If you connect a dApp to your MetaMask software wallet it gains a live session with your account (origin + provider access). Disconnecting that site removes the active connection but does not automatically cancel contract approvals (token allowance) or pending transactions. In my experience, disconnecting unused sites is fast (typically 3–5 clicks) and reduces your attack surface. And yes, that includes connected sites MetaMask mobile sessions.
This guide shows exactly how to view and disconnect connected sites (desktop and mobile), how WalletConnect sessions behave, what disconnecting actually does, and the small but important follow-ups (revoke approvals, review approvals periodically).
A connection is a permissioned session between a website (origin) and your MetaMask provider. When you click "Connect wallet" the dApp gets:
A connected site can ask you to sign messages or submit transactions, but it cannot move funds without your explicit signature or a pre-existing token allowance. (Token allowance is separate—more on that below.)
Why disconnect a site? Simple: reduce the number of active sessions that can prompt you for signatures, and remove an easy path for a malicious UI to request actions.
Desktop extension: the provider is injected into the page (window.ethereum). Connections are recorded in the extension state and tied to an origin. Disconnecting removes that origin from the extension's list.
Mobile app (in-app browser): the app injects a provider into pages shown inside its browser. Connections are handled similarly but the UI for managing them is in the mobile settings.
WalletConnect sessions: WalletConnect creates an external session (bridge) between a dApp and your wallet. Session data (accounts, chain IDs) persists until either side disconnects, and sessions can survive browser restarts.
What I've found: WalletConnect sessions are the most persistent, desktop connections are easiest to see in the extension, and mobile UIs vary slightly by app version (so menus may be named differently).
Step-by-step (approx. 3–5 clicks):
Result: the site will no longer see your injected provider. If the dApp shows a "Disconnect" button in its UI, use both (disconnect on the dApp and in MetaMask) to be thorough.
If you prefer visuals: 
How to disconnect connected sites MetaMask mobile (step-by-step):
Approx time: 10–30 seconds per site.
And yes—disconnecting from the mobile in-app browser is the same idea. If the dApp was connected via MetaMask's built-in browser, disconnect from the app settings rather than relying solely on the site's UI.
WalletConnect sessions can be removed from either the dApp or your wallet. Recommended steps in MetaMask mobile:
Remember: some dApps also keep state on their side. If the dApp still lists you as connected after you disconnect in MetaMask, refresh the dApp and choose "Disconnect" there as well. See our WalletConnect guide for more detail: connect-to-dapps-walletconnect.
Disconnecting:
Disconnecting does NOT:
But don't panic — disconnecting is still an important hygiene step. After disconnecting, follow up with an allowance review for any dApps you used frequently.
| Feature / Flow | Desktop extension | Mobile app (in-app) | WalletConnect session | Hardware wallet via MetaMask |
|---|---|---|---|---|
| Where to manage connections | Extension Settings -> Connected Sites | App Settings -> Connected Sites / WalletConnect | WalletConnect sessions list in wallet or dApp | Same as extension (device stores connection), plus hardware interactions |
| Session lifetime | Until disconnected | Until disconnected or app uninstall | Persistent until either side disconnects | Until disconnected (requires hardware to sign) |
| Disconnect steps (approx.) | 3 clicks | 3–5 taps | 2–4 taps (but may require dApp-side) | 3–5 clicks/taps |
| Revokes required after disconnect? | Yes (token allowances) | Yes | Yes | Yes (if contract allowances exist) |
| Best for | Desktop dApp power users | On-the-go DeFi users | Cross-device dApp connections | Large balances / high-security signing |
Q: Is it safe to keep crypto in a hot wallet? A: Hot wallets are convenient for daily DeFi activity but carry more risk than cold storage. I keep only a working balance in my hot wallet and move larger holdings to hardware. See hardware-wallets-with-metamask for setup notes.
Q: How do I revoke token approvals? A: Disconnecting a site does not revoke allowances. Use on-chain tools or your wallet's allowance UI to revoke (see token-allowances-and-revoke and how-to-revoke-approvals-step-by-step).
Q: What happens if I lose my phone? A: Losing the device does not expose your seed phrase unless someone extracted it. Restore your wallet on a new device using your seed phrase and then rotate approvals and disconnect sessions. Read seed-phrase-backup-recovery and import-and-restore-wallet.
Q: Does disconnecting stop a site from seeing my address? A: Disconnecting removes the provider handshake so the dApp can no longer request your accounts via MetaMask. However, if you previously shared your address in public or via another channel, the dApp may already have it.
Who MetaMask fits:
Who might look elsewhere:
If you need account abstraction or smart-contract wallet features, consider pairing MetaMask with specialized solutions or read our account-abstraction-smart-contract-wallets guide.
Disconnecting connected sites in MetaMask is a small, repeatable safety step that reduces exposure to malicious prompts. But disconnecting is only part of the workflow — always follow up by reviewing and revoking token allowances when appropriate.
Next steps (recommended):
If you liked this practical walkthrough, check the related guides above to tighten your setup and minimize risk when using MetaMask for DeFi.