This is its description:

Prevent users from logging into your WordPress installation for a certain timeframe or permanently. Works also great with the multisite user management area. The locked users are easily manageable within the users overview page. The settings are within the user edit pages. No user can lock himself. No user with a lower role can lock a higher user and administrators in a network can not lock super administrators. If a user is locked, he is instantly logged out of any session until the lock expires or is removed.

No useless overhead, no ads. Just a tiny, but very effective plugin to keep your website secure.

• you do not want to delete a user, but you want to make sure he can not access the site (at least for a certain timeframe)
• an employee leaves your company and access should be removed, but you want to keep his user as an author in the system
• you want to punish a certain user which did bad things for a certain timeframe
• you want only few persons to have access to your WordPress site in order to minimize risk of incidents
•  … or maybe some other use case

Would be great to hear whatever feedback or improvement ideas 😉 

It is often recomendable to disable this notifications: Sometimes a Plugin or Theme must be extended or changed by the developer – automatic upgrades would destroy these changes. Some Plugins like Mailpress do not disable the automatic upgrade, though automatic upgrading usually leeds to huge data losses  🙁 Recently I had to learn this the hard way, but this is no excuse for incomplete backups, of course.

However the following functions can help:

1. Disable Plugin upgrades

You can disable special Plugins by pasting the following code into the Plugin itself:

add_filter('site_transient_update_plugins', 'cis_remove_plugin_update');
 
function cis_remove_plugin_update($value) {
	unset($value-\>response[ plugin_basename(__FILE__) ]);
	return $value;
}

You can alternativley paste some code into your functions.php-file of your Theme:

add_filter('site_transient_update_plugins', 'cis_remove_plugin_update');
 
function cis_remove_plugin_update($value) {
	$plugin_relative_path = "plugin_relative_path"; // this could be "akismet/akismet.php" for example
	unset($value->response[ $plugin_relative_path]);
	return $value;
}

You also can disable all Plugin upgrades, for example if you want to prevent customers from doing that:

remove_action ('load-update-core.php', 'wp_update_plugins');
add_filter ('pre_site_transient_update_plugins',create_function ('$a', "return null;"));

2. Disabling Theme Upgrades

Disable all Theme updgrades:

remove_action ('load-update-core.php', 'wp_update_themes');
add_filter ('pre_site_transient_update_themes',create_function ('$a', "return null;"));

3. Disable Core Updgrade

Note: You never should disable the Core-Upgrade of WordPress, as important security upgrades will be missed. However, if you need to do it for some reason:

add_filter ('pre_site_transient_update_core',create_function ('$a', "return null;"));

These roles do not exist since the early days of WordPress. They are mapped onto the traditional WordPress role system, which is a user level system from 0-10, while 10 is the highest level (all rights) and 0 is the lowest level (fewest rights). This interrelationship is shown on the following table from the Codex:

Each of the user levels has a certain amount of capabilities. These capabilities exactly define what a WordPress user is allowed to do on the website. The capability “edit_posts”, for example, allows a user to edit his own published posts, the capability “add_users” allows a user to add new users to the system, and so on.

Important things to know about roles and capabilities

The default system may be enough for blog systems, but not when it comes to WordPress as a CMS. The following things are important to know:

• It is possible to create custom roles and custom capabilities (as they are registered default with custom post types)
• One user can have more than one of the default roles, a user could be an “administrator”, “editor” and something like a custom “job_publisher” at the same time, for example. These roles are stored in the user-meta table for every user, in the field Table Prefix + capabilities.
• You can make a semantic rule, that users on your website only are allowed to have one role at the same time, if you want to have a simplified role handling

How to extend the default role system then?

You can search for functions and information how to do that in the Function Reference or using Google. I recommend the great and well-known Members Plugin by Justin Tadlock, which will make managing these things quite easy using the WordPress backend. Just check it out. It is described as follows:

How can we easily get roles and work with roles in Plugins and Themes now?

The following functions proved to be really useful, as they work almost anywhere you call them inside WordPress.

function getUserRolesAdminEdit() {
	
	$current_user = wp_get_current_user();
	
	$currentuserid = $current_user->ID;
	
	if(isset($_REQUEST['user_id']) && $_REQUEST['user_id']!="") {
		$currentuserid = $_REQUEST['user_id'];
	}
	
	$userroles = array('subscriber');
	
	$user = new WP_User( $currentuserid );
	
	if ( !empty( $user->roles ) && is_array( $user->roles ) ) {
		$userroles=$user->roles;
	}
	
	return $userroles;
}

function getUserRoleAdminEdit() {
	
	$current_user = wp_get_current_user();
	
	$currentuserid = $current_user->ID;
	
	if(isset($_REQUEST['user_id']) && $_REQUEST['user_id']!="") {
		$currentuserid = $_REQUEST['user_id'];
	}
	
	$userrole = 'subscriber';
	
	$user = new WP_User( $currentuserid );
	
	if ( !empty( $user->roles ) && is_array( $user->roles ) ) {
		// only change this if one user can have more than one role, which is not expected
		$userrole=$user->roles[0];
	}
	
	return $userrole;
}

function getUserIdAdminEdit() {
	
	$current_user = wp_get_current_user();
	
	$currentuserid = $current_user->ID;
	
	if(isset($_REQUEST['user_id']) && $_REQUEST['user_id']!="") {
		$currentuserid = $_REQUEST['user_id'];
	}
	
	return $currentuserid;
}