=== User Suspend ===
Contributors: joelledesmajr
Tags: suspend, users, moderation, security, login
Requires at least: 5.8
Tested up to: 6.9
Stable tag: 2.1.2
Requires PHP: 7.4
License: GPL-2.0-or-later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Suspend WordPress user accounts with timed or permanent bans, reasons, email notifications, and a full audit log.

== Description ==

User Suspend gives you a straightforward way to suspend WordPress user accounts. Suspended users are blocked at login and their active sessions are ended immediately.

You can set a reason for each suspension, choose a date for it to lift automatically, and track everything through a built-in audit log.

**Features**

* Permanent or timed suspensions — set an expiry date and the account is automatically restored
* Suspension reasons stored and emailed to the user when their account is suspended
* Active sessions are destroyed the moment a suspension is applied
* Audit log tracks every suspend and unsuspend action with timestamps
* Dedicated Suspended Users page under the Users menu
* Status column in the Users list table
* Bulk suspend and unsuspend from the Users list table
* Administrators and the currently logged-in user cannot be suspended
* Object caching for fast suspension status lookups
* Clean uninstall removes all plugin data

== Installation ==

1. Upload the `user-suspend` folder to `/wp-content/plugins/`.
2. Activate the plugin through the **Plugins** screen in WordPress.
3. Go to **Users → Suspended Users** to manage suspensions, or open any user's profile to suspend them individually.

== Frequently Asked Questions ==

= Will suspending a user log them out immediately? =

Yes. The moment you save a suspension, all of that user's active sessions are destroyed.

= Can I set a suspension to expire automatically? =

Yes. When suspending a user from their profile page, set a date and time in the Expiry field. The account will be restored automatically when that time passes.

= Can administrators be suspended? =

No. Administrator accounts and your own account are protected and cannot be suspended.

= What happens to the suspension data if I deactivate the plugin? =

Deactivating the plugin does not remove any data. Uninstalling (deleting) the plugin removes all suspension records, audit log entries, and plugin options from the database.

== Screenshots ==

1. Suspension section on the user profile edit screen.
2. Suspended Users admin page with audit log.
3. Status column in the Users list table.

== Changelog ==

= 2.1.1 =
* Security hardening: hard-fail on missing or invalid bulk action nonce.
* Security hardening: sanitize bulk user ID array with absint before processing.
* Security hardening: strip all HTML tags from email notification fields.
* Security hardening: escape avatar output with wp_kses_post.
* Removed internal meta key from migration summary stored in options.

= 2.1.0 =
* Redesigned admin UI with stats bar, avatar thumbnails, and card-style layout.
* Added dedicated CSS file for all admin styles.
* Responsive layout for mobile admin screens.

= 2.0.3 =
* Renamed plugin to User Suspend.
* Updated Tested up to: 6.9.
* Added readme.txt for WordPress.org.
* Fixed all WordPress Coding Standards violations.
* Added complete PHPDoc coverage across all files.

= 2.0.1 =
* Fixed activation timeout in WordPress Playground by deferring data migration to admin_init.

= 2.0.0 =
* Complete rewrite with class-based architecture.
* Added timed suspensions, reasons, audit log, email notifications, bulk actions, and session destruction.
* Fixed critical logic bug in v1.0 where saving any user profile could trigger a ban.
* Added automatic migration of v1.0 ban data on activation.

== Upgrade Notice ==

= 2.1.1 =
Security hardening release. Recommended for all users.

= 2.1.0 =
Admin UI redesign. No database changes — safe to upgrade.

= 2.0.3 =
Rename to User Suspend. No database changes — safe to upgrade from 2.0.x.
