Have you ever had a need to give a temporary user account to your WordPress website or just for some predefined period of time elevate user privileges? If so, you probably had some troubles finding reliable and free way to accomplish this.
The quick Google search reveals only one option for the free Temporary Login Without Password WordPress plugin and it work pretty well if you want to have a temporary user account with some role assigned to it. My only concern is that the entire authentication process is happening with single URL that is quite insecure way because it can easily be retrieved from the browser history. For example, if you created a temporary admin account for a remote freelancer who shares his/here desktop PC with a roommate, it is definitely a possibility that unwanted person will gain admin privileges to your website. Obviously the probability is very low for this type of scenario however you always would want to mitigate all possible scenarios to reduce a change for Murphy’s law.
That is why with AAM I’m taking a bit different approach to the subject of temporary user account. You create a normal user account however have the ability to specify exactly when this account will expire as well as what action should be taken upon that account when it is expired (delete user account, block it or reassign to a different user role).
In addition to defining expiration on user level, you can create a temporary role. This basically mean that when existing user account gets assigned to a temporary role, AAM automatically removes user from that role when defined period expires.
The only difference between those two ways is that when you define temporary user account, you specify exact date and time when expiration should happen (e.g. Jan 12th, 2019). With temporary role, you define a period for how long user should have a role (e.g 2 hours, 3 months).
How to create a temporary role
Temporary role is a very convenient way to manage for how long any user can have that particular role. Think about it as kind of “temporary” promotion or probation. Let’s say you want to create 1 month trial period to use something that is available only for Editor role and if user does not upgrade his/here account, revert back to original user role. This way Bob James who has Subscriber role, after one trial month, will be automatically deprived from the Editor role to Subscriber.
To create a temporary role, on the Users/Roles Manager panel either create new role or click to edit existing. For the Role Expiration define your desired “trial” period where you can enter something like 1 hours, 10 days, 3 months etc.
The Role Expiration time expects to be given a string containing a valid date/time format or relative date expression. You can find all the necessary information on the Supported Date and Time Formats page.
How to create a temporary user account
The other great way to define a temporary account is to actually define expiration time for a very specific user as well as what action has to be taken upon that account after it is expired. The very common use case for this is when you want to give a temporary Backend access to some user and automatically expire it after specified time.
To define a temporary user account you already should have created WordPress user, then simply go to Users/Roles Manager panel, switch to Users tab and find your desired user. Then click on User Expiration icon. From here you can set exact date and time as well as action that will be automatically triggered after account is expired.
Keep in mind. If you chose to delete temporary user account, by default, WordPress deletes all content that “temporary user account” created. If you want to reassign content to different user before deleting account, in ConfigPress set valid user ID with core.reasign.ownership.user option.
Bonus feature – login timer
Recently I’ve got introduced to really interesting use case where website administrator wanted to keep user logged in only for very specific time period and automatically log user out after specified time span. So basically if Rebecca Johnson successfully logged in at 10am and you defined that she can be logged in for 1 hours only, at 11am, disregarding if she did any activity on a website or not, she’ll be automatically logged out so she has to relogin again.
Note! This is not an user timeout as user will be logged out exactly after the specified time span.
Because this type of use case is not as common, you would have to use the ConfigPress to activate this feature. First of all make sure that you have Secure Login option enabled. The go to ConfigPress tab and enter following config:
[aam] ; This option will activate user session time tracking core.session.tracking = true ; This option will define default time span for ALL users. ; Use this option cautiously as it also applies to your administrator user ; Define time span in seconds (e.g. 3600 = 1 hour) core.session.user.ttl = 3600 ; This is more granular option that is defined for one ; very specific user with ID 60 and it'll log user out ; after 30 minutes core.session.user.60.ttl = 1800
Temporary user accounts is very useful feature especially when you bring different collaborators to your website and do not necessarily want to keep track of how long they can do certain things. It can turn to be very tedious task with large amount of users.
With AAM free plugin you can define a temporary user account as well as temporary role that give you great set of options to manage temporary access to your website for other users.