Good question. Ideally, each user's timezone would be required information. The server would check to see if the requesting user's local time meant that the website should be "open" for them.

Honestly this would probably just make VPN services more widely used to workaround shutdowns.

True, unless the timezone was tied to each user's accounts. The website doesn't have to "not work" it just has to return a page that says something to the effect of "we are closed for business."

So a user couldn't just change their timezone? What if they moved?

Also who is this to protect? The user? What if they work midnights or their days are backwards?

There are cases where the business shouldn't promote the use of its website at odd hours (child protection, gambling addiction and other similar things).

Exactly

A minute of silence for those with unusual circadian rythms.