內容簡介
總結:這個 WordPress 外掛為管理員在 WordPress 使用者清單中新增了「刪除自己的帳號」選項。該刪除連結只會顯示在目前管理員自己的帳號行,使用紅色文字樣式,類似 WordPress 預設的刪除連結。
問題與答案:
1. 這個外掛的主要功能是什麼?
- 安全刪除,具有 WordPress nonce 驗證
- 安全檢查以防止刪除最後一個管理員
- 文章自動重新分配給另一位管理員
- 刪除前的確認對話框
- 成功刪除後立即登出並重新導向
2. 什麼樣的用戶可以看到「刪除自己的帳號」連結?
- 啟用後,只有管理員在使用者清單(Dashboard -> Users)中的自己帳號行會看到紅色的「刪除自己的帳號」連結。
這是一個幫助管理員安全刪除自己帳號的外掛,確保操作正確以及文章的順利重新分配給其他管理員。
外掛標籤
開發者團隊
原文外掛簡介
Adds a safe “Delete Own Account” action to an administrator’s own row in the WordPress Users list, enabling self-removal while preserving site integrity.
On confirmation, the plugin routes you through a dedicated deletion screen where you must select another administrator to receive all authored content.
The user is logged out immediately after successful deletion.
Overview
Delete Own Admin Account integrates with the native Users screen and WordPress deletion workflow to let an administrator remove their own user account
without requiring access to another admin’s profile. The action is visible only on the currently logged-in administrator’s own row and is styled like native delete links.
During confirmation, the plugin enforces last-admin protection and requires content reassignment to another administrator to prevent orphaned content.
What you see
Users list: A red “Delete Own Account” link appears only on your own administrator row (as in the first provided image).
Confirmation screen: “Delete Administrator Account” screen displays a warning, the number of your authored posts, and a required dropdown to select the administrator who will receive your content. Buttons: Confirm Deletion, Cancel.
Key Features
Visibility limited to self
– Adds a red “Delete Own Account” link only on the current administrator’s own row (Dashboard → Users).
Secure workflow
– Enforces WordPress capability checks (administrator context; delete_users).
– Uses nonce verification to mitigate CSRF attacks.
– Confirms the account to delete matches the logged-in user.
– Prevents deletion if you are the last remaining administrator.
Guided confirmation
– Displays a dedicated confirmation screen with an explicit warning.
– Requires selecting another administrator for content reassignment.
Content preservation
– Reassigns all posts, pages, media, and custom post types authored by the deleted account to the chosen administrator.
– Logs out and redirects the user immediately after successful deletion.
Requirements and compatibility
Role/capabilities: Only administrators (users capable of managing and deleting users) see and can use the action.
Multisite: Primarily intended for singlesite installations. See “Multisite considerations.”
Configuration
No settings page. The functionality is active immediately upon activation.
Pre-deletion checklist (strongly recommended)
Ensure there is at least one other active administrator and verify their credentials.
Back up the site (database and files) before proceeding.
Review integrations that reference your user ID:
E-commerce, LMS, membership, workflow, or approval plugins.
API keys, application passwords, or automations tied to your user.
Third-party services that may store your WordPress user ID or email.
Decide who should own your content after deletion and ensure that user is an administrator.
Verify that critical scheduled tasks (cron) or hooks are not tied to your personal user ID.
Usage
Navigate to Dashboard → Users.
In your own administrator row, click “Delete Own Account.”
On the confirmation screen:
Read the warning message.
From “Reassign posts to,” choose the administrator who will receive all your content.
Click Confirm Deletion.
Result:
Your user account is deleted.
All authored content is transferred to the selected administrator.
You are logged out immediately and redirected.
How content reassignment works
Scope: Posts, pages, media (attachments), and custom post types authored by the deleted administrator are reassigned to the selected administrator.
Comments: Existing comments remain as stored; comment author display is not retroactively changed.
Taxonomies: Terms remain intact; authorship metadata associated with terms is not typical and is not modified unless managed by a specific plugin.
Control: You must select the target administrator on the confirmation screen. If you need a different outcome, reassign content manually before deletion.
Security model
Capability checks ensure only qualified administrators can trigger self-deletion.
Nonce verification protects the action from CSRF.
Identity check ensures the account-to-delete matches the currently logged-in user.
Last-admin protection prevents lockouts by blocking deletion if you are the only administrator.
Session handling logs you out immediately upon success to avoid stale sessions.
Multisite considerations
The plugin targets single-site usage. In a network:
Super Admin capabilities may change behavior and available actions.
Test in staging before using on a production network.
Ensure another administrator or Super Admin retains access to the site.
Limitations
No bulk deletion; action is for the current administrator only.
No bypass of last-admin protection.
No custom UI to migrate non-post data stored by other plugins against user IDs; audit third-party data separately.
Irreversible: Deletion cannot be undone except by restoring from backup.
Risks and best practices
Risk of lockout if performed without another administrator available. Always verify another admin can log in.
Potential impact on plugins that store user IDs for ownership, approvals, or licensing. Review and test.
Auditing needs: If you require an audit trail, use a security/audit log plugin to record user deletions.
Always perform a full site backup beforehand and validate on a staging environment for complex setups.
Troubleshooting
The “Delete Own Account” link does not appear:
Confirm you are logged in as an administrator and viewing your own user row.
Verify the plugin is activated.
Check role/capability manager plugins that might override permissions.
If you are the last remaining administrator, deletion is intentionally blocked.
Cannot confirm deletion (no administrators in dropdown):
Create or promote another user to administrator, then retry.
Content reassignment target is incorrect:
Cancel, reassign authorship of critical content manually first, then repeat the deletion.
Redirected but account still exists:
Clear caches, retry, and check for plugin conflicts; review server error logs.
Uninstallation
Deactivating or deleting this plugin does not restore previously deleted users.
The plugin stores no settings and creates no custom tables; it can be safely removed after use.
Support
Use the plugin’s WordPress.org support forum for issues and feature requests.
When requesting support, include:
WordPress version
Single-site vs. multisite setup
Any role/capability manager plugins in use
Detailed steps to reproduce the issue
