Temporary access that expires on schedule. No zombie accounts.

ExpiryFlow lets you set an expiration date for any WordPress user. When time runs out, access is revoked, sessions are killed, and accounts can be auto-deleted — all automatically.

UsernameRoleStatusExpires
janesmithEditorActive2026-08-15
mike_devAuthorExpiring2026-07-05
guest_writerContributorExpired2026-06-20
Auto-delete in 2 days

Administrators forget to revoke access. Every single time.

Contractors, guest writers, and support agents get login credentials for a project. Months later, those accounts are still active — a security risk nobody tracks.

Zombie accounts

  • Contractors retain access months after projects end
  • Guest authors keep login credentials indefinitely
  • Manually tracking who should have access is error-prone

Automated offboarding

  • Set expiry at account creation and forget about it
  • Login blocked and sessions killed on schedule
  • Auto-delete cleans up stale accounts after a grace period

Set a date. Walk away. ExpiryFlow handles the rest.

From the moment you set an expiry date, every step — blocking, session revalidation, content reassignment, and deletion — runs on schedule without manual intervention.

Expiry date management

Set a per-user expiration date from the profile screen or the Add New User form. Pick any date.

per-userprofile

Manual status toggle

Revoke access instantly with one click — override the scheduled expiry date at any time.

overrideone-click

Real-time blocking

Expired users are blocked immediately. Active sessions are re-validated hourly and killed on expiry.

hourly checksession kill

Auto-deletion system

Expired accounts are removed from the database after a configurable grace period (default 2 days).

grace periodconfigurable

Content preservation

Posts, pages, and comments from deleted users are reassigned to a site administrator — no orphaned content.

reassignno data loss

Admin immunity

Administrator accounts are exempt from all expiry and deletion logic. You can't lock yourself out.

protectedsafe

Clean admin interface

Status and Expires columns with color-coded badges right in the Users list — green, amber, red.

columnsbadges

GDPR-friendly

No external tracking, no powered-by links, no remote calls. Helps enforce data minimization policies.

no trackingcompliant

Where temporary access meets automatic expiry.

Any WordPress site that shares login credentials with people outside the core team needs expiry built in from day one.

Contractor offboarding

Give devs and designers temporary dashboard access that auto-expires when the project ships. No manual cleanup.

Agencies & developers

Trial accounts

Offer limited-time preview access that terminates on schedule. Turn trials into paid conversions automatically.

Membership sites

Guest contributors

Grant writing access for a single article and let it expire after publication. No lingering credentials.

News & blogs

Zero-trust cleanup

Ensure no account outlives its purpose. Automate the entire offboarding lifecycle from block to delete.

Security-conscious admins

Automate offboarding in four steps.

  1. Install ExpiryFlow from the WordPress plugin directory.
  2. Activate it — expiry fields appear on user profiles and the Add New User form.
  3. Set an expiry date when creating or editing any non-admin user.
  4. Optionally enable auto-deletion with a grace period. Done.