mm-crypto-guide.com
Login
Independent review. This site is not the official website and is not affiliated with, endorsed by, or operated by the wallet vendor reviewed here. Never enter your seed phrase or private keys on any third-party site.

Manage Connected Sites & Sessions in MetaMask

Derek Holloway Derek Holloway
Try Tangem secure wallet →

Quick summary

If you connect a dApp to your MetaMask software wallet it gains a live session with your account (origin + provider access). Disconnecting that site removes the active connection but does not automatically cancel contract approvals (token allowance) or pending transactions. In my experience, disconnecting unused sites is fast (typically 3–5 clicks) and reduces your attack surface. And yes, that includes connected sites MetaMask mobile sessions.

This guide shows exactly how to view and disconnect connected sites (desktop and mobile), how WalletConnect sessions behave, what disconnecting actually does, and the small but important follow-ups (revoke approvals, review approvals periodically).

What "connected sites" means in MetaMask

A connection is a permissioned session between a website (origin) and your MetaMask provider. When you click "Connect wallet" the dApp gets:

  • your public account address (one or more accounts), and
  • a provider handle that can request signatures and transactions.

A connected site can ask you to sign messages or submit transactions, but it cannot move funds without your explicit signature or a pre-existing token allowance. (Token allowance is separate—more on that below.)

Try Tangem secure wallet →

Why disconnect a site? Simple: reduce the number of active sessions that can prompt you for signatures, and remove an easy path for a malicious UI to request actions.

How MetaMask stores connections (desktop vs mobile vs WalletConnect)

  • Desktop extension: the provider is injected into the page (window.ethereum). Connections are recorded in the extension state and tied to an origin. Disconnecting removes that origin from the extension's list.

  • Mobile app (in-app browser): the app injects a provider into pages shown inside its browser. Connections are handled similarly but the UI for managing them is in the mobile settings.

  • WalletConnect sessions: WalletConnect creates an external session (bridge) between a dApp and your wallet. Session data (accounts, chain IDs) persists until either side disconnects, and sessions can survive browser restarts.

What I've found: WalletConnect sessions are the most persistent, desktop connections are easiest to see in the extension, and mobile UIs vary slightly by app version (so menus may be named differently).

Disconnect a connected site (Desktop extension)

Step-by-step (approx. 3–5 clicks):

  1. Open your browser and click the MetaMask extension icon.
  2. Unlock your wallet if locked.
  3. Open Settings (gear icon or three-dot menu) and find "Connected sites" or "Connections" (UI label varies by version).
  4. Locate the origin (e.g., https://app.example.org) and click "Disconnect" or the trash icon.

Result: the site will no longer see your injected provider. If the dApp shows a "Disconnect" button in its UI, use both (disconnect on the dApp and in MetaMask) to be thorough.

If you prefer visuals: ![Connected Sites screenshot (placeholder)](alt: Connected Sites view - placeholder)

Disconnect a connected site (Mobile)

How to disconnect connected sites MetaMask mobile (step-by-step):

  1. Open the MetaMask mobile app on iOS or Android and unlock the wallet.
  2. Tap the menu (profile or gear) to open Settings.
  3. Find "Connected sites", "Connections", or "WalletConnect" (label depends on app version).
  4. Tap the site or session you want to remove and choose "Disconnect".

Approx time: 10–30 seconds per site.

And yes—disconnecting from the mobile in-app browser is the same idea. If the dApp was connected via MetaMask's built-in browser, disconnect from the app settings rather than relying solely on the site's UI.

Disconnect WalletConnect sessions on mobile

WalletConnect sessions can be removed from either the dApp or your wallet. Recommended steps in MetaMask mobile:

  1. Settings -> WalletConnect (or Connections) -> Active sessions.
  2. Tap the session and choose "Disconnect".

Remember: some dApps also keep state on their side. If the dApp still lists you as connected after you disconnect in MetaMask, refresh the dApp and choose "Disconnect" there as well. See our WalletConnect guide for more detail: connect-to-dapps-walletconnect.

What disconnecting does — and what it does NOT do

Disconnecting:

  • Removes the live provider connection and prevents the site from prompting your wallet (injected provider) again.
  • Stops the dApp from receiving your accounts from MetaMask.

