I have over 200,000+ users on one of my sites, most of them due to spammy spammers spamming up the place, is this an all in one thing that will try to load all 200,000+ or does it do them a chunk at a time?
thanks for the code, this something that should be baked in, along with email verification of accounts before they can post.
This is all in one (not very robust). It uses brute force to loop through every user, then uses built in functions of WordPress to check each user’s credentials.
It almost timed out on my site with a measly 7000 users, so 200,000 will almost certainly be a problem.
Suffice to say, it’ll need chunking. I’m also checking on some safety issues with the way I’m detecting superfluous users. It currently does these checks:
1. Is the user only a subscriber (this is the questionable check – though it seems to work)?
2. Does the user have any posts?
3. Does the user have any approved comments?
As long as the user has no posts, no approved comments, and is only a subscriber, it’ll delete that user.
If you want to use this as is, you can comment out the entire foreach block starting on line 73. That will make it so you can at least load the page (this block tries to count the number of users it will delete – which in your case will likely timeout).
You can then just hit “Do it!” a few times (it’ll time out each time, but it’ll take a chunk of user out before it times out).
I should also mention – backup your database before doing any of this! 
I was going through my mental checklist of possible problems, and I realized that I’m sharing the user table with two or three subdomains that are using separate installations of wordpress. I’m assuming that your code has no way to see if there’s comments or posts on those other wp-posts tables?
unfocus Prune Users is a pretty straight forward nuclear option. It checks those 3 things listed above for each user, and then deletes them, mercilessly.
Actually, those 3 checks are done through WP API calls – so I’m not really sure if other wp-posts tables would be checked. I would guess not..
