"Hijacking an Open User" was recently mentioned as one of the
"Top 5 WordPress Security Threats" by KeyCDN ;
great that Defender already has "Manage Login Duration" for the "remember me" login ;
but actual day to day auto logout sessions when you leave your desk / shared computers etc. would carry this to a proper level of security.