Disconnecting does NOT:

But don't panic — disconnecting is still an important hygiene step. After disconnecting, follow up with an allowance review for any dApps you used frequently.

Quick comparison: Desktop vs Mobile vs WalletConnect vs Hardware (feature table)

Feature / Flow Desktop extension Mobile app (in-app) WalletConnect session Hardware wallet via MetaMask
Where to manage connections Extension Settings -> Connected Sites App Settings -> Connected Sites / WalletConnect WalletConnect sessions list in wallet or dApp Same as extension (device stores connection), plus hardware interactions
Session lifetime Until disconnected Until disconnected or app uninstall Persistent until either side disconnects Until disconnected (requires hardware to sign)
Disconnect steps (approx.) 3 clicks 3–5 taps 2–4 taps (but may require dApp-side) 3–5 clicks/taps
Revokes required after disconnect? Yes (token allowances) Yes Yes Yes (if contract allowances exist)
Best for Desktop dApp power users On-the-go DeFi users Cross-device dApp connections Large balances / high-security signing

Best practices & checklist for connected sites

  • Review connected sites monthly, and immediately after heavy DeFi sessions. I check mine weekly when doing swaps.
  • Revoke token allowances for contracts you no longer use (see links above).
  • Use a separate account in MetaMask for daily DeFi and keep larger balances in a hardware wallet. See hardware-wallets-with-metamask.
  • Limit approvals when prompted (choose a specific amount instead of "infinite" where possible).
  • Lock your wallet after use and enable biometric/pin locks on mobile.
  • Keep your seed phrase offline and verified; see seed-phrase-backup-recovery.

Troubleshooting common issues

  • Can't find "Connected sites"? Update the app/extension and check Settings (menu labels change with versions). If problems persist, see reset-delete-and-reinstall.
  • Site still shows connected after disconnect? Refresh the page, clear site storage, and disconnect both from the dApp UI and MetaMask.
  • WalletConnect session won't disconnect? Disconnect in MetaMask and in the dApp; if the dApp is unresponsive, revoke approvals on-chain and close the wallet app.

FAQ

Q: Is it safe to keep crypto in a hot wallet? A: Hot wallets are convenient for daily DeFi activity but carry more risk than cold storage. I keep only a working balance in my hot wallet and move larger holdings to hardware. See hardware-wallets-with-metamask for setup notes.

Q: How do I revoke token approvals? A: Disconnecting a site does not revoke allowances. Use on-chain tools or your wallet's allowance UI to revoke (see token-allowances-and-revoke and how-to-revoke-approvals-step-by-step).

Q: What happens if I lose my phone? A: Losing the device does not expose your seed phrase unless someone extracted it. Restore your wallet on a new device using your seed phrase and then rotate approvals and disconnect sessions. Read seed-phrase-backup-recovery and import-and-restore-wallet.

Q: Does disconnecting stop a site from seeing my address? A: Disconnecting removes the provider handshake so the dApp can no longer request your accounts via MetaMask. However, if you previously shared your address in public or via another channel, the dApp may already have it.

Who MetaMask is best for — and who should look elsewhere

Who MetaMask fits:

  • Users who want a flexible, widely-supported software wallet for interacting with EVM-compatible DeFi and dApps.
  • People who need quick, on-the-go access (mobile) and desktop browser integration.

Who might look elsewhere:

  • Users who prefer a custodial or simpler UX with built-in recovery options.
  • Users who store large sums and need hardware-backed keys by default (use a hardware wallet for signing).

If you need account abstraction or smart-contract wallet features, consider pairing MetaMask with specialized solutions or read our account-abstraction-smart-contract-wallets guide.

Conclusion & next steps

Disconnecting connected sites in MetaMask is a small, repeatable safety step that reduces exposure to malicious prompts. But disconnecting is only part of the workflow — always follow up by reviewing and revoking token allowances when appropriate.

Next steps (recommended):

If you liked this practical walkthrough, check the related guides above to tighten your setup and minimize risk when using MetaMask for DeFi.

Try Tangem secure wallet →