Skip to content

Adam Greenwell

Temporary User Access

Temporary User Access lets you create real WordPress users that automatically expire after a set time period. Perfect for contractors, clients, support staff, or anyone who needs temporary access to your WordPress site.

What is Temporary User Access?

Instead of creating a permanent WordPress user and remembering to delete it later, you can create a temporary user that:

  • ✅ Is a real WordPress user (full functionality)
  • ✅ Automatically expires after X days
  • ✅ Can have a limited number of logins
  • ✅ Uses a secure token-based login link (no password needed)
  • ✅ Is automatically deleted when expired or login limit reached
  • ✅ Redirects to specific area of WordPress after login

Use Cases

Client or Stakeholder Access

Give clients temporary access to review work:

  • Preview content before publication
  • Review design changes
  • Approve projects
  • Limited to specific role (Editor, Author, etc.)

Contractor or Freelancer Access

Provide temporary access for project work:

  • Developer needs admin access for 2 weeks
  • Writer needs author access for content project
  • Designer needs editor access to update media

Support Staff Access

Grant support team temporary access:

  • Tech support troubleshooting
  • One-time site maintenance
  • Training or consultation session
  • Limited to specific number of logins

Testing and QA

Create temporary test accounts:

  • Client acceptance testing
  • Quality assurance reviews
  • User role testing
  • Automatic cleanup after project

Creating Temporary Users

Step 1: Access Temporary Access Page

Navigate to Guard Dog → Temporary Access in your WordPress admin.

Step 2: Fill Out the Form

Username (required)

  • Must be unique (not already in use)
  • Lowercase letters, numbers, underscore, hyphen only
  • Example: client_john, contractor_web, support_temp

First Name (optional)

  • User’s first name
  • Shows in WordPress admin

Last Name (optional)

  • User’s last name
  • Shows in WordPress admin

Email Address (required)

  • Where to send the access link
  • Must be valid email format
  • This is a display-only email (user’s actual email is internally generated)

Role (required)

  • WordPress user role to assign
  • Options:
  • Administrator – Full site control (use carefully!)
  • Editor – Edit all posts and pages
  • Author – Publish and edit own posts
  • Contributor – Write posts but can’t publish
  • Subscriber – Read-only access

Expiry (Days) (required)

  • How many days until user expires
  • Range: 1-365 days
  • After expiry, user is automatically deleted

Maximum Logins (optional)

  • Limit number of times user can log in
  • 0 = unlimited logins (until expiry date)
  • After reaching limit, user is automatically deleted
  • Useful for one-time access or limited sessions

Step 3: Create User

  1. Click Create Temporary User
  2. User is created immediately
  3. Access link is generated

Step 4: Copy Access Link

After creation, you’ll see:

Access Link:

https://yoursite.com/?guard_dog_temp_token=abc123def456...

Copy this link and send it to the temporary user via:

  • Email (secure)
  • Encrypted messaging
  • Password manager sharing
  • Direct message

⚠️ Security Warning: The access link grants immediate login. Send it securely and only to the intended recipient.

Managing Temporary Users

Viewing Active Temporary Users

The Temporary Access page shows all active temporary users:

Columns displayed:

  • Username – User’s login name
  • Email – Display email address
  • Role – WordPress role assigned
  • Created – When user was created
  • Expires – When user will be deleted
  • Logins – Times logged in / Maximum allowed
  • Last Login – Most recent login timestamp
  • Actions – Delete or copy access link

User Status

Active:

  • Green indicator
  • User can still log in
  • Has not expired or reached login limit

Expiring Soon:

  • Yellow indicator (within 24 hours of expiry)
  • User can still log in
  • Will be deleted soon

Login Limit Reached:

  • Orange indicator
  • User has used all allocated logins
  • Will be deleted on next cleanup

Deleting Temporary Users

To manually delete a temporary user before expiry:

  1. Go to Guard Dog → Temporary Access
  2. Find the user in the list
  3. Click Delete in the Actions column
  4. Confirm deletion
  5. User is immediately removed

What happens:

  • User is deleted from WordPress
  • Access link stops working
  • All user data is removed
  • User cannot log in

Extending Access

Currently, to extend a temporary user’s access:

Option 1: Create new temporary user

  • Create a new temporary user with same email
  • Different username required
  • New access link generated
  • Delete old user

Option 2: Convert to permanent user

  • Edit the user in WordPress (Users → All Users)
  • Remove temporary user metadata
  • User becomes permanent
  • Must set a password

Option 3: Database edit (advanced)

  • Update _guard_dog_temp_expiry user meta
  • Change to new future timestamp
  • Not recommended unless comfortable with database

The Temporary User Experience

How Temporary Users Log In

  1. User receives access link via email or secure message
  2. User clicks the link
  3. Automatic login – No username/password needed
  4. Redirected to specified area:
  • Admin (default) – WordPress dashboard
  • Profile – User profile page
  • Front – Site homepage

