Delete all spam users on WordPress at once

You can use the built-in “Bulk Delete” feature but what if thousands of spammers are registered on your site? This will take you whole the day to delete only a couple of thousands of spammers. Moreover, you can’t remove more than 20 to 50 users at once because this might generate another error.

As a developer, I came across this type of situation several times and hardly tried to delete spam users using the bulk delete option. However, I discovered that it’s not possible to manually delete thousands of spam users and this is not an efficient use of our time.

So I thought of writing code to programmatically delete all the spam users at once & based on the user role. Finally, I came up with a complete solution to delete all spammers who registered on your WordPress website.

Let’s see how you can do that.

How to delete all spam users?

If you take a look at the user roles more closely, you will see that all the spammers signed up on your website with a specific role.

If you are using WooCommerce then the role might be “customer.” If you’re not using WooCommerce, the spammers’ role might be “subscriber.”

The gist is, the spammers register for accounts with the default role. If you want to see a new user’s default role, navigate to “Settings – General” and look for “New User Default Role.”

Anyways, after you identified the user role of the spammers, take note of it and follow the next steps.

Step 1: Open functions.php

In the first step, open the “functions.php” file of your active theme.

If you don’t know, after you log in to your hosting or FTP, navigate to your WordPress installation and then “wp-content – themes” and here you will find your active theme. From there open the functions.php file in a text editor.

Step 2: Copy & paste the following code

After you open your “functions.php”, copy & paste the following code at the very bottom.

function delete_all_spammers($role) {
	require_once(ABSPATH . 'wp-admin/includes/user.php');

	$users = get_users(array('role' => array($role)));

	foreach( $users as $user ) {

As I mentioned in the video, don’t forget to replace the user role at the last line. In my example, the spam user role is “customer” but in your case, it could be “subscriber.”

After you save your file, go back to your WordPress admin dashboard and click on “Users” again. If you saw that all spam users are removed, then you’re all done. However, make sure you deleted the PHP code from your “functions.php” and resave it again.

But if get an error, don’t panic!


Go back to your functions.php and remove the code and reload your website. And try again the code and reload your website. You may need to follow this process a couple of times if you have more than 10,000 spam users.


I tried to find a solution and even a plugin to remove all spam users at once but never found one. There are a couple of my clients who had the issue and I was exhausted to remove thousands of spammers on their websites.

However, after a couple of days, I came up with this solution to delete all spam users on WordPress websites at the same time.