How to logout all users in WordPress site forcefully

How to logout all users in WordPress site forcefully?

Here we are going to see how to force logout all users in WordPress site. There are few reasons, which requires the WordPress site to force logout all logged in users.

Mostly, you may need it while performing the site maintenance. Also, if you suspect any hacking attack on your site, you need to force logout all users before the complete cleanup. The force logout can also be useful to log out ourselves from any other device we logged in earlier, mainly a public device.

Here we are going to explain two different methods to force logout all users from a WordPress site.The first one involves editing a code in the wp-config.php file in the site’s root folder in the server. If you are unfamiliar with coding, don’t worry. The next method is using a simple WP plugin called “Force ReAuthentication”. This can be used by anyone and simply finish the job.

Method 1 – Edit the WP salts in wp-config.php

Go to the cPanel and using FTP or File manager to connect to the site. In the site’s root folder, you can find the wp-config.php file. Take a backup of that file to use in case anything goes wrong.

In the wp-config.php file, identify the following lines.

define('AUTH_KEY', 'K2#m<|[UO==4Nv c+Ox+^NH.H*6DmQRJntnj|SwKg)>,>O-z/IeRr?>5lmx`Hf:');
define('SECURE_AUTH_KEY', '-Qf(}6G(zB`(D*)]fe;iEwM]PU>BY:$Ni6]~mYCfZ68l_M@R<5E_ICbPUVk.Vf@');
define('LOGGED_IN_KEY', '6R6:bur.^!Q1K-/H!$]A$3JaaO]r|B&zu~{-*})|+C|');
define('NONCE_KEY', 'LM7}+||^qoISh4#q_ ST%x0vke+TQD(^$W{lVQ_TyV!%,N++H)4+>uSZl6Z%W[3');
define('AUTH_SALT', 'PpS;19y?W31AY@:=,RC;&kkNXNkP -v=Lr;ghGft:?WV5vA-lje|h{A19Tfzq$[');
define('SECURE_AUTH_SALT', '+H.u}x4u<6-^HY+/z');

You cannot find the exact lines as above, but you can find the similar pattern. To make your search easier, here is a trick. Find “define(‘AUTH_KEY” in the file. Then check the next seven lines starts with the below seven terms.

• define(‘SECURE_AUTH_KEY’,
• define(‘LOGGED_IN_KEY’,
• define(‘NONCE_KEY’,
• define(‘AUTH_SALT’,
• define(‘SECURE_AUTH_SALT’,
• define(‘LOGGED_IN_SALT’,
• define(‘NONCE_SALT’,

After finding the above lines, go to the random WordPress Salts generator link below.

https://api.wordpress.org/secret-key/1.1/salt/

Replace those eight lines in the wp-config.php file with the eight lines you have got in the above link. Save the changes in the file and upload it again to the server. This change will logout all the logged users from the server.

If you want to know the logic behind this method, here is our short explanation. Encryption Salt is a parameter used in decoding the cookie to find the users session. This parameter form unique keys for every logged user. By changing this encryption salt hash keys in the wp-config.php file, we are able to force logout all the users from the WP site and forcing them to re-login again.

Method 2 – Using the “Force ReAuthentication” WP Plugin

The “Force ReAuthentication” is a free plugin available in the WP Plugin library. Find and install the plugin. Using this Plugin, you can force logout a single user at a time and bulk logout all the users at a time. This plugin can be used to remove the selected users.

We suggest using this plugin, only if you are not able to edit the wp-config.php file. This plugin lastly updated 5 years back, which may raise security and compatibility issues.

If you find any, trouble using the above method or if you have any other method to force logout the users, please comment below.

Leave a Comment

Your email address will not be published. Required fields are marked *