{"id":240352,"date":"2025-07-13T22:43:55","date_gmt":"2025-07-13T22:43:55","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/user-access-blocker\/"},"modified":"2025-07-13T22:43:23","modified_gmt":"2025-07-13T22:43:23","slug":"user-access-blocker","status":"publish","type":"plugin","link":"https:\/\/sk.wordpress.org\/plugins\/user-access-blocker\/","author":13808560,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.2","stable_tag":"1.0.2","tested":"6.8.5","requires":"5.0","requires_php":"7.2","requires_plugins":null,"header_name":"User Access Blocker","header_author":"Eliyahna","header_description":"Allows administrators to block user access without deleting accounts","assets_banners_color":"f8f8f8","last_updated":"2025-07-13 22:43:23","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/eliyahna.com\/donate\/","header_plugin_uri":"https:\/\/eliyahna.com","header_author_uri":"","rating":0,"author_block_rating":0,"active_installs":40,"downloads":387,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.2":{"tag":"1.0.2","author":"Eliyahna","date":"2025-07-13 22:43:23"}},"upgrade_notice":{"1.0.2":"<p>This version includes important security improvements and better compatibility with other plugins. Upgrade recommended.<\/p>","1.0.1":"<p>Security improvements including better nonce handling and data validation.<\/p>","1.0.0":"<p>Initial release<\/p>"},"ratings":[],"assets_icons":{"icon-256x256.jpg":{"filename":"icon-256x256.jpg","revision":3327227,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":3327228,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.2"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"The Access Control section on a user's profile page showing the \"Block Access\" button","2":"A blocked user's profile showing the \"Unblock Access\" button and warning notice","3":"The error message blocked users see when attempting to log in","4":"Success notification after blocking\/unblocking a user"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[1912,13951,600,2461,1917],"plugin_category":[54],"plugin_contributors":[238752],"plugin_business_model":[],"class_list":["post-240352","plugin","type-plugin","status-publish","hentry","plugin_tags-access-control","plugin_tags-block-users","plugin_tags-security","plugin_tags-user-management","plugin_tags-users","plugin_category-security-and-spam-protection","plugin_contributors-eliyahna","plugin_committers-eliyahna"],"banners":{"banner":"https:\/\/ps.w.org\/user-access-blocker\/assets\/banner-772x250.jpg?rev=3327228","banner_2x":false,"banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/user-access-blocker\/assets\/icon-256x256.jpg?rev=3327227","icon_2x":"https:\/\/ps.w.org\/user-access-blocker\/assets\/icon-256x256.jpg?rev=3327227","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>User Access Blocker is a simple yet powerful WordPress plugin that allows administrators to temporarily or permanently block user access without deleting their accounts. This is perfect for situations where you need to:<\/p>\n\n<ul>\n<li>Suspend user access during investigations<\/li>\n<li>Temporarily disable accounts for non-payment<\/li>\n<li>Block problematic users while preserving their content<\/li>\n<li>Manage user access during maintenance or transitions<\/li>\n<\/ul>\n\n<h4>Key Features<\/h4>\n\n<ul>\n<li><strong>Easy Toggle<\/strong>: Simple \"Block Access\" \/ \"Unblock Access\" button on user profiles<\/li>\n<li><strong>Instant Effect<\/strong>: Blocked users are immediately prevented from logging in<\/li>\n<li><strong>AJAX Powered<\/strong>: Block\/unblock users without page refresh<\/li>\n<li><strong>Secure<\/strong>: Multiple permission checks and nonce verification<\/li>\n<li><strong>Non-Destructive<\/strong>: User accounts, posts, and data remain intact<\/li>\n<li><strong>Admin Only<\/strong>: Only administrators can block\/unblock users<\/li>\n<li><strong>Self-Protection<\/strong>: Administrators cannot block themselves<\/li>\n<li><strong>Activity Logging<\/strong>: All block\/unblock actions are logged for security audits<\/li>\n<li><strong>Clean Uninstall<\/strong>: Removes all plugin data when deleted<\/li>\n<\/ul>\n\n<h4>How It Works<\/h4>\n\n<ol>\n<li>Navigate to any user's profile page in WordPress admin<\/li>\n<li>Scroll to the \"Access Control\" section<\/li>\n<li>Click \"Block Access\" to prevent the user from logging in<\/li>\n<li>Click \"Unblock Access\" to restore their access<\/li>\n<\/ol>\n\n<p>Blocked users will see: \"Your account has been blocked. Please contact the administrator.\"<\/p>\n\n<h3>Security Features<\/h3>\n\n<ul>\n<li>Administrator-only functionality<\/li>\n<li>Nonce verification on all actions<\/li>\n<li>Permission checks at multiple levels<\/li>\n<li>Data sanitization and validation<\/li>\n<li>Secure AJAX implementation<\/li>\n<li>XSS protection through proper escaping<\/li>\n<li>Activity logging for audit trails<\/li>\n<\/ul>\n\n<h3>Developer Information<\/h3>\n\n<h4>Hooks and Filters<\/h4>\n\n<p>The plugin uses standard WordPress hooks:<\/p>\n\n<ul>\n<li><code>authenticate<\/code> - To check if a user is blocked during login<\/li>\n<li><code>show_user_profile<\/code> \/ <code>edit_user_profile<\/code> - To add the block button<\/li>\n<li><code>personal_options_update<\/code> \/ <code>edit_user_profile_update<\/code> - To save block status<\/li>\n<li><code>admin_notices<\/code> - To display blocked user warnings<\/li>\n<li><code>wp_ajax_uab_toggle_user_block<\/code> - For AJAX functionality<\/li>\n<\/ul>\n\n<h4>Database<\/h4>\n\n<p>The plugin stores block status in user meta:\n* Meta key: <code>_uab_user_blocked<\/code>\n* Meta value: boolean (true\/false)<\/p>\n\n<h4>Uninstall<\/h4>\n\n<p>The plugin includes a proper uninstall routine that removes all plugin data from the database when deleted through the WordPress admin.