Home Blog WordPress Management How to know which WordPress users are online: plugin and function methods

How to know which users are online with a WordPress plugin

How to know which WordPress users are online: plugin and function methods

Knowing who is logged in on your WordPress website at any given time carries a lot of benefits. From ensuring contractual and attendance obligations are being met to protecting your business from abuse, a real-time view of logged-in users can improve the management and security of your websites.

There are differenent methods to understanding which users are online. In this article, we will cover the two main methods – using a plugin, and using a built-in WordPress function. Both have their uses, so its beneficial to understand how each one works. Let’s get to it.

How to use a plugin to know which users are online

Using a plugin to monitor online users has many benefits. Not only can you view who is online in real time, but you can also see the activities of the user who is logged in at the same time. For this exercise, we will be using WP Activity Log – our very own WordPress plugin for monitoring and logging user activity.

With WP Activity Log, you can:

  • Identify which WordPress users are online
  • Track changes they’re making to your website
  • Terminate sessions of users who are making harmful changes
  • Configure session policies based on user roles
  • Search for a specific activity to find out who was responsible for it

Installing WP Activity Log

The first step is to download and install WP Activity Log on your WordPress site.

WP Activity Log comes in both free and premium editions. The free edition monitors and logs all activity with no limitations. However, if you want to see who is online at any given time, you will need the Premium edition. The good news here is that the Premium edition comes jam-packed with features that go beyond simple monitoring.

P.S. Looking for a free solution? Check out the section titled ‘An alternative method for knowing which users are active online’ where we cover the built-in function method.

Once you’ve signed up and downloaded the plugin, you will need to go through the installation process, which is very simple:

1: Login to your WordPress site dashboard.

2: Navigate to the Plugins page and click the Add New button in the top right-hand corner.

3: Next, click the Upload Plugin button in the top right-hand corner.

4: Click the Choose File button and navigate to the plugin zip file.

5: Click Install Now to install the plugin.

6: Click Activate Plugin, once the plugin is installed.

Once you activate the plugin, you will then be taken through the set up configuration wizard. This will help you run through the basic configuration of the plugin, including:

  • Configuring the coverage of the activity log
  • Setting up activity log retention policies
  • Setting up activity log privileges
  • Choosing which objects to exclude from the activity log

Once you’ve completed the wizard setup, the plugin will automatically start keeping a record of all the user activity and changes made on your WordPress site.

Monitor users in real-time

With WP Activity Log set up, we can now monitor who is logged in and their activities in real-time. In doing so, we can better manage WordPress users for improved security and overall management of our websites.

First, navigate to WP Activity Log > Logged In Users

By default, you will be taken to the Logged In Users page. Here you’ll find a real-time view of who is logged in. To help you better understand how the page is divided, we have highlighted the different sections in the screenshot below:

  • Orange: This is the navigation section, with different tabs available for the different functions of the User Session Management module
  • Blue: This is a summary of logged-in users, classified by their role
  • Red: Click this button to terminate all active sessions on your WordPress website (perfect for emergencies)
  • Green: Logged in WordPress users

All logged in users are listed in the main section of the page, highlighted in green in the above screenshot. Here you can view:

  • User: The user. You can see the username, Role, and Session ID. Click on the username to open the WordPress user page in a new tab. If the user has multiple sessions open, they will be grouped together
  • Created: The date and time the session was created (the login date)
  • Expires: The date and time the session expires on
  • Source IP: The IP from which the user logged in
  • Last Event: The last activity of the user
  • Actions: Click the Show me this user’s events to see all of the user’s events, including the user login history. Click Terminate Session to instantly terminate that user’s session

Set user session policies

WP Activity Log does more than monitor WordPress user activity. You can use the WordPress plugin to set up session policies. With such policies, you can limit certain behaviors from taking place in the first place. When combined with the user activity log, user session policies enable you to boost how you monitor user activity and manage who is logged in.

For instance, if you operate a membership or subscription-based website, credential-sharing may be hurting your profits. By limiting the number of sessions one user can have, you can prevent multiple individuals from sharing one paid account. These controls will also safeguard your users in case a WordPress user is hacked.

Configuring user session policies

To configure user session policies:

  • Step 1: Navigate to WP Activity Log > Logged In Users and click on the User Sessions Management tab
  • Step 2: Tick the Enable session policies checkbox to activate policies with default settings

Next, you can customize policies to fit your requirements.

Note: Policies set within the All tab apply to all users. If you want to set different policies for different user roles, click on the tab for that role and configure policies there.

How to search for specific activities undertaken by users

Sometimes as a website administrator, you’re already aware of a problem and how to fix it. However, you may need to investigate who was responsible.

Within the ‘Activity Log Viewer’ menu, there is a search box on the top left-hand corner. Simply type in the area of the website that you’re looking for activity related to and then hit enter.

For instance, if you wanted to find out about changes made to the gallery, you would type ‘gallery’ into the search box. There may be dozens of changes made to the gallery each day, in which case you can use the filters to narrow down what you’re looking for.

