Blog / Paid Member Subscriptions / How to Prevent Account Sharing on Membership Sites (2 Steps)

How to Prevent Account Sharing on Membership Sites (2 Steps)

Prevent Account Sharing on Membership Sites
Adrian Spiac
Last Updated: 09/07/24

If you’re a membership site owner, naturally you want users to register for accounts. But, by default, WordPress allows multiple sessions from each user account. This makes it possible for people to access your site using shared login details.

That’s why it’s a good idea to prevent account sharing on your membership site. This will protect your revenue and increase your subscriber base in the long term. There are various ways to implement this functionality. But, it’s best to use a dedicated membership plugin that handles the process for you.

In this post, we’ll take a closer look at the reasons to prevent account sharing. Then, we’ll show you how to set it up on your membership site. Let’s dive in!

Why You Should Prevent Account Sharing on Your Membership Site

There are many reasons to prevent members from sharing accounts on your membership site.

One of the most significant reasons is that it reduces the need for individuals to sign up for their own accounts. If you offer paid subscriptions, this will have a negative impact on your revenue. Plus, it prevents you from growing your subscriber base.

What’s more, if users login to the account simultaneously, it sends more requests to your WordPress website. This could potentially crash your website if your hosting plan isn’t equipped to deal with that volume of traffic. And, you might incur charges for exceeding your plan limits.

Meanwhile, this can have a drastic impact on performance. For instance, extra members logging into your site might mean that your content doesn’t load as quickly as it should. This can be frustrating for users and impact your search engine rankings.

That’s why many streaming sites put limits on the number of simultaneous streams for a single account. Plus, you’ll often find that these websites automatically log out devices if they detect the same credentials being used in different locations.

On top of this, there are security concerns associated with account sharing. If members login from shared computers and leave sessions running (or save passwords), unauthorized people can access your site. Depending on the configuration of user roles and permissions, this might give people the ability to leave malicious comments, delete content, or steal important data.

When you have a lot of users sharing login credentials, you also lose valuable information that could have been gained if users signed up for an account. For example, you would have been able to add new subscribers to a mailing list and send out email campaigns that promote your products/services.

How to Stop Members From Sharing Login Details

There are multiple ways to tackle the login credentials sharing problem.

First off, you can enable social media login which can help considerably. This gives you access to tools like Google Gmail sign in and two-factor authentication. You can also use social media services like LinkedIn, to handle user authentication.

You can also try limiting the number of sessions, MAC, or IP addresses a member can use when accessing your paid resources. Many companies often use this method, charging different prices for more devices.

For example, lots of streaming sites including Netflix and HBO have login limits to discourage members from sharing login information with family and friends. But, many of these services present options to add extra member slots, or allow you to purchase more expensive subscriptions that accommodate multiple users.

The main idea is to make it inconvenient for a member to share their password, using methods like two-factor authentication. However, if you don’t want to add extra subscription plans or enable social login options, you can prevent account sharing using Paid Member Subscriptions (more on this in the next section).

How to Prevent Account Sharing on Membership Websites (2 Steps)

Now that you know why it’s good practice to disable account sharing, let’s take a look at how to do it. As we mentioned earlier, the best method is to install a dedicated membership plugin like Paid Member Subscriptions.

Step 1: Install and Activate Paid Member Subscriptions

Paid Member Subscriptions (PMS) is a complete membership plugin that lets you set up subscription plans, configure payment options, restrict access to premium content, and much more:

Accept (recurring) payments, create subscription plans and restrict content on your website. Easily setup a WordPress membership site using Paid Member Subscriptions.

Get Paid Member Subscriptions

Better yet, you can use the free version of PMS or purchase a premium version which gives you access to advanced add-ons like global content restriction rules and navigation menu filtering. Plus, you’ll get a full year of updates and support.

But, for this tutorial, you’ll only need the free version of the PMS plugin. So, go ahead and install the plugin directly through the WordPress dashboard by going to Plugins Add New Plugin. After that, search for the Paid Member Subscriptions plugin and click on Install Now Activate.

Step 2: Prevent Account Sharing in the PMS Settings

Upon successful activation of the Paid Member Subscription plugin, you’re ready to configure the settings to prevent account sharing on your membership site. To do this, click on the new Paid Member Subscriptions tab in your left-hand menu.

Then, go to Settings and you’ll land in the plugin’s general settings tab. Here, scroll down to the section that’s labelled Optimize the Login and Registration Flow for Your Members:

Prevent account sharing on membership sites

All you have to do is toggle the Prevent Account Sharing button to enable this feature.

This stops users from being logged in from multiple places at the same time. Meanwhile, if the current user’s session has been taken over by a new session, we will automatically log them out and they will need to login again.

