So, I’ve been trying to delete the original user for a multisite installation. After removing the super-admin privileges and setting another user to the network admin, I noticed that hitting the delete button from the network user admin would just refresh the page.
I then proceeded to remove this user as the admin user in the General settings of each individual site. Still just a refresh when I try to remove.
This led me to dig into the WordPress code to see why this was happening, and I see that WP is behaving exactly as intended, and that I am programatically prevented from removing the user with ID = 1.
Line 30 of users.php has the following conditional:
if ( $id != '0' && $id != '1' ) {
The delete code simply won’t execute on this user. I can find a way around this, but seeing this baked into the code has me thinking twice about it.
So my question is twofold:
- Why is this restriction hard coded? If I’ve got other users with sufficient permissions to do everything, what unforeseen consequences will there be if this user dissappears?
- What’s my best strategy for circumventing this? My first thought is just to delete that user’s lines from the
userandusermetatable. But it occurs to me I could also change the users ID to make sure the normal WP user removal processes complete. Or is there possibly another option?
1 Answer
Don’t delete the user, just change the email, username(optionally) and password in the users table. you can insert a MD5 string in the password field of the users table and WordPress will salt and hash it to a more secure format the first time you log in.
