=== User Access Blocker ===
Contributors: Eliyahna
Donate link: https://eliyahna.com/donate/
Tags: users, access control, block users, user management, security
Requires at least: 5.0
Tested up to: 6.8
Stable tag: 1.0.2
Requires PHP: 7.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Block user access without deleting accounts. Prevent specific users from logging in while preserving their data and content.

== Description ==

User Access Blocker is a simple yet powerful WordPress plugin that allows administrators to temporarily or permanently block user access without deleting their accounts. This is perfect for situations where you need to:

* Suspend user access during investigations
* Temporarily disable accounts for non-payment
* Block problematic users while preserving their content
* Manage user access during maintenance or transitions

= Key Features =

* **Easy Toggle**: Simple "Block Access" / "Unblock Access" button on user profiles
* **Instant Effect**: Blocked users are immediately prevented from logging in
* **AJAX Powered**: Block/unblock users without page refresh
* **Secure**: Multiple permission checks and nonce verification
* **Non-Destructive**: User accounts, posts, and data remain intact
* **Admin Only**: Only administrators can block/unblock users
* **Self-Protection**: Administrators cannot block themselves
* **Activity Logging**: All block/unblock actions are logged for security audits
* **Clean Uninstall**: Removes all plugin data when deleted

= How It Works =

1. Navigate to any user's profile page in WordPress admin
2. Scroll to the "Access Control" section
3. Click "Block Access" to prevent the user from logging in
4. Click "Unblock Access" to restore their access

Blocked users will see: "Your account has been blocked. Please contact the administrator."

== Installation ==

= Automatic Installation =

1. Log in to your WordPress dashboard
2. Navigate to Plugins → Add New
3. Search for "User Access Blocker"
4. Click "Install Now" and then "Activate"

= Manual Installation =

1. Download the plugin zip file
2. Log in to your WordPress dashboard
3. Navigate to Plugins → Add New
4. Click "Upload Plugin" and choose the downloaded file
5. Click "Install Now" and then "Activate"

= FTP Installation =

1. Download and unzip the plugin file
2. Upload the `user-access-blocker` folder to `/wp-content/plugins/`
3. Activate the plugin through the 'Plugins' menu in WordPress

== Frequently Asked Questions ==

= Can blocked users still see their content? =

No, blocked users cannot log in at all. They will be stopped at the login screen with an error message.

= What happens to a blocked user's posts and comments? =

Nothing - all content remains intact. The plugin only prevents login; it doesn't affect any user-generated content.

= Can I block other administrators? =

By default, the plugin prevents blocking administrator accounts for security reasons. This can be modified in the code if needed.

= Can users unblock themselves? =

No, only administrators can block or unblock users, and administrators cannot block themselves.

= Is there a bulk block feature? =

Not currently. Users must be blocked/unblocked individually from their profile pages.

= Does this work with custom login pages? =

Yes, the plugin hooks into WordPress's authentication system, so it works with any properly coded custom login page.

= What happens if I deactivate the plugin? =

Blocked users will be able to log in again. The block status is only enforced while the plugin is active.

= Will this plugin slow down my site? =

No, the plugin is lightweight and only runs during login attempts and on user profile pages in the admin area.

== Screenshots ==

1. The Access Control section on a user's profile page showing the "Block Access" button
2. A blocked user's profile showing the "Unblock Access" button and warning notice
3. The error message blocked users see when attempting to log in
4. Success notification after blocking/unblocking a user

== Changelog ==

= 1.0.2 =
* Enhanced security with improved escaping and sanitization
* Added unique prefixes to all functions and classes for better compatibility
* Added confirmation dialogs before blocking/unblocking users
* Improved error handling and user feedback
* Added activity logging for all block/unblock actions

= 1.0.1 =
* Added nonce verification for form submissions
* Improved AJAX security
* Added uninstall cleanup function
* Better error messages

= 1.0.0 =
* Initial release
* Basic block/unblock functionality
* AJAX-powered interface
* Administrator-only access

== Upgrade Notice ==

= 1.0.2 =
This version includes important security improvements and better compatibility with other plugins. Upgrade recommended.

= 1.0.1 =
Security improvements including better nonce handling and data validation.

= 1.0.0 =
Initial release

== Security Features ==

* Administrator-only functionality
* Nonce verification on all actions
* Permission checks at multiple levels
* Data sanitization and validation
* Secure AJAX implementation
* XSS protection through proper escaping
* Activity logging for audit trails

== Developer Information ==

= Hooks and Filters =

The plugin uses standard WordPress hooks:

* `authenticate` - To check if a user is blocked during login
* `show_user_profile` / `edit_user_profile` - To add the block button
* `personal_options_update` / `edit_user_profile_update` - To save block status
* `admin_notices` - To display blocked user warnings
* `wp_ajax_uab_toggle_user_block` - For AJAX functionality

= Database =

The plugin stores block status in user meta:
* Meta key: `_uab_user_blocked`
* Meta value: boolean (true/false)

= Uninstall =

The plugin includes a proper uninstall routine that removes all plugin data from the database when deleted through the WordPress admin.

== Support ==

For support, feature requests, or bug reports, please visit [plugin support forum](https://wordpress.org/support/plugin/user-access-blocker/) or [GitHub repository](https://github.com/yourusername/user-access-blocker).

== Privacy Policy ==

This plugin does not collect any personal data. It only stores block status as user metadata within your WordPress database. No data is sent to external servers.

The plugin logs block/unblock actions to your server's error log for security audit purposes. These logs remain on your server and are not transmitted elsewhere.