Temporary access that expires on schedule. No zombie accounts.
ExpiryFlow lets you set an expiration date for any WordPress user. When time runs out, access is revoked, sessions are killed, and accounts can be auto-deleted — all automatically.
Administrators forget to revoke access. Every single time.
Contractors, guest writers, and support agents get login credentials for a project. Months later, those accounts are still active — a security risk nobody tracks.
Zombie accounts
- —Contractors retain access months after projects end
- —Guest authors keep login credentials indefinitely
- —Manually tracking who should have access is error-prone
Automated offboarding
- —Set expiry at account creation and forget about it
- —Login blocked and sessions killed on schedule
- —Auto-delete cleans up stale accounts after a grace period
Set a date. Walk away. ExpiryFlow handles the rest.
From the moment you set an expiry date, every step — blocking, session revalidation, content reassignment, and deletion — runs on schedule without manual intervention.
Expiry date management
Set a per-user expiration date from the profile screen or the Add New User form. Pick any date.
Manual status toggle
Revoke access instantly with one click — override the scheduled expiry date at any time.
Real-time blocking
Expired users are blocked immediately. Active sessions are re-validated hourly and killed on expiry.
Auto-deletion system
Expired accounts are removed from the database after a configurable grace period (default 2 days).
Content preservation
Posts, pages, and comments from deleted users are reassigned to a site administrator — no orphaned content.
Admin immunity
Administrator accounts are exempt from all expiry and deletion logic. You can't lock yourself out.
Clean admin interface
Status and Expires columns with color-coded badges right in the Users list — green, amber, red.
GDPR-friendly
No external tracking, no powered-by links, no remote calls. Helps enforce data minimization policies.
Where temporary access meets automatic expiry.
Any WordPress site that shares login credentials with people outside the core team needs expiry built in from day one.
Contractor offboarding
Give devs and designers temporary dashboard access that auto-expires when the project ships. No manual cleanup.
Trial accounts
Offer limited-time preview access that terminates on schedule. Turn trials into paid conversions automatically.
Guest contributors
Grant writing access for a single article and let it expire after publication. No lingering credentials.
Zero-trust cleanup
Ensure no account outlives its purpose. Automate the entire offboarding lifecycle from block to delete.
Automate offboarding in four steps.
- Install ExpiryFlow from the WordPress plugin directory.
- Activate it — expiry fields appear on user profiles and the Add New User form.
- Set an expiry date when creating or editing any non-admin user.
- Optionally enable auto-deletion with a grace period. Done.