What Temporary Users Can Do

Temporary users have the same capabilities as their assigned role:

Administrator:

  • Everything a normal admin can do
  • Install/activate plugins
  • Change settings
  • Delete content
  • Manage users

Editor:

  • Edit all posts and pages
  • Moderate comments
  • Manage categories and tags
  • Upload media

Author:

  • Create and publish own posts
  • Upload media
  • Edit own published posts

Contributor:

  • Write posts (can’t publish)
  • Edit own unpublished posts

Subscriber:

  • Read content
  • Edit own profile
  • Comment (if enabled)

Limitations

Temporary users cannot:

  • Change their password (no password set)
  • Use regular login page (must use access link)
  • Access site after expiry or login limit reached

Login Tracking

Each login is tracked:

  • Login count increments
  • Last login timestamp updated
  • Logged in Activity Log (if enabled)
  • Viewable by administrators

Security Considerations

Access Link Security

The access link is the password – anyone with it can log in.

Best practices:

  • ✅ Send via secure channel (encrypted email, Signal, etc.)
  • ✅ Send only to intended recipient
  • ✅ Use short expiry for sensitive access
  • ✅ Set login limit if one-time access needed
  • ❌ Don’t post publicly
  • ❌ Don’t send via unencrypted email for sensitive sites
  • ❌ Don’t share multiple access links simultaneously

Role Assignment

Principle of least privilege:

Assign the minimum role needed:

  • Client preview → Editor or Author
  • Content writer → Author or Contributor
  • Support staff → Editor (not Administrator)
  • Developer work → Administrator (only if necessary)

Never give Administrator unless absolutely required.

Audit Trail

All temporary user activity is logged:

  1. Creation logged:
  • Who created the temporary user
  • When it was created
  • User details and expiry
  1. Usage logged:
  • Each login attempt
  • IP address of logins
  • Timestamp of access
  1. Actions logged:
  • All actions the temporary user takes
  • Same as regular users in Activity Log

View in Guard Dog → Activity Log, filter by temporary username.

Automatic Cleanup

Temporary users are automatically deleted when:

  1. Expiry date reached
  • User cannot log in after expiry
  • Deleted on next WordPress cron run
  1. Login limit reached
  • After maximum logins used
  • Deleted immediately after last login
  1. Manual deletion
  • Administrator deletes user
  • Immediate removal

Cleanup runs:

  • Every hour via WordPress cron
  • On-demand when users try to access expired link
  • Can be manually triggered

Advanced Configuration

Email Notifications

Currently, access links must be manually sent. To automate:

  1. Configure email provider (see Email Provider Configuration)
  2. Enable email notifications in settings (if available)
  3. Access links automatically emailed on creation

Custom Redirect After Login

Temporary users can be redirected to different locations after login.

Current default: WordPress admin dashboard

To change (requires custom code):

Filter the redirect URL:

add_filter('guard_dog_temp_user_redirect', function($redirect_url, $user_id) {
    // Redirect to specific page
    return home_url('/welcome-contractors/');
}, 10, 2);

Integration with Other Features

Temporary Users + 2FA:

  • Temporary users bypass 2FA by default
  • They use token-based authentication
  • For high-security: require 2FA after first token login (custom development)

Temporary Users + IP Whitelist:

  • Access link still requires whitelisted IP (if enabled)
  • Consider adding temporary user’s IP to whitelist
  • Or disable IP whitelist for their access period

Temporary Users + CAPTCHA:

  • Token login bypasses CAPTCHA
  • No manual verification needed
  • Secure token serves as verification

Common Use Cases with Examples

Use Case 1: Client Content Review

Scenario: Client needs to review draft posts before publication.

Setup:

Username: client_acme_corp
Email: [email protected]
Role: Editor
Expiry: 7 days
Max Logins: 0 (unlimited)

Why:

  • Editor role can view all drafts
  • 7 days gives time for review and feedback
  • Unlimited logins for multiple review sessions
  • Automatically removed after project

Use Case 2: Developer for Maintenance

Scenario: Hire developer for 2-week plugin customization.

Setup:

Username: dev_john_temp
Email: [email protected]
Role: Administrator
Expiry: 14 days
Max Logins: 0 (unlimited)

Why:

  • Administrator for full access to plugins/settings
  • 14 days matches project timeline
  • Unlimited logins for daily work
  • Auto-deleted when project ends

Use Case 3: Support Ticket Resolution

Scenario: Support staff needs one-time access to troubleshoot.

Setup:

Username: support_ticket_1234
Email: [email protected]
Role: Administrator
Expiry: 1 day
Max Logins: 3

Why:

  • Administrator for troubleshooting access
  • 1 day expiry (issue should be fixed today)
  • 3 logins max (log in, fix, verify)
  • Very limited window for security

Use Case 4: Content Writer for Campaign

Scenario: Freelance writer for 30-day content campaign.