(Optional) Step 3: Enable Social Login and Two-Factor Authentication

Blocking concurrent logins is easier when you implement social media login because users likely don’t want to give away their social login information for sites like LinkedIn and Facebook. Better yet, it’s easy to add this functionality to your site using Profile Builder Pro:

Profile Builder Pro

In fact, we have a full guide which shows you how to add social login options to WordPress.

If you want to add an additional layer to make it more difficult for users to share login credentials, you can implement two-factor authentication. This means that members have to supply a second key (in addition to a password) to access your site.

Typically, this second key is generated in real-time. It might be a code sent to the user’s email or mobile device. This way, even if another person has the shared account information, they won’t be able to use the login credentials without that code.

Again, you’ll need Profile Builder Pro to add this functionality to your site. We have a full guide here that shows you how to set up two-factor authentication in WordPress. However, it’s important to note that with Paid Member Subscriptions Pro, you can sell memberships to groups like families or organizations if you’d like.

Conclusion

Account sharing can hinder the growth of your membership site. Plus, it comes with a ton of security risks and it impacts your bottom line. Therefore, it’s best to implement some kind of functionality that stops members from sharing login credentials with family and friends.

To recap, here are two steps to prevent account sharing in WordPress:

  1. Install and activate Paid Member Subscriptions.
  2. Prevent account sharing in the plugin’s settings.

Accept (recurring) payments, create subscription plans and restrict content on your website. Easily setup a WordPress membership site using Paid Member Subscriptions.

Get Paid Member Subscriptions

You can also make it more difficult for users to share accounts by enabling social login options and implementing two-factor authentication.

Do you have any questions about how to stop members from sharing account details? Let us know in the comments section below!

From the blog

Related Articles

Best WooCommerce Subscriptions Alternative: Paid Member Subscriptions, a More Affordable and Complete Solution

Author: Maria
Last Updated: July 9th, 2024

Are you looking to sell subscription products on your WooCommerce site? One of the most popular ways to sell subscription products in WooCommerce is with the WooCommerce Subscriptions plugin. It lets you create WooCommerce products with recurring payments as a way to offer subscriptions to your customers. While this is an official extension from WooCommerce, […]

Continue Reading
Woocommerce stripe subscriptions

How to Set Up WooCommerce Stripe Subscriptions with Recurring Payments (3 Methods)

Author: Colin Newcomer
Last Updated: September 24th, 2024

Are you searching for a way to set up WooCommerce Stripe subscriptions? Setting up recurring subscriptions is a great way to build regular, dependable revenue for your website. And when it comes to processing payments, Stripe is one of the top options thanks to its competitive fees and flexible feature set. However, WooCommerce doesn't include […]

Continue Reading
woocommerce recurring payments

How to Set Up WooCommerce Recurring Payments

Author: Freddy Muriuki
Last Updated: February 22nd, 2024

Can't figure out how to set up WooCommerce recurring payments for your business? You aren't alone. Building a subscription business is daunting, especially if it's your first time. There are many moving parts at any given time. Whether it's laying the foundation, creating content, marketing your membership site, or managing payments, there are plenty of […]

Continue Reading

4 thoughts on “How to Prevent Account Sharing on Membership Sites (2 Steps)

    I’ve tested the plugin ‘Prevent Concurrent Logins’ but am in doubt of really using it. The thing that bothers me the most, is that every New session is honored in favour of an Old (existing) session. This means that a user who is successfully logged-in gets locked out as soon as someone else is logging in with the same credentials. In my opinion this not very user friendly, and actually it should work the other way around. When a user (B) is trying to log in by using the same credentials from a user (A) who is already logged in, user B should get a warning that logging in with these credentials is not possible at the moment because someone else (user A) is using it. This keeps user A logged in

    Reply

    The reason it’s like this is because if user (A) has the credentials from user (B), and user (A) is logged in, there would be no way for user (B ) to use the account until user (A) logs out. Meaning the one who actually paid for the account would never be able to use it, nor change the login credentials.

    But using the existing functionality you can login, the existing session will be terminated, and you could then change the credentials to prevent this from happening in the future. Researching this before implementing showed us that many other plugins do it the same.

    Reply

    the other way around. When a user (B) is trying to log in by using the same credentials from a user (A) who is already logged in, user B should get a warning that logging in with these credentials is not possible at the moment because someone else (user A) is using it. This keeps user A logged in

    Reply

    The issue with this solution is if the first user is watching a long video on the protected page, they will be able to remain on the page watching videos while the 2nd user logs in with the same credentials. The first user isn’t booted off unless they refresh the page or navigate to a different page. Watching a video or multiple embedded videos on a site does not constitute a refresh or a navigation away from the page, so theoretically you could have a waterfall scenario where 10 people who log in 1 minute apart from each other all can watch the videos until they navigate away. Anyone have a better solution? Thanks!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.