Title: wp_ajax_delete_plugin Published: August 16, 2016 Last modified: February 24, 2026 --- # wp_ajax_delete_plugin() ## In this article * [Description](https://developer.wordpress.org/reference/functions/wp_ajax_delete_plugin/?output_format=md#description) - [See also](https://developer.wordpress.org/reference/functions/wp_ajax_delete_plugin/?output_format=md#see-also) * [Source](https://developer.wordpress.org/reference/functions/wp_ajax_delete_plugin/?output_format=md#source) * [Related](https://developer.wordpress.org/reference/functions/wp_ajax_delete_plugin/?output_format=md#related) * [Changelog](https://developer.wordpress.org/reference/functions/wp_ajax_delete_plugin/?output_format=md#changelog) [ Back to top](https://developer.wordpress.org/reference/functions/wp_ajax_delete_plugin/?output_format=md#wp--skip-link--target) Handles deleting a plugin via AJAX. ## 󠀁[Description](https://developer.wordpress.org/reference/functions/wp_ajax_delete_plugin/?output_format=md#description)󠁿 ### 󠀁[See also](https://developer.wordpress.org/reference/functions/wp_ajax_delete_plugin/?output_format=md#see-also)󠁿 * [delete_plugins()](https://developer.wordpress.org/reference/functions/delete_plugins/) ## 󠀁[Source](https://developer.wordpress.org/reference/functions/wp_ajax_delete_plugin/?output_format=md#source)󠁿 ```php function wp_ajax_delete_plugin() { check_ajax_referer( 'updates' ); if ( empty( $_POST['slug'] ) || empty( $_POST['plugin'] ) ) { wp_send_json_error( array( 'slug' => '', 'errorCode' => 'no_plugin_specified', 'errorMessage' => __( 'No plugin specified.' ), ) ); } $plugin = plugin_basename( sanitize_text_field( wp_unslash( $_POST['plugin'] ) ) ); $status = array( 'delete' => 'plugin', 'slug' => sanitize_key( wp_unslash( $_POST['slug'] ) ), ); if ( ! current_user_can( 'delete_plugins' ) || 0 !== validate_file( $plugin ) ) { $status['errorMessage'] = __( 'Sorry, you are not allowed to delete plugins for this site.' ); wp_send_json_error( $status ); } $plugin_data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin ); $status['plugin'] = $plugin; $status['pluginName'] = $plugin_data['Name']; if ( is_plugin_active( $plugin ) ) { $status['errorMessage'] = __( 'You cannot delete a plugin while it is active on the main site.' ); wp_send_json_error( $status ); } // Check filesystem credentials. `delete_plugins()` will bail otherwise. $url = wp_nonce_url( 'plugins.php?action=delete-selected&verify-delete=1&checked[]=' . $plugin, 'bulk-plugins' ); ob_start(); $credentials = request_filesystem_credentials( $url ); ob_end_clean(); if ( false === $credentials || ! WP_Filesystem( $credentials ) ) { global $wp_filesystem; $status['errorCode'] = 'unable_to_connect_to_filesystem'; $status['errorMessage'] = __( 'Unable to connect to the filesystem. Please confirm your credentials.' ); // Pass through the error from WP_Filesystem if one was raised. if ( $wp_filesystem instanceof WP_Filesystem_Base && is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->has_errors() ) { $status['errorMessage'] = esc_html( $wp_filesystem->errors->get_error_message() ); } wp_send_json_error( $status ); } $result = delete_plugins( array( $plugin ) ); if ( is_wp_error( $result ) ) { $status['errorMessage'] = $result->get_error_message(); wp_send_json_error( $status ); } elseif ( false === $result ) { $status['errorMessage'] = __( 'Plugin could not be deleted.' ); wp_send_json_error( $status ); } wp_send_json_success( $status ); } ``` [View all references](https://developer.wordpress.org/reference/files/wp-admin/includes/ajax-actions.php/) [View on Trac](https://core.trac.wordpress.org/browser/tags/6.9.4/src/wp-admin/includes/ajax-actions.php#L4719) [View on GitHub](https://github.com/WordPress/wordpress-develop/blob/6.9.4/src/wp-admin/includes/ajax-actions.php#L4719-L4785) ## 󠀁[Related](https://developer.wordpress.org/reference/functions/wp_ajax_delete_plugin/?output_format=md#related)󠁿 | Uses | Description | | [is_plugin_active()](https://developer.wordpress.org/reference/functions/is_plugin_active/)`wp-admin/includes/plugin.php` | Determines whether a plugin is active. | | [delete_plugins()](https://developer.wordpress.org/reference/functions/delete_plugins/)`wp-admin/includes/plugin.php` | Removes directory and files of a plugin for a list of plugins. | | [get_plugin_data()](https://developer.wordpress.org/reference/functions/get_plugin_data/)`wp-admin/includes/plugin.php` | Parses the plugin contents to retrieve plugin’s metadata. | | [request_filesystem_credentials()](https://developer.wordpress.org/reference/functions/request_filesystem_credentials/)`wp-admin/includes/file.php` | Displays a form to the user to request for their FTP/SSH details in order to connect to the filesystem. | | [WP_Filesystem()](https://developer.wordpress.org/reference/functions/wp_filesystem/)`wp-admin/includes/file.php` | Initializes and connects the WordPress Filesystem Abstraction classes. | | [validate_file()](https://developer.wordpress.org/reference/functions/validate_file/)`wp-includes/functions.php` | Validates a file name and path against an allowed set of rules. | | [plugin_basename()](https://developer.wordpress.org/reference/functions/plugin_basename/)`wp-includes/plugin.php` | Gets the basename of a plugin. | | [current_user_can()](https://developer.wordpress.org/reference/functions/current_user_can/)`wp-includes/capabilities.php` | Returns whether the current user has the specified capability. | | [__()](https://developer.wordpress.org/reference/functions/__/)`wp-includes/l10n.php` | Retrieves the translation of $text. | | [sanitize_text_field()](https://developer.wordpress.org/reference/functions/sanitize_text_field/)`wp-includes/formatting.php` | Sanitizes a string from user input or from the database. | | [wp_unslash()](https://developer.wordpress.org/reference/functions/wp_unslash/)`wp-includes/formatting.php` | Removes slashes from a string or recursively removes slashes from strings within an array. | | [esc_html()](https://developer.wordpress.org/reference/functions/esc_html/)`wp-includes/formatting.php` | Escaping for HTML blocks. | | [sanitize_key()](https://developer.wordpress.org/reference/functions/sanitize_key/)`wp-includes/formatting.php` | Sanitizes a string key. | | [check_ajax_referer()](https://developer.wordpress.org/reference/functions/check_ajax_referer/)`wp-includes/pluggable.php` | Verifies the Ajax request to prevent processing requests external of the blog. | | [wp_send_json_error()](https://developer.wordpress.org/reference/functions/wp_send_json_error/)`wp-includes/functions.php` | Sends a JSON response back to an Ajax request, indicating failure. | | [wp_send_json_success()](https://developer.wordpress.org/reference/functions/wp_send_json_success/)`wp-includes/functions.php` | Sends a JSON response back to an Ajax request, indicating success. | | [wp_nonce_url()](https://developer.wordpress.org/reference/functions/wp_nonce_url/)`wp-includes/functions.php` | Retrieves URL with nonce added to URL query. | | [is_wp_error()](https://developer.wordpress.org/reference/functions/is_wp_error/)`wp-includes/load.php` | Checks whether the given variable is a WordPress Error. | [Show 13 more](https://developer.wordpress.org/reference/functions/wp_ajax_delete_plugin/?output_format=md#) [Show less](https://developer.wordpress.org/reference/functions/wp_ajax_delete_plugin/?output_format=md#) ## 󠀁[Changelog](https://developer.wordpress.org/reference/functions/wp_ajax_delete_plugin/?output_format=md#changelog)󠁿 | Version | Description | | [4.6.0](https://developer.wordpress.org/reference/since/4.6.0/) | Introduced. | ## User Contributed Notes You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_ajax_delete_plugin%2F) before being able to contribute a note or feedback.