<\/p>\n\n<h3>Support<\/h3>\n\n<p>For support, feature requests, or bug reports, please visit <a href=\"https:\/\/wordpress.org\/support\/plugin\/user-access-blocker\/\">plugin support forum<\/a> or <a href=\"https:\/\/github.com\/yourusername\/user-access-blocker\">GitHub repository<\/a>.<\/p>\n\n<h3>Privacy Policy<\/h3>\n\n<p>This plugin does not collect any personal data. It only stores block status as user metadata within your WordPress database. No data is sent to external servers.<\/p>\n\n<p>The plugin logs block\/unblock actions to your server's error log for security audit purposes. These logs remain on your server and are not transmitted elsewhere.<\/p>\n\n<!--section=installation-->\n<h4>Automatic Installation<\/h4>\n\n<ol>\n<li>Log in to your WordPress dashboard<\/li>\n<li>Navigate to Plugins \u2192 Add New<\/li>\n<li>Search for \"User Access Blocker\"<\/li>\n<li>Click \"Install Now\" and then \"Activate\"<\/li>\n<\/ol>\n\n<h4>Manual Installation<\/h4>\n\n<ol>\n<li>Download the plugin zip file<\/li>\n<li>Log in to your WordPress dashboard<\/li>\n<li>Navigate to Plugins \u2192 Add New<\/li>\n<li>Click \"Upload Plugin\" and choose the downloaded file<\/li>\n<li>Click \"Install Now\" and then \"Activate\"<\/li>\n<\/ol>\n\n<h4>FTP Installation<\/h4>\n\n<ol>\n<li>Download and unzip the plugin file<\/li>\n<li>Upload the <code>user-access-blocker<\/code> folder to <code>\/wp-content\/plugins\/<\/code><\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id='can%20blocked%20users%20still%20see%20their%20content%3F'><h3>Can blocked users still see their content?<\/h3><\/dt>\n<dd><p>No, blocked users cannot log in at all. They will be stopped at the login screen with an error message.<\/p><\/dd>\n<dt id='what%20happens%20to%20a%20blocked%20user%27s%20posts%20and%20comments%3F'><h3>What happens to a blocked user's posts and comments?<\/h3><\/dt>\n<dd><p>Nothing - all content remains intact. The plugin only prevents login; it doesn't affect any user-generated content.<\/p><\/dd>\n<dt id='can%20i%20block%20other%20administrators%3F'><h3>Can I block other administrators?<\/h3><\/dt>\n<dd><p>By default, the plugin prevents blocking administrator accounts for security reasons. This can be modified in the code if needed.<\/p><\/dd>\n<dt id='can%20users%20unblock%20themselves%3F'><h3>Can users unblock themselves?<\/h3><\/dt>\n<dd><p>No, only administrators can block or unblock users, and administrators cannot block themselves.<\/p><\/dd>\n<dt id='is%20there%20a%20bulk%20block%20feature%3F'><h3>Is there a bulk block feature?<\/h3><\/dt>\n<dd><p>Not currently. Users must be blocked\/unblocked individually from their profile pages.<\/p><\/dd>\n<dt id='does%20this%20work%20with%20custom%20login%20pages%3F'><h3>Does this work with custom login pages?<\/h3><\/dt>\n<dd><p>Yes, the plugin hooks into WordPress's authentication system, so it works with any properly coded custom login page.<\/p><\/dd>\n<dt id='what%20happens%20if%20i%20deactivate%20the%20plugin%3F'><h3>What happens if I deactivate the plugin?<\/h3><\/dt>\n<dd><p>Blocked users will be able to log in again. The block status is only enforced while the plugin is active.<\/p><\/dd>\n<dt id='will%20this%20plugin%20slow%20down%20my%20site%3F'><h3>Will this plugin slow down my site?<\/h3><\/dt>\n<dd><p>No, the plugin is lightweight and only runs during login attempts and on user profile pages in the admin area.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Enhanced security with improved escaping and sanitization<\/li>\n<li>Added unique prefixes to all functions and classes for better compatibility<\/li>\n<li>Added confirmation dialogs before blocking\/unblocking users<\/li>\n<li>Improved error handling and user feedback<\/li>\n<li>Added activity logging for all block\/unblock actions<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Added nonce verification for form submissions<\/li>\n<li>Improved AJAX security<\/li>\n<li>Added uninstall cleanup function<\/li>\n<li>Better error messages<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>Basic block\/unblock functionality<\/li>\n<li>AJAX-powered interface<\/li>\n<li>Administrator-only access<\/li>\n<\/ul>","raw_excerpt":"Block user access without deleting accounts. Prevent specific users from logging in while preserving their data and content.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/240352","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=240352"}],"author":[{"embeddable":true,"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/eliyahna"}],"wp:attachment":[{"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=240352"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=240352"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=240352"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=240352"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=240352"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=240352"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}