Search for answers or browse our knowledge base.
What is the inactive WordPress users policy?
When you enable the Inactive Users Policy, Melapress Login Security checks for users who have been inactive for a specific amount of time. The plugin checks every user’s last login or logout from the website, which are signs of activity. Once that time has elapsed, the user account will be automatically locked out. The amount of time that has to elapse before a user is considered inactive is configurable.
Inactive users cannot log in until the site administrator resets their account and they reset the password. This document highlights why you need this important policy and how it works.
Why do you need this policy on your WordPress website?
This policy is a valuable security feature. Very often, neglected user accounts become an easy point of entry for malicious hackers. Hence it is safer to disable them. When an inactive WordPress user tries to log in, they get a notification advising them to contact the website’s administrators.
How can you enable the inactive users policy on your WordPress website?
To enable the inactive users policy you will need to install Melapress Login Security. Then, enable the Inactive Users Policy setting in the Login Security Policies page. You can also change the number of days that must elapse for the plugin to consider a user as inactive.
As an extra security precaution, we also recommend enabling the setting that requires the inactive user, which has just been unlocked, to reset the password before logging in. Both these settings are highlighted in the below screenshot.
How does the inactive users policy work?
When users are not active for a pre-determined length of time, they are marked as inactive users. Inactivity is determined by how long it has been since the user last logged in to the website. By default, this is set to 30 days; however, you can change this.
Inactive users are not allowed to log in to the website before the site administrator resets their user account. Should they try to log in, they get a notification that their account is locked, as per the below screenshot.
As a website administrator, you can see the list of inactive users and reset them from Melapress Login Seciry’s Locked Users page.
How to unlock inactive WordPress users (so they can log in to the website)
You can unlock inactive WordPress users by clicking the Unlock button next to the user in the Locked Users page.
When a WordPress user account is reset, an email with instructions of how to reset the password is sent to the user. Should the user fail to log in and change the password within the configured time, the plugin will mark the user as inactive, and the user account will be marked as inactive again.