Deleting users from front-end with wp_delete_user()

by

You could use AJAX to request a custom ‘action’ and send the users’ ID. Alternatively ‘post’ the action and user ID to the same page. They are both essentially the same thing, but the former doesn’t require the page to be reloaded.

There are plenty of topics on this site that deal with AJAX, so I’ll omit the details (check out the ajax tag for more information).

Either way, you want to set action to ‘myprefix_delete_user’, and ‘user_id’ to the ID of the appropriate user.

Ajax method

Sending an ajax request with action ‘myprefix_delete_user’ will fire the hooks:

  • wp_ajax_myprefix_delete_user – if you are logged in
  • wp_ajax_nopriv_myprefix_delete_user – if you are logged out

We only want to do something if are logged in, so we attach a callback to only the first hook:

add_action('wp_ajax_myprefix_delete_user','myprefix_delete_user_cb');
function myprefix_delete_user_cb(){
    //You should check nonces and user permissions at this point.
    $user_id = int_val($_REQUEST['user_id']);
    wp_delete_user($user_id);
    exit();
}

‘POST/GET’ method

(wasn’t sure what to call this method…). Works in much the same way. You again ‘post’ the action and user_id variables. You can do this by constructing a link:

$user_id=9 //ID of the user to be deleted.
$url = add_query_arg(array('action'=>'myprefix_delete_user', 'user_id'=>$user_id));
echo  "<a href="".$url. "">Delete User</a>";

This ‘posts’ (not quite) the data to the current page. Then you hook onto ‘init‘ if the action is set:

if(isset($_REQUEST['action']) && $_REQUEST['action']=='myprefix_delete_user')
    add_action('init','myprefix_delete_user_cb');

The same callback function can be used, with the following changes:

  • Remove exit();
  • You may wish to use wp_redirect to redirect back to the same page. By redirecting, if a user clicks refresh it doesn’t try to re-perform the deletion.

Note, I have not performed any nonce or permission checks. You really should do this. The later is a simple current_user_can check. How you do the former will depend on which method, but I encourage you to read this.

This question is broadly similar and may help:

Leave a Comment