diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
index 823e5d571e..c81d092efe 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
@@ -92,6 +92,8 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
 					'reassign' => array(
 						'type'        => 'integer',
 						'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
+						'required'    => true,
+						'sanitize_callback' => array( $this, 'check_reassign' ),
 					),
 				),
 			),
@@ -125,6 +127,8 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
 					'reassign' => array(
 						'type'        => 'integer',
 						'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
+						'required'    => true,
+						'sanitize_callback' => array( $this, 'check_reassign' ),
 					),
 				),
 			),
@@ -132,6 +136,31 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
 		));
 	}
 
+	/**
+	 * Checks for a valid value for the reassign parameter when deleting users.
+	 *
+	 * The value can be an integer, 'false', false, or ''.
+	 *
+	 * @since 4.7.0
+	 *
+	 * @param int|bool        $value   The value passed to the reassign parameter.
+	 * @param WP_REST_Request $request Full details about the request.
+	 * @param string          $param   The parameter that is being sanitized.
+	 *
+	 * @return int|bool|WP_Error
+	 */
+	public function check_reassign( $value, $request, $param ) {
+		if ( is_numeric( $value ) ) {
+			return $value;
+		}
+
+		if ( empty( $value ) || false === $value || 'false' === $value ) {
+			return false;
+		}
+
+		return new WP_Error( 'rest_invalid_param', __( 'Invalid user parameter(s).' ), array( 'status' => 400 ) );
+	}
+
 	/**
 	 * Permissions check for getting all users.
 	 *
@@ -673,7 +702,7 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
 	 */
 	public function delete_item( $request ) {
 		$id       = (int) $request['id'];
-		$reassign = isset( $request['reassign'] ) ? absint( $request['reassign'] ) : null;
+		$reassign = false === $request['reassign'] ? null : absint( $request['reassign'] );
 		$force    = isset( $request['force'] ) ? (bool) $request['force'] : false;
 
 		// We don't support trashing for users.
diff --git a/tests/phpunit/tests/rest-api/rest-users-controller.php b/tests/phpunit/tests/rest-api/rest-users-controller.php
index 62da9228fe..5911bad14d 100644
--- a/tests/phpunit/tests/rest-api/rest-users-controller.php
+++ b/tests/phpunit/tests/rest-api/rest-users-controller.php
@@ -1639,7 +1639,8 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
 
 		$userdata = get_userdata( $user_id ); // cache for later
 		$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
-		$request['force'] = true;
+		$request->set_param( 'force', true );
+		$request->set_param( 'reassign', false );
 		$response = $this->server->dispatch( $request );
 
 		$this->assertEquals( 200, $response->get_status() );
@@ -1657,6 +1658,7 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
 		$userdata = get_userdata( $user_id ); // cache for later
 
 		$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
+		$request->set_param( 'reassign', false );
 		$response = $this->server->dispatch( $request );
 		$this->assertErrorResponse( 'rest_trash_not_supported', $response, 501 );
 
@@ -1678,6 +1680,7 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
 
 		$request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' );
 		$request['force'] = true;
+		$request->set_param( 'reassign', false );
 		$response = $this->server->dispatch( $request );
 
 		$this->assertEquals( 200, $response->get_status() );
@@ -1694,6 +1697,7 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
 		update_site_option( 'site_admins', array( $user->user_login ) );
 
 		$request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' );
+		$request->set_param( 'reassign', false );
 		$response = $this->server->dispatch( $request );
 		$this->assertErrorResponse( 'rest_trash_not_supported', $response, 501 );
 
@@ -1714,12 +1718,14 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
 
 		$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
 		$request['force'] = true;
+		$request->set_param( 'reassign', false );
 		$response = $this->server->dispatch( $request );
 
 		$this->assertErrorResponse( 'rest_user_cannot_delete', $response, 403 );
 
 		$request = new WP_REST_Request( 'DELETE', '/wp/v2/users/me' );
 		$request['force'] = true;
+		$request->set_param( 'reassign', false );
 		$response = $this->server->dispatch( $request );
 
 		$this->assertErrorResponse( 'rest_user_cannot_delete', $response, 403 );
@@ -1731,6 +1737,7 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
 
 		$request = new WP_REST_Request( 'DELETE', '/wp/v2/users/100' );
 		$request['force'] = true;
+		$request->set_param( 'reassign', false );
 		$response = $this->server->dispatch( $request );
 
 		$this->assertErrorResponse( 'rest_user_invalid_id', $response, 404 );
@@ -1778,6 +1785,96 @@ class WP_Test_REST_Users_Controller extends WP_Test_REST_Controller_Testcase {
 		$this->assertErrorResponse( 'rest_user_invalid_reassign', $response, 400 );
 	}
 
+	public function test_delete_user_invalid_reassign_passed_as_string() {
+		$user_id = $this->factory->user->create();
+
+		$this->allow_user_to_manage_multisite();
+		wp_set_current_user( self::$user );
+
+		$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
+		$request['force'] = true;
+		$request->set_param( 'reassign', 'null' );
+		$response = $this->server->dispatch( $request );
+
+		$this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
+	}
+
+	public function test_delete_user_reassign_passed_as_boolean_false_trashes_post() {
+		$user_id = $this->factory->user->create();
+
+		$this->allow_user_to_manage_multisite();
+		wp_set_current_user( self::$user );
+
+		$test_post = $this->factory->post->create(array(
+			'post_author' => $user_id,
+		));
+
+		$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
+		$request['force'] = true;
+		$request->set_param( 'reassign', false );
+		$this->server->dispatch( $request );
+
+		$test_post = get_post( $test_post );
+		$this->assertEquals( 'trash', $test_post->post_status );
+	}
+
+	public function test_delete_user_reassign_passed_as_string_false_trashes_post() {
+		$user_id = $this->factory->user->create();
+
+		$this->allow_user_to_manage_multisite();
+		wp_set_current_user( self::$user );
+
+		$test_post = $this->factory->post->create(array(
+			'post_author' => $user_id,
+		));
+
+		$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
+		$request['force'] = true;
+		$request->set_param( 'reassign', 'false' );
+		$this->server->dispatch( $request );
+
+		$test_post = get_post( $test_post );
+		$this->assertEquals( 'trash', $test_post->post_status );
+	}
+
+	public function test_delete_user_reassign_passed_as_empty_string_trashes_post() {
+		$user_id = $this->factory->user->create();
+
+		$this->allow_user_to_manage_multisite();
+		wp_set_current_user( self::$user );
+
+		$test_post = $this->factory->post->create(array(
+			'post_author' => $user_id,
+		));
+
+		$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
+		$request['force'] = true;
+		$request->set_param( 'reassign', '' );
+		$this->server->dispatch( $request );
+
+		$test_post = get_post( $test_post );
+		$this->assertEquals( 'trash', $test_post->post_status );
+	}
+
+	public function test_delete_user_reassign_passed_as_0_reassigns_author() {
+		$user_id = $this->factory->user->create();
+
+		$this->allow_user_to_manage_multisite();
+		wp_set_current_user( self::$user );
+
+		$test_post = $this->factory->post->create(array(
+			'post_author' => $user_id,
+		));
+
+		$request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/users/%d', $user_id ) );
+		$request['force'] = true;
+		$request->set_param( 'reassign', 0 );
+		$this->server->dispatch( $request );
+
+		$test_post = get_post( $test_post );
+		$this->assertEquals( 0, $test_post->post_author );
+	}
+
 	public function test_get_item_schema() {
 		$request = new WP_REST_Request( 'OPTIONS', '/wp/v2/users' );
 		$response = $this->server->dispatch( $request );