The query looks fine to me. It should not destroy Moodle. Make a
database backup first of course.
A couple of suggestions.
- Be aware that user.com is a real
domain: you might want to use your own domain or a fake, random one.
- I would also change the authentication method to nologin.
- I would also set timecreated and the various access times to 0.
- Do you need to reset the idnumber, city, country or other standard profile fields?
- If you have any tags, a picture, or custom profile fields, I would check those as well.
I might consider also making the usernames unique. I am not sure if Moodle would complain about deleted users with the same username they way it would for non-deleted users. Since the user id always remains, a username like "anon" + id does not give away any new information.
I'm not sure if you need to reset the password to an actual hash. Perhaps someone else who knows about the password field can chime in. It is just a normal varchar field. I think leaving it empty is okay, (The Moodle tool generator leaves this empty for the users it creates.)
Since user activity in Moodle is tied to the userid, all the various user activity - grades, course work, logs - will remain just as they would for any deleted user, which may include personally identifiable information. That may be okay for the level of anonymization or pseudo-anonymization you are trying to achieve. But that is another issue.
