Feature Request: Idle Timeout

Hi,

That is a new request I’ve not seen. Could you give me more information about what the user experience would be with this feature and why you would like it?

Thanks!!

We’re currently using WordFence to securely log member users in by cell phone for a secure Document Management & Sharing solution. (P.S. I am hoping for an update to allow a separate field entry for the cell code, rather than force users to re-enter their password – but I digress…)

So it makes sense that once these users walks away from their computer, or in a public or kiosk situation, we want to ensure that the security of their account and the documents are protected by a settable idle timeout, with an admin selectable landing page for the logout. (i.e. “You have been logged out due to inactivity.”)

In my case I need a selectable landing page for logoff because we want to hide the login page (it’s already obscured by Theme My Login).

It made some sense to me that this is an extension for security of a WordPress site that might fall under the WordFence scope.

Thank you for considering it!

Wayne

Good one!! Thanks for taking the time to write this Wayne.

So if we have a feature where you configure and idle timeout and it will work as follows:

User is happily surfing either the public pages or the admin section of the site or their own user profile page. They sit on a page longer than X seconds and the page refreshes and logs them out.

Sounds about right? If so I’ll get it hopefully in the next release. Just confirm this would work for you.

Regards,

Mark.

Thats exactly it. An admin variable timeout is a nice touch, combine that with the Logout Redirection (of Theme My Login) and you have the ultimate idle timeout security.

In fact, if you are able to force a refresh, that would be one better than any of the other similar plugins I’ve seen which rely on the next user to try to move to a new page to detect the timeout.

Retiring the session and whatever else might be required so that someone new can’t just “Back” into the old user session. That might involve being able to forcefully disable the “Remember Me” setting as well (I use another plugin to force no Remember Me function.

Thank you! You’re the one doing all the work! But my clients will be pleased as they currently love the cell confirmed login and as their webmaster I really appreciate the constant site checking and automated updates. Keeping me busy doing updates! ??

Wayne

OK, thanks. I’m thinking if we just do a redirect after the timeout (even if they don’t create another page request) to the WordPress logout URL, would that be OK? That’s gauranteed to work in most people’s config.

Regards,

Mark.