Overview

In Memberium > Settings > Login tab, under “Login Options”, the “Maximum Login IPs” defines the number of different IP addresses that a user can log in from within a certain period of time controlled by the other setting just below it “Maximum Login Window (Hours)”.

For example, if you set it to 3 IP addresses within 16 hours, then when you log in from a fourth IP address you would be prevented from logging in until 16 hours had passed from the first login.

It’s a rolling window. If you logged in from two different IPs, then 8 hours later logged in from a third IP, you’d only wait 8 more hours (total of 16 hours) and you’d be able to log in from another two IPs.

Increasing Security

You can increase security by using this feature in conjunction or combination with the Prevent Simultaneous Logins feature.

One common issue when selling B2B is that many employees in a company will all have the same external IP address when they are accessing your membership site from a corporate network.

Using the Maximum Login IPs window alone wouldn’t prevent many employees with the same IP from all sharing a single account.

By enabling Prevent Simultaneous Logins a single user can only be logged in at one place. If someone else logs in as that user, the first session will be closed and the user will be logged out. This makes it extremely inconvenient and almost pointless to share a single login.

 

Related Posts


Overview

This setting allows you to disable multiple logins for a user, meaning that they can’t be logged in from more than one place or have more than one session at the same time.

If the user account is already in use, and a second login takes place, the first login will be disconnected immediately. We do this instead of preventing the second login to prevent an inactive browser left open, or user who closed their browser without logging out from accidentally locking themselves out of their own account.

When this setting is disabled, set to NO, a single user account can have as many active sessions as they want.

Use Cases

The main use case for preventing simultaneous logins is to deter account sharing – many people using a single, paid account.

By enabling this setting, you’re making account sharing almost pointless as if someone else logs in then the current user’s session will be closed (they’ll be logged out). Account sharing may still be possible, but it’ll become more difficult.

In cases where you find this happening a lot, consider selling your customers additional logins at a reduced rate or including the ability to “add 3 team members” to their account using Umbrella Accounts.

Increasing Security

You can increase security by using this feature in conjunction with the Maximum Login IPs setting located beneath the toggle switch.

The “Maximum Login IPs” defines the number of different IP addresses that a user can log in from within a certain period of time controlled by the other setting just below it “Maximum Login Window (Hours)”.

Using all three settings in combination prevents members from sharing accounts in both private and corporate environments.

 

Related Posts


In this post we'll show you how to display or hide menu items in Wordpress conditionally based on a member's existing Infusionsoft tags.

Controlling menu items conditionally might seem a bit scary at first, but once you understand how it works it's really easy to do.

In certain situations you'll want to control the visibility of menu items based on a logged in member's existing Infusionsoft tags. Or you'll want to only display specific menu links to logged out visitors.

Continue Reading...