Convenience and security are often at the opposite ends of the pendulum. Consider the following before you do this:
1) Most residential/mobile internet services offer dynamic IP addresses that change all the time, making this useless for most of your users since their IPs will be changing any way.
2) Most residential/mobile internet connections share a single public IP for hundreds/thousand of their customers (NAT/CGNAT). That creates the possibility, however slight, someone inadvertently getting logged into another user’s account automatically.
3) IP addresses are easily spoofed, so using source IP only for authentication is a terrible security practice.
If you decide to ignore all the above and still want to go ahead with this, here’s a plugin that does just this: https://ww.wp.xz.cn/plugins/ip-based-login/
Good luck!
Some users may object to you “tracking” their IP. It’s not considered personal information under most privacy laws, but some people object all the same. Why not simply extend the expiration time of their auth cookie from the default 14 days when the “remember me” box is checked? This can be done through the “auth_cookie_expiration” filter.
N.B: Most modern browsers will discard very old cookies even if their expiration time has not been reached. Somewhere around a year IIRC.
Thankyou so much for your replies. Will definitely go through these solutions.