Setup:

Username: writer_jane_nov
Email: [email protected]
Role: Author
Expiry: 30 days
Max Logins: 0 (unlimited)

Why:

  • Author role for creating posts (can’t delete others’ work)
  • 30 days matches campaign duration
  • Unlimited logins for daily writing
  • Can’t accidentally break site settings

Use Case 5: QA Testing

Scenario: QA tester needs to verify functionality before launch.

Setup:

Username: qa_test_user
Email: [email protected]
Role: Subscriber
Expiry: 3 days
Max Logins: 10

Why:

  • Subscriber to test user-facing functionality
  • 3 days for testing period
  • 10 logins for multiple test sessions
  • Limited role prevents accidental changes

Troubleshooting

Access Link Not Working

Symptom: Clicking access link doesn’t log user in

Possible causes:

  1. User already expired – Past expiry date
  2. Login limit reached – Used all allowed logins
  3. User was deleted – Manually deleted by admin
  4. Wrong URL – Copied incomplete link
  5. Token already used – For single-use tokens (if implemented)

Solutions:

  1. Check status:
  • Go to Temporary Access page
  • Look for the user
  • Check expiry and login count
  1. Create new user:
  • If expired, create a new temporary user
  • Send new access link
  1. Verify link:
  • Ensure entire link was copied
  • Should start with https://yoursite.com/?guard_dog_temp_token=

Can’t Create Temporary User

Symptom: Error when creating temporary user

Error messages and solutions:

“Username already exists”

  • Choose a different username
  • Check Users → All Users for existing users
  • Add numbers or date to make unique: client_john_nov2024

“Invalid email address”

  • Use valid email format: [email protected]
  • Remove spaces or special characters
  • Use real email for sending access link

“Invalid expiry period”

  • Must be between 1 and 365 days
  • Use whole numbers only
  • Check for typos

“Maximum logins must be positive or zero”

  • Use 0 for unlimited
  • Use positive number for limit
  • Don’t use negative numbers

Temporary User Not Appearing in List

Symptom: Created user doesn’t show in Temporary Access page

Possible causes:

  1. Page cache – Need to refresh
  2. Database error – Creation failed silently
  3. Wrong page – Looking at Users → All Users instead

Solutions:

  1. Refresh page – Hard refresh (Ctrl+F5 or Cmd+Shift+R)
  2. Check Users → All Users – Verify user was created
  3. Try creating again – Use different username

User Can’t Access Certain Areas

Symptom: Temporary user gets “permission denied” errors

Cause: Role doesn’t have required capabilities

Solutions:

  1. Check role:
  • Subscriber can’t edit posts
  • Contributor can’t publish
  • Author can’t edit others’ posts
  • Editor can’t manage plugins
  1. Assign higher role:
  • Delete and recreate with appropriate role
  • Or edit user in Users → All Users
  1. Custom capabilities:
  • Use a role editor plugin
  • Add specific capabilities needed

Best Practices

  1. Use descriptive usernames – Include purpose/company: contractor_acme_nov
  2. Set appropriate expiry – Err on the shorter side, extend if needed
  3. Minimum necessary role – Don’t give Administrator if Editor works
  4. Use login limits for one-time access – Support tickets, demos
  5. Track access in Activity Log – Monitor what temporary users do
  6. Send links securely – Encrypted email or secure messaging
  7. Document temporary users – Note who has access and why
  8. Review regularly – Check Temporary Access page weekly
  9. Clean up manually if needed – Don’t wait for auto-expiry
  10. Combine with IP whitelist for sensitive access – Extra security layer

FAQ

Q: What happens to content created by temporary users after they’re deleted?
A: Content remains. WordPress reassigns it to a default user or leaves it orphaned (depending on configuration).

Q: Can temporary users reset their password?
A: No, they don’t have a password. They only access via the token link.

Q: Can I see what temporary users have done?
A: Yes, check the Activity Log and filter by their username.

Q: Can the same person have multiple temporary users?
A: Yes, but use different usernames. Same email address is fine.

Q: Do temporary users receive WordPress emails?
A: They have a fake internal email. Set a real display email if you want to reach them.

Q: Can temporary users change their own email or username?
A: They can edit their profile, but username can’t be changed in WordPress.

Q: What happens if I delete a temporary user manually?
A: The access link stops working immediately and the user can’t log in.

Q: Can temporary users enable 2FA on their account?
A: They can, but it’s unnecessary since they use token login. When account expires, 2FA settings are deleted too.

Q: Is there a limit to how many temporary users I can create?
A: No hard limit, but consider database performance with hundreds of users.

Q: Can I customize the access link format?
A: No, the token format is standardized for security. It must be the full URL with token parameter.