Prevent from deleting any user role but subscriber

If you mean the delete button on the user list at /wp-admin/users.php, then that button is created by the WP_Users_List_Table class around (currently) line 256. If you look a little further down– a few lines– you will see a filter called user_row_actions. You can use that to hide the ‘delete’ link.

add_filter(
  'user_row_actions',
  function($actions, $user_object) {
    if (1 >= count($user_object->roles) && 'subscriber' !== $user_object->roles[0]) {
      unset($actions['delete']);
    }
    return $actions;
  },
  1,2
);

Minimally tested, but I think that logic is correct. You should see the ‘delete’ link for subscribers but not for users with any other role, including users with “subscriber” and some other role just in case you have that odd setup.

If you look carefully, and have a mischievous mind, you will notice that you can still delete any user you want by manipulating the user ID in the URL. Look carefully:

/wp-admin/users.php?action=delete&user=9&_wpnonce=8059e669c1

The filter above just hides the link. It does not prevent access to the delete screen. To do that, we’ll need more code:

add_action(
  'load-users.php',
  function() {
    if (isset($_GET['action']) && 'delete' === $_GET['action']) {
      if (isset($_GET['user'])) {
        $user_object = get_userdata($_GET['user']);
        if (1 >= count($user_object->roles) && 'subscriber' !== $user_object->roles[0]) {
          wp_die('This user cannot be deleted');
        }
      }
    }
  }
);

Even with that in place, a clever user might still be able to push the right POST values through and delete a user anyway, so you might also want a final fail-safe right before user deletion.

add_action(
  'delete_user', 
  function($id) {
    $user_object = get_userdata($id);
    if (1 >= count($user_object->roles) && 'subscriber' !== $user_object->roles[0]) {
      wp_die('This user cannot be deleted');
    }
  }
);

Note: this code was tested in a MU-Plugin file. I think is should probably work from functions.php but be sure to verify that. Also, in practice, I’d probably try to extract some of that logic so that it is reusable. Those callbacks are dangerously close to repetitive.

Related Posts:

  1. Organizing Code in your WordPress Theme's functions.php File?
  2. How to check if a user is in a specific role?
  3. How to prevent access to wp-admin for certain user roles?
  4. Limit widget to certain sidebar?
  5. Check if user is admin by user ID
  6. Highlight custom widgets in the admin area?
  7. Change the link of ‘Howdy’ at the top right
  8. Delete Post From front Page ( With Wp-admin restriction )
  9. Only allow administrators and editors to access wp-admin
  10. create users to site with specific language
  11. Hide a page in the admin end without a plugin?
  12. Set “Display name publicly as” to be usernames by default
  13. What is the capability that permits access to WP-Admin?
  14. Displaying which Role the current user is assigned to
  15. How to hide a specific user role option in a user role list?
  16. Adding HTML/Text to Top of Subscriber’s Profile Backend Page
  17. Custom role based users are not able to access wp-admin
  18. Custom roles showing HTML entities in title form field
  19. Users Unable to Access Dashboard/Posts/Pages
  20. Only allow administrators and editors to access wp-admin
  21. Allow administrators to pick post author on custom post type edit screen
  22. Adding Custom Capabilites
  23. Restrict Author role to only 3 wp-admin pages
  24. Create custom fields as image uploads [duplicate]
  25. Is there a quick way to find out what posts haven’t been tagged?
  26. Why is unfiltered_upload not working despite being enabled?
  27. Logout USER form backoffice after 30 minutes of inactivity [closed]
  28. Downgrade admin account by mistake
  29. How to set where user is redirected to after logging in at wp-login?
  30. “WordPress installations is currently out of date” problem with difficult situation [closed]
  31. User Capabilities are not available in WP REST permission callback?
  32. Change users.php WP_User_Query
  33. User Roles: How to hide a plugin from showing in WP-Admin?
  34. Is WordPress secure enough for a multi-user article directory?
  35. Add a custom field when adding / editing a page / post in admin panel
  36. Newly created user role not displaying on users screen
  37. How to check if a user is in a specific role?
  38. Give wp-admin access for shop managers
  39. How to Fix WordPress Not Saving Settings?
  40. adding existing menu page on new customer user role
  41. Google flagged a wp-admin redirect as phishing
  42. Undeletable posts, users or other content
  43. Extend user search in the users.php page to allow for searching by role and excluding specified email domains from the “users search” input box
  44. how to Hide all products except the General Manager role in the WordPress admin panel?
  45. Can I rename the wp-admin folder?
  46. How to restrict dashboard access to Admins only?
  47. How to disable the “Post Lock/Edit Lock”?
  48. I’m getting a 404 message when I try to access wpadmin
  49. wordpress wp-admin css not loading
  50. How to enable a site administrator to edit users in a WordPress network/ multisite setup?
  51. wp-admin produces a 302 redirect to itself
  52. Display sortable User meta column in admin panel user’s page
  53. Blocking Administrative Access to Authors and Subcribers?
  54. Hooking into register_admin_color_schemes
  55. Which actions can update/change .php files?
  56. Blank page for edit.php
  57. Upload media file problem
  58. comment_form – show all fields when logged in
  59. How to change how long items are kept in the trash?
  60. How can I add ‘view mode’ to screen options for pages and cpts?
  61. Using List Table Filters for ALL Custom Post Types
  62. My wp-admin stops working suddenly
  63. What is the practical difference between is_admin() and is_blog_admin()?
  64. How do I set the homepage to the WordPress Admin Dashboard login?
  65. Today, without warning, all admin panel logins redirect to home page after login. non-admin users logins work well
  66. What is wrong with this code to remove wp admin bar from one page
  67. Stopping user deletion from running on error
  68. Admin search not working for any type of post
  69. Display checked in checkbox theme admin page when reloaded
  70. List All Enqueued Scripts and Styles
  71. Can I add my own profile.php?
  72. Wp-admin is giving me an error “Sorry, you are not allowed to access this page.”. I do have access to the wp-admin besides the dashboard itself
  73. ASCII to Unicode conversion and then save the data into database using WP post editor field
  74. How to use default WP form elements to interact with custom DB table?
  75. 100+ terms in any taxonomy slows down post updates?
  76. Is WordPress Suitable for my site?
  77. How login is possible, if I deny login page via .htaccess with allow ip
  78. How to stop displaying the Id without losing the functionality
  79. How to Find The Email of a WP Admin Account
  80. how can I change the font on Edit Post area (admin dashboard)
  81. External HTTP API calls slowing down WordPress admin [closed]
  82. Why is my ‘export’ option missing?
  83. jQuery UI Datepicker error
  84. Can’t connect to WP-Admin, blank error message
  85. 404 errors when updating options in admin dashboard
  86. WordPress /wp-admin redirect to wrong port in docker
  87. How do I fix the 403 error for wp-admin/admin-ajax.php?
  88. Strange Popup Ad on my WordPress Admin Dashboard
  89. WordPress switch domains
  90. Trying to list user and post information from (wp_includes/post.php ) causes Fatal error
  91. Get Post ID in Admin Edit screen otherwise generate it?
  92. Cannot login in WordPress even after changing hash password in phpmyadmin
  93. WordPress User profile page fields missing
  94. Disable default posts (Posts,Pages,Comments and Media) in wp-admin
  95. Trying to use and understand JSON API and get_posts
  96. WordPress strips some attributes for author posts
  97. Creating your own options-general.php page
  98. I want to know if it’s good for SEO [closed]
  99. My website’s wp-admin redirects to another website’s wp-admin after pointing the site url to a subdirectiory
  100. Help please i cant login to wordpress panel [closed]

Leave a Comment