An alternative method for knowing which users are active online

If you do not want to use a WordPress plugin for monitoring when users log in, you can use a function that comes built-in with WordPress.

Geek note: WordPress includes many built-in functions that enable you to do all sorts of things. Think of functions as functionality that you can access programmatically. This means you need a good command of PHP – the programming language that WordPress is written in.

Once such function is the is_user_logged_in() function, which returns a boolean (1 or 0). depending on whether the WordPress user is logged in or not. This type of function is called a conditional tag. Since the function returns 1 or 0, which stand for true or false, it allows us to take an action based on the result.

The is_user_logged_in() function can be deployed in your theme through custom code. While it lacks the WordPress dashboard UX and user management functionality of WP Activity Log, it can still help you determine whether a website visitor is logged in or not. Keep in mind that you cannot monitor user activity using this method.

Implementing the function

You can implement the is_user_logged_in() function in different ways, depending on the functionality you want to implement.

At its most basic level, the code should read:

<?php
if (is_user_logged_in()){
	//do something
}
?>

We can also write an if-else statement as follows:

function is_user_online()
{
    if (is_user_logged_in())
    {
        // do something
    }
}
add_action('init', 'is_user_online_function');

Bonus: terminating idle user sessions

WordPress is stateless and, as such, does not maintain a session after WordPress user authentication. Instead, it relies on cookies, which hold the session information including the expiry date and time. Each request a user makes a request, it includes the cookie, which tells WordPress whether that user has an active session or not.

In reality, a user could have left the session, but because they didn’t log out, it will still show them as logged in. Terminating idle sessions allows you to accurately assess who is logged in and who isn’t.

You can automatically terminate an idle WordPress user session using the WP Activity Log plugin.

Step 1: Head to WP Activity Log > Logged In Users and click on the User Sessions Management tab

Step 2: Check the Terminate Idle Sessions checkbox, enter the number of hours, and click on Save

Do keep in mind that you’ll need the premium version of the plugin to set up this feature.

Monitoring and managing logged-in users

When looking to monitor active users on your site, WP Activity Log can help you go further. Not only can you see who is active in real-time, but you can also see the activities of a given user and their last login. You can also use the Log Viewer to find specific events and trace them back to the user responsible.

But if you want a free option with a bit more work, the function method may be a viable option. Do keep in mind that the two options serve different purposes. As such, the one you implement will largely depend on your requirements and what you want to achieve.

Either way, monitoring online users is a great way to improve the overall security of your WordPress websites. It also enables you to ensure user accountability and monitor for fraudulent activity – making it a good tool to have in your toolbox.

Posted inWordPress Management
Joel Farrugia
Joel Barbara

Joel is our technical writer responsible for writing the different kinds of content we need. With a background in tech and content, he has a passion for making technology accessible and understandable for everyone. You can reach Joel at joel@melapress.com.


Leave a Reply

Your email address will not be published. Required fields are marked *

Stay in the loop

Subscribe to the Melapress newsletter and receive curated WordPress management and security tips and content.

Newsletter icon

It’s free and you can unsubscribe whenever you want. Check our blog for a taste.

Envelope icon

The survey results are in: Find out what your WordPress security gameplan might be missing

Close

The survey results are in: Find out what your WordPress security gameplan might be missing

Uploading Melapress Login Security as a zip file in WordPress
Melapress Login Security in the WordPress plugin repository
Close

Installing Melapress Login Security Free

Congratulations on taking control of your WordPress website's security by implementing robust login and password policies with Melapress Login Security. You can change your login page URL, limit failed login attempts, and reset passwords.

 

Below are two ways to install Melapress Login Security on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for Melapress Login Security.

Download the Melapress Login Security plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading CAPTCHA 4WP as a zip file in WordPress
CAPTCHA 4WP in the WordPress plugin repository
Close

Installing CAPTCHA 4WP Free

Well done you. You're one step closer to safeguarding your WordPress website from spam and automated attacks with CAPTCHA 4WP. You'll be able to effortlessly integrate CAPTCHA into your forms and enjoy a website with enhanced security.

 

Below are two ways to install CAPTCHA 4WP on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for CAPTCHA 4WP.

Download the CAPTCHA 4WP plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP Activity Log as a zip file in WordPress
WP Activity Log in the WordPress plugin repository
Close

Installing WP Activity Log Free on your website

You deserve a pat on the back for choosing to record user actions and changes on your website. That is the first step towards better user accountability, easier troubleshooting of website security, and many other benefits of issues.

 

Below are the two ways to install WP Activity Log on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for WP Activity Log.

Download the WP Activity Log plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP 2FA as a zip file in WordPress
WP 2FA in the WordPress plugin repository
Close

Installing WP 2FA Free

Congratulations on taking the first step towards enhancing your WordPress site's security with WP 2FA Free! You're now on your way to protecting your valuable data and ensuring peace of mind. No coding or technical knowledge is required.

 

Below are two ways to install WP 2FA on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for WP 2FA.

Download the WP 2FA plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2