This is probably a common problem with multiple possibilities to solve. However I am asking for an easy solution as I guess I am not the first one to have this problem.
Assume we have a huge company with employees coming and going. Some of them are blog authors in the company blog multisite network, some of them are even super administrators such as blog network maintainers.
Now when they leave the company their access should be revoked. However the users should still exist e.g. in the author card of blog articles. They may also come back to the company in a later time. I do not want to go through all their permissions and change them - just disable their login (for a certain time or permanently) for the whole multisite network.
I have already thought about using something like this (from ):
add_filter( 'authenticate', 'chk_active_user',100,2);
function chk_active_user ($user,$username) {
$user_data = $user->data;
$user_id = $user_data->ID;
$user_sts = get_user_meta($user_id,"user_active_status",true);
if ($user_sts==="no") {
return new WP_Error( 'disabled_account','this account is disabled');
} else {
return $user;
}
return $user;
}
And adding a custom meta field to the network admin user edit screen where i can deactivate. However not sure if this is secure?
How would you solve this problem?