If you are a membership site owner, having an easy way to prevent account sharing will protect your revenue and increase your subscriber base in the long term.
There are of course multiple ways to tackle the login credentials sharing problem. Adopting social media login as a method of authentication can help considerably. This gives you access to tools like Google Gmail sign in and two-factor authentication. You can also use social media services, like LinkedIn, to handle your user authentication.
You can also try limiting the number of sessions, MAC, or IP addresses a member can use when accessing your paid resources. Big companies often use this method and some charge different prices for more devices.
Many Hulu, Spotify, Disney, HBO Go, Amazon Prime Video, and Netflix accounts have login limits to discourage sharing login information between family members. Many of the other streaming services follow this model as well.
The main idea is to make it inconvenient for a member to share their password with things like two-factor authentication. That’s what we aimed for when implementing the ability to prevent account sharing in Paid Member Subscriptions. We wanted something simple that will do the job in the majority of cases.
There are many use cases for a plugin that prevents shared logins. There will be users that try and share email accounts from different states and you can easily block those. Various websites stop password sharing because it cuts into their revenue or it uses more resources than they have available.
If family members running simultaneous streams in the same house are sending more requests to your WordPress website than you are prepared to handle, it could potentially crash your WordPress site. This is especially true when dealing with free accounts because more people are likely to access them.
Another use case is if someone’s computer gets lost or hacked and they have their Google Gmail password stored in a password manager. That means someone they don’t want now has access to their email account and login information.
Issues With Password Sharing
When you have a lot of users sharing their Google login credentials, it causes problems for your WordPress site. You lose valuable information that could have been gained if users signed up for a free account.
Household sharing between family members can put a strain on the speed of your service. That’s why streaming services, like Amazon Prime Video or Hulu, put limits on the number of simultaneous streams a single account can have. Various websites will log out all devices if it detects the same login credentials in different places to help with this.
Account sharing also means you need to invest more time and money into its prevention because it lowers your revenue over time and it makes you lose out on potential new users. While social media login is free, sometimes you might need to pay for a good two-factor authentication package.
Simultaneous streams can put a huge load on your server that you weren’t expecting. This slows down your WordPress site for users that don’t share their login information, making them consider other services.
Prevent Account Sharing in Paid Member Subscriptions
The simplest way to tackle this issue is by blocking concurrent logins.
Using this setting you’re preventing users from being logged in from multiple places at the same time. If the current user’s session has been taken over by a newer session, we will log them out and they will have to login again.
Blocking concurrent logins is easier when you implement social media login because users don’t want to give away their LinkedIn login information, even to family members. If you want to add an additional layer to make it more difficult for users to password share, consider adding two factor authentication.
If a member always gets a code sent to their email account, it won’t matter if another person has their HBO Go, Hulu, or Netflix account information. They won’t be able to use the login credentials without that code.
It’s pretty annoying to find yourself logged out by a family member you gave your Google Gmail password. If this goes on long enough, it will make it inconvenient for members to share their login credentials.
Do you already prevent account sharing on your membership site? If not, make sure to give Paid Member Subscriptions a try. This option is part of the free version as well.
Paid Member Subscriptions Pro
Accept (recurring) payments, create subscription plans and restrict content on your website. Easily setup a WordPress membership site using Paid Member Subscriptions.Get the plugin
Subscribe to get early access
to new plugins, discounts and brief updates about what's new with Cozmoslabs!
4 thoughts on “Prevent Account Sharing on Membership Sites”
I’ve tested the plugin ‘Prevent Concurrent Logins’ but am in doubt of really using it. The thing that bothers me the most, is that every New session is honored in favour of an Old (existing) session. This means that a user who is successfully logged-in gets locked out as soon as someone else is logging in with the same credentials. In my opinion this not very user friendly, and actually it should work the other way around. When a user (B) is trying to log in by using the same credentials from a user (A) who is already logged in, user B should get a warning that logging in with these credentials is not possible at the moment because someone else (user A) is using it. This keeps user A logged in
The reason it’s like this is because if user (A) has the credentials from user (B), and user (A) is logged in, there would be no way for user (B ) to use the account until user (A) logs out. Meaning the one who actually paid for the account would never be able to use it, nor change the login credentials.
But using the existing functionality you can login, the existing session will be terminated, and you could then change the credentials to prevent this from happening in the future. Researching this before implementing showed us that many other plugins do it the same.
the other way around. When a user (B) is trying to log in by using the same credentials from a user (A) who is already logged in, user B should get a warning that logging in with these credentials is not possible at the moment because someone else (user A) is using it. This keeps user A logged in
The issue with this solution is if the first user is watching a long video on the protected page, they will be able to remain on the page watching videos while the 2nd user logs in with the same credentials. The first user isn’t booted off unless they refresh the page or navigate to a different page. Watching a video or multiple embedded videos on a site does not constitute a refresh or a navigation away from the page, so theoretically you could have a waterfall scenario where 10 people who log in 1 minute apart from each other all can watch the videos until they navigate away. Anyone have a better solution? Thanks!