There is no foolproof method to do this, and I would note that you will not be able to cache pages for performance if you try this
Force The User to Only be able to open a single page, no tabs, no other devices/browsers
This isn’t possible, and the few measures that try to do this are trivial to bypass. Usually they’re bypassed by accident by the user, who never realises it happened to begin with.
To do this, all your browser tabs will need to cross communicate. This won’t work across browsers, or if JS fails, or JS is turned off. It’s also possible every tab will detect each other and all tabs will lock out. Browser support for this will be limited. It won’t be a WordPress based solution
Force User Sessions Per Device
This is also not foolproof, there is no guarantee, but it’s a little easier
$sessions = wp_get_all_sessions();
if ( count( $sessions ) > 1 ) {
// more than 1 session, logout somewhere else to resume
}
Note that this:
- relies on the auth cookie WP uses
- the user must be logged in
- if your site is not https anybody can steal the cookie and share the session
- users can copy paste the cookie out of the dev tools and insert it into browsers on other devices, nothing you do can stop this
- Once a user reaches the page, they can logout in another tab, and open it on another device, giving them the page but on 2 devices
A Note on IP tracking
This will not work, and give highly unpredictable results.
For example, NAT makes everything on a local network share a single IP. As would a proxy or VPN. ISPs are also experimenting with or using CGNAT, so millions of users may be sharing a small subset of IPv4 addresses, leading to unpredictable results.
You’ll also lock out people tethering or using mobile phones. As they move around across cell phone masts their IPs might change, triggering the multiple screen detection system you’re building.
A Fundamental Problem
- cmd+s/ctrl+s/file->save as
- the print screen key
- Screen sharing in Hangouts/Skype/Zoom/FB Live/Twitch/etc/etc
You can very easily invest a huge amount of time in this only to find that somebody sidestepped it with something trivial. E.g. when spending weeks building advanced anti-theft systems to stop people right click saving an image, only to find that dragging and dropping it on to the desktop worked fine.