Delete expired users automatically

  • Alex Kladov

    (@prowebassist)


    4 years ago

    Hi,

    Is there a way to remove a temporary user automatically, once their account expires?

    I realised that when your plugin creates a temporary account, it creates an actual WP user account in the backend. Which is totally fine. But once it expires, that account remains in the regular WP Users list, even though the user can’t actually login anymore. Which is a problem, because some plugins (and WP core) use WP Users table to send notifications to active admins (or other roles). And since those accounts are still in the list, notifications will be wrongly sent out to them, even if the account already expired. The plugin needs to clean up it’s expired users out of the WP Users list in order to avoid that.

    NOTE: It would still be nice to be able to restore/extend expired accounts, but only from the Temporary Logins settings page. So perhaps you need to store the list of expired temporary users in the DB somewhere. That way WP Users will only contain active accounts, while you will still have the ability to restore old users again (which will then re-add them to the WP Users table).

    Regards,
    Alex

Viewing 5 replies - 1 through 5 (of 5 total)
  • Malay Ladu

    (@malayladu)

    Hi Alex,

    Thanks for your feedback. We really appreciate you!

    We understood what you are trying to say and it’s a valid point. We should handle it somehow.

    Do you have any specific email which WordPress (or other plugin) is sending to users? We will be able to implement a solution After that information.

    It would still be nice to be able to restore/extend expired accounts, but only from the Temporary Logins settings page. So perhaps you need to store the list of expired temporary users in the DB somewhere. That way WP Users will only contain active accounts, while you will still have the ability to restore old users again (which will then re-add them to the WP Users table).

    We can do that but the problem is, some plugins are also tracking the user activities. If we delete temporary users from the table, the activity of that user will also be deleted and the store admins don’t know what happened on their store.

    Thread Starter Alex Kladov

    (@prowebassist)

    Hi Malay,

    Do you have any specific email which WordPress (or other plugin) is sending to users? We will be able to implement a solution After that information.

    One example that comes to mind is iThemes Security plugin’s admin notifications. E.g. in case of site lockouts or that suspicious file changes. I set for those notifications to be sent out to admins and every admin got them, even the ones that were expired, which is obviously an issue.

    We can do that but the problem is, some plugins are also tracking the user activities. If we delete temporary users from the table, the activity of that user will also be deleted and the store admins don’t know what happened on their store.

    That makes total sense, I didn’t even think that some people might want to keep record of that info. In that case, why not give the admin an option to select whether they want to disable the temporary user account or simply wipe it completely upon expiry? That way, we can decide, so if we need those activity logs, we can keep the user simply disabled (it can even be the default behaviour, or you can let admins configure what the default will be). So if we know that it’s some support account that won’t even be changing anything on the site, we can set for that account (and all of it’s meta) to self-destruct upon expiry.

    Regards,
    Alex

    Hi Alex,

    One example that comes to mind is iThemes Security plugin’s admin notifications. E.g. in case of site lockouts or that suspicious file changes. I set for those notifications to be sent out to admins and every admin got them, even the ones that were expired, which is obviously an issue.

    Ok. Got it.

    In that case, why not give the admin an option to select whether they want to disable the temporary user account or simply wipe it completely upon expiry? That way, we can decide, so if we need those activity logs, we can keep the user simply disabled (it can even be the default behaviour, or you can let admins configure what the default will be). So if we know that it’s some support account that won’t even be changing anything on the site, we can set for that account (and all of it’s meta) to self-destruct upon expiry.

    That makes sense. We will check the feasibility and see what’s possible.

    Another option is to set the role option as “– No role for this site –

    But, not sure of any implication of this.

    Thread Starter Alex Kladov

    (@prowebassist)

    Hi @malayladu! I was wondering if you guys had a chance to look into this? Any updates?

    Another option is to set the role option as “– No role for this site –”

    Yeah, that’s an option. I simply removed the users manually. But I am still hoping that this process could be automated in the future, so that I won’t have to worry about cleaning up expired user accounts manually every time.

    Hi Alex,

    Sorry. We haven’t worked on this yet.

    Will take some time out and work on this in the upcoming weeks.

    Thanks for your patience.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Delete expired users automatically’ is closed to new replies.