Skip to main content

Security

Configure the ActiveMember360 Security settings
Configure the ActiveMember360 Security settings

Prevent concurrent logins

When Prevent concurrent login is set to Yes/On concurrent logins from users with the same login credentials are prevented.

When a concurrent login occurs the user who is currently logging in is authenticated and allowed access to the site.

However any other WordPress sessions currently active for that user will be terminated i.e. the user is effectively logged out.

A message is shown in the browser for all sessions that have been terminated by concurrent login.

A concurrent login can occur if the user logs in from a different browser window, and/or different device. It is not dependent upon IP address.

Default: No

Email when concurrent login is detected

Note

This option is only shown and the setting applied if ActiveMember360, Settings, Security, Prevent concurrent logins is set to Yes.

Set Email when concurrent login is detected to Yes/On to send an email when a concurrent login is detected.

The email will be sent to the email address as defined in ActiveMember360, Settings, Mailing, Default "Mail From" address.

The notification email is automatically scheduled to send every hour. After the first email further emails will only contain details of concurrent logins since the last notification email was sent.

The details contained within the email includes for each concurrent login:

  • WordPress User ID
  • WordPress Username or Email Address
  • WordPress First Name
  • WordPress Last Name
  • Date and time of concurrent login using server time

If Email when concurrent login is detected is set to No/Off concurrent login information will be available from within the WordPress database. It is stored within the WordPress options table in the record with the option_name site_concurrent_logins

Default: No

Limit failed login attempts

When Limit failed login attempts is set to Yes/On any visitor will be blocked after a certain amount of failed login attempts.

The number of failed login attempts allowed before being blocked are set in ActiveMember360, Settings, Security, Limit failed login attempts to.

Once the number of failed login attempts have been reached the IP address used for the login attempts will be banned from access to your site until the specified ActiveMember360, Settings, Security, Set lockdown period after max. logins in seconds has expired.

Default: No

Limit failed login attempts to

Note

This option is only shown and the setting applied if ActiveMember360, Settings, Security, Limit failed login attempts is set to Yes.

Set Limit failed login attempts to as the consecutive number of failed login attempts by any visitor after which they will be blocked from the site.

Default: 0 i.e same as Limit failed login attempts being set to No/Off

Set lockdown period after max. logins in seconds

Note

This option is only shown and the setting applied if ActiveMember360, Settings, Security, Limit failed login attempts is set to Yes.

Specify for Set lockdown period after max. logins in seconds as the number of seconds for which a visitor will be blocked from the site after hitting the consecutive number of failed login attempts as set in Limit failed login attempts to.

Default: 0

Whitelist IP addresses

Note

This option is only shown and the setting applied if ActiveMember360, Settings, Security, Limit failed login attempts is set to Yes.

List any IP addresses, which will be ignored by the ActiveMember360, Settings, Security, Limit failed login attempts feature.

Default: None

Auto-logout after inactivity

Set for Auto-logout after inactivity a time interval to automatically logout a user if they are inactive on the site.

Each time a new page is viewed, the timer is reset.

A setting of 0 will disable it.

Default: 0

Auto-logout after inactivity in seconds

Note

This option is only shown and the setting applied if ActiveMember360, Settings, Security, Auto-logout after inactivity is set to Yes.

Set for Auto-logout after inactivity a time interval to automatically logout a user if they are inactive on the site.

Each time a new page is viewed, the timer is reset.

A setting of 0 will disable it.

Default: 0

Security Codes

Define as many Security Codes as required.

These are used with ActiveMember360 Webhook Modules and the ActiveMember360, Modules, Autologin for authentication purposes.

We recommend that you use only the following alphanumerics and special characters. This will ensure that your codes are safe for use with all webhook URLs:

1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ$-_.~

Default: None

Encryption Key

Define your custom Encryption Key used internally for additional security.

It is highly recommended that you define your own key rather than use the default.