By default, you can use the same WordPress username to login from many computers at the same time. tinyIP is a simple and hackable plugin that allows you to discourage users from sharing the same login information. If somebody tries to use username that already is actively signed in, tinyIP shows an error (screenshot #1) in the login form and notifies the administrator via e-mail.


  1. Install the plugin via WP Admin > Plugins > Add New or by placing it in ‘wp-content/plugins’ directory
  2. Activate the plugin
  3. Adjust Settings, if needed


tinyIP provides a few configuration options (screenshot #3):

  1. Session timeout – how long to wait before destroying inactive session (in minutes). It cleanups sessions, left by users, who did not log out properly.
  2. Monitored roles – which user roles should be monitored by tinyIP. By default – all except administrator.
  3. Detection mode – by default tinyIP only checks for different IP addresses, but that does not prevent users from the same office/flat/etc. from loging in. To mitigate that, the IP + Cookie mode also generates a cookie and checks for it, too. If your users’ IP addresses tend to change a lot (i.e. people traveling with their laptops), you could switch to Cookie-only detection mode.
  4. Refresh session with JS – if user stays at single page for long periods (for watching a video, playing a game, etc.) session would normally expire after session timeout (above) limit is reached. To prevent that, a small periodic background AJAX call is added, to refresh the session before it expires (on by default).
  5. Notify admin – tinyIP sends an email to site’s admin whenever someone tries to login with already active username (off by default).


Just activate and forget it. If someone got locked out because ISP changed their IP or a lost UUID cookie, administrator can manually release the lock via WP Admin > Users > Release IP lock action (screenshot #2).

Action / filter hooks

tinyIP provides several hooks to allow for extension of its features.


  • tinyip_kickout($user,$users) – executed when an $user is blocked out of the system
  • tinyip_insert($user,$users) – execueed when a new $user logs into the system
  • tinyip_update($user,$users) – executed when $user session information is updated
  • tinyip_delete($user,$users) – execuded when $user session information is deleted (user logs out)


  • tinyip_notify_subject – Admin notification subject
  • tinyip_notify_message – Admin notification message