Deleting users from front-end with wp_delete_user()

1 Views

I would like admins to be able to delete users from the frontend with the click of a button. How could I use the wp_delete_users() function to create such a button on the frontend if the user ID is provided?

Post Views: 1

Related posts

Leave a Reply

2 comments

  1. You could use AJAX to request a custom ‘action’ and send the users’ ID. Alternatively ‘post’ the action and user ID to the same page. They are both essentially the same thing, but the former doesn’t require the page to be reloaded.

    There are plenty of topics on this site that deal with AJAX, so I’ll omit the details (check out the ajax tag for more information).

    Either way, you want to set action to ‘myprefix_delete_user’, and ‘user_id’ to the ID of the appropriate user.

    Ajax method

    Sending an ajax request with action ‘myprefix_delete_user’ will fire the hooks:

    • wp_ajax_myprefix_delete_user – if you are logged in
    • wp_ajax_nopriv_myprefix_delete_user – if you are logged out

    We only want to do something if are logged in, so we attach a callback to only the first hook:

    add_action('wp_ajax_myprefix_delete_user','myprefix_delete_user_cb');
function myprefix_delete_user_cb(){
    //You should check nonces and user permissions at this point.
    $user_id = int_val($_REQUEST['user_id']);
    wp_delete_user($user_id);
    exit();
}

    ‘POST/GET’ method

    (wasn’t sure what to call this method…). Works in much the same way. You again ‘post’ the action and user_id variables. You can do this by constructing a link:

    $user_id=9 //ID of the user to be deleted.
$url = add_query_arg(array('action'=>'myprefix_delete_user', 'user_id'=>$user_id));
echo  "<a href='".$url. "'>Delete User</a>";

    This ‘posts’ (not quite) the data to the current page. Then you hook onto ‘init‘ if the action is set:

    if(isset($_REQUEST['action']) && $_REQUEST['action']=='myprefix_delete_user')
    add_action('init','myprefix_delete_user_cb');

    The same callback function can be used, with the following changes:

    • Remove exit();
    • You may wish to use wp_redirect to redirect back to the same page. By redirecting, if a user clicks refresh it doesn’t try to re-perform the deletion.

    Note, I have not performed any nonce or permission checks. You really should do this. The later is a simple current_user_can check. How you do the former will depend on which method, but I encourage you to read this.

    This question is broadly similar and may help:

  2. The above answer has an error and an omission (not sure why it has 4 checks)

    1) int_val not a WP function intval is a WP function

    2) You need to include("./wp-admin/includes/user.php" ) to call wp_delete_user

    I wanted to delete users without going to admin dashboard – Here is working code solution:

    add_action('init','prefix_delete_user');
function prefix_delete_user() {
if(isset($_REQUEST['action']) && $_REQUEST['action']=='prefix_delete_user') {
   include("./wp-admin/includes/user.php" );
   //check admin permissions.
   if (current_user_can('edit_users')) {
       $user_id = intval($_REQUEST['user_id']);
       wp_delete_user($user_id);
       exit();
   }
}
}

    Action happens when you post this

    http://website.com/?action=prefix_delete_user&user_id=<ID>

    Add to your functions.php