Support » Plugin: User Spam Remover » Deleting only users who have a specific role

  • Resolved philipt18

    (@philipt18)


    I have over 20,000 users registered on my site, many of which are spam registrations. Over the years I’ve improved my spam defenses, so I imagine most of those users are older. Members on my site, in most cases, need to log in to renew their membership. They login and pay via paypal, which if they’re new users moves them from level 0 users (free subscribers) to level 1 users (paid members). If they’re already members, it extends their membership for another year (using s2Member which assigned an EOT time). Therefore in theory this plugin shouldn’t catch any members, yet for some reason it does. I’m not sure why. The site is a non-profit organization and we organize our membership based on who is paid up on the web site. We can’t risk deleting members. So as an extra protection, is there (or could you add) a way to only allow deletion of a specific role? This would be useful even for sites without membership – just to insure that all Contributors, Authors, Editors, and Administrators are not deleted (you would only look at the Subscriber role). If the site is using a plugin that allows for different kinds of roles, it would be useful of course to allow a specific role to be chosen (in s2Member there is a Free Subscriber role which replaces the standard Subscriber role).

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author joelhardi

    (@joelhardi)

    Thanks for your interest in the plugin, I like your idea.

    I haven’t done any serious development on this plugin in years, I’ll see if there’s an easy way to implement what you’re suggesting.

    Sorry for the late reply, I don’t check this site often.

    Plugin Author joelhardi

    (@joelhardi)

    OK, so this is not as impossible as it initially appeared. But … I won’t claim to fully understand WP roles/capabilities or why in hell the core team decided to serialize PHP arrays and jam them into database columns, instead of adding roles/capabilities tables like any reasonable person would. (What I mean is, the values in the database wp_usermeta table are stuff like ‘a:1:{s:6:”editor”;b:1;}’ and ‘a:1:{s:10:”subscriber”;b:1;}’.)

    So, below is a patch that adds the constraint to only delete users with role containing “subscriber”. I tested it and it works for me, can you try it (on a backup of course for safety) and provide any feedback?

    
    diff --git a/htdocs/wp-content/plugins/user-spam-remover/user-spam-remover.php b/htdocs/wp-content/plugins/user-spam-remover/user-spam-remover.php
    index 3113ef6..94040c7 100644
    --- a/htdocs/wp-content/plugins/user-spam-remover/user-spam-remover.php
    +++ b/htdocs/wp-content/plugins/user-spam-remover/user-spam-remover.php
    @@ -591,8 +591,11 @@ class UserSpamRemover {
                "LEFT OUTER JOIN ${pre}comments AS c ON u.ID = c.user_id ".
                "LEFT OUTER JOIN ${pre}posts AS p ON u.ID = p.post_author ".
                "LEFT OUTER JOIN ${pre}links AS l ON u.ID = l.link_owner ".
    +           "LEFT OUTER JOIN ${pre}usermeta AS m ON u.ID = m.user_id ".
                "WHERE c.user_id IS NULL ".
    -           "AND p.post_author IS NULL AND l.link_owner IS NULL ".
    +           "AND p.post_author IS NULL ".
    +           "AND l.link_owner IS NULL ".
    +           "AND m.meta_key = 'wp_capabilities' AND m.meta_value LIKE '%subscriber%' ".
                $this->getUserWhitelistSQL()." ".
                "AND u.user_registered < DATE_ADD(NOW(), INTERVAL -$daysGrace DAY) ".
                "GROUP BY u.ID${limit};";
    

    If you have no idea what to do with this patch (sorry, I would just attach the file if this forum had that feature) let me know and we can figure out some other way for me to send it.

    This is too much of a hack and too big of a change to add to the plugin (sorry, blame WordPress core and their silly antipattern data model) but the patch should hopefully solve your problem.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Deleting only users who have a specific role’ is closed to new replies.