Sharing button to enable this feature.
This stops users from being logged in from multiple places at the same time. Meanwhile, if the current user’s session has been taken over by a new session, we will automatically log them out and they will need to login again.
(Optional) Step 3: Enable Social Login and Two-Factor Authentication
Blocking concurrent logins is easier when you implement social media login because users likely don’t want to give away their social login information for sites like LinkedIn and Facebook. Better yet, it’s easy to add this functionality to your site using Profile Builder Pro:
In fact, we have a full guide which shows you how to add social login options to WordPress.
If you want to add an additional layer to make it more difficult for users to share login credentials, you can implement two-factor authentication. This means that members have to supply a second key (in addition to a password) to access your site.
Typically, this second key is generated in real-time. It might be a code sent to the user’s email or mobile device. This way, even if another person has the shared account information, they won’t be able to use the login credentials without that code.
Again, you’ll need Profile Builder Pro to add this functionality to your site. We have a full guide here that shows you how to set up two-factor authentication in WordPress. However, it’s important to note that with Paid Member Subscriptions Pro, you can sell memberships to groups like families or organizations if you’d like.
Conclusion
Account sharing can hinder the growth of your membership site. Plus, it comes with a ton of security risks and it impacts your bottom line. Therefore, it’s best to implement some kind of functionality that stops members from sharing login credentials with family and friends.
To recap, here are two steps to prevent account sharing in WordPress:
- Install and activate Paid Member Subscriptions.
- Prevent account sharing in the plugin’s settings.
Paid Member Subscriptions Pro
Accept (recurring) payments, create subscription plans and restrict content on your website. Easily setup a WordPress membership site using Paid Member Subscriptions.
Get Paid Member SubscriptionsYou can also make it more difficult for users to share accounts by enabling social login options and implementing two-factor authentication.
Do you have any questions about how to stop members from sharing account details? Let us know in the comments section below!
Related Articles
How to use AffiliateWP & Paid Member Subscriptions together
We're excited to announce a new integration between AffiliateWP & Paid Member Subscriptions. Paid Member Subscriptions is our WordPress Membership plugin that enables you to create and manage member subscriptions, grant and revokes access to posts, pages, categories as well as custom post types based on the subscriptions your users have purchased. AffiliateWP is an affiliate […]
Continue Reading
How to Sell Group Memberships in WordPress using Paid Member Subscriptions
Selling group memberships on your WordPress site is a great way to increase revenue by making subscriptions purchase more convenient to certain customers. You don’t even need to completely reinvent the wheel if you already have a membership site of your own. In this post, we’re going to walk you through the process of using […]
Continue Reading
Export Member Data in Paid Member Subscriptions
We firmly believe and stand behind the philosophy of owning your own data. While the membership and payment data was always in your database, it was not straight forward to export it. For this reason, you can now export member data stored in Paid Member Subscriptions to a CSV file. Whether you prefer to view […]
Continue Reading4 thoughts on “How to Prevent Account Sharing on Membership Sites (2 Steps)”
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
I’ve tested the plugin ‘Prevent Concurrent Logins’ but am in doubt of really using it. The thing that bothers me the most, is that every New session is honored in favour of an Old (existing) session. This means that a user who is successfully logged-in gets locked out as soon as someone else is logging in with the same credentials. In my opinion this not very user friendly, and actually it should work the other way around. When a user (B) is trying to log in by using the same credentials from a user (A) who is already logged in, user B should get a warning that logging in with these credentials is not possible at the moment because someone else (user A) is using it. This keeps user A logged in
The reason it’s like this is because if user (A) has the credentials from user (B), and user (A) is logged in, there would be no way for user (B ) to use the account until user (A) logs out. Meaning the one who actually paid for the account would never be able to use it, nor change the login credentials.
But using the existing functionality you can login, the existing session will be terminated, and you could then change the credentials to prevent this from happening in the future. Researching this before implementing showed us that many other plugins do it the same.
the other way around. When a user (B) is trying to log in by using the same credentials from a user (A) who is already logged in, user B should get a warning that logging in with these credentials is not possible at the moment because someone else (user A) is using it. This keeps user A logged in
The issue with this solution is if the first user is watching a long video on the protected page, they will be able to remain on the page watching videos while the 2nd user logs in with the same credentials. The first user isn’t booted off unless they refresh the page or navigate to a different page. Watching a video or multiple embedded videos on a site does not constitute a refresh or a navigation away from the page, so theoretically you could have a waterfall scenario where 10 people who log in 1 minute apart from each other all can watch the videos until they navigate away. Anyone have a better solution? Thanks!