diff --git a/main/inc/ajax/social.ajax.php b/main/inc/ajax/social.ajax.php
index a936ddc704..080470a437 100755
--- a/main/inc/ajax/social.ajax.php
+++ b/main/inc/ajax/social.ajax.php
@@ -245,6 +245,10 @@ switch ($action) {
             exit;
         }
 
+        if (!Security::check_token('get', null, 'social')) {
+            exit;
+        }
+
         $userId = api_get_user_id();
         $messageInfo = MessageManager::get_message_by_id($messageId);
         if (!empty($messageInfo)) {
@@ -252,7 +256,10 @@ switch ($action) {
                 empty($messageInfo['group_id']);
             if ($canDelete || api_is_platform_admin()) {
                 SocialManager::deleteMessage($messageId);
-                echo Display::return_message(get_lang('MessageDeleted'));
+                echo json_encode([
+                    'message' => Display::return_message(get_lang('MessageDeleted')),
+                    'secToken' => Security::get_token('social')
+                ]);
                 break;
             }
         }
diff --git a/main/inc/lib/social.lib.php b/main/inc/lib/social.lib.php
index 60d90454d9..e0835318ce 100755
--- a/main/inc/lib/social.lib.php
+++ b/main/inc/lib/social.lib.php
@@ -1963,14 +1963,16 @@ class SocialManager extends UserManager
 
         $isOwnWall = $currentUserId == $userIdLoop || $currentUserId == $receiverId;
         if ($isOwnWall) {
-            $comment .= Display::url(
-                    Display::returnFontAwesomeIcon('trash', '', true),
-                'javascript:void(0)',
+            $comment .= Display::button(
+                '',
+                Display::returnFontAwesomeIcon('trash', '', true),
                 [
                     'id' => 'message_'.$message['id'],
                     'title' => get_lang('SocialMessageDelete'),
-                    'onclick' => 'deleteComment('.$message['id'].')',
-                    'class' => 'btn btn-default',
+                    'type' => 'button',
+                    'class' => 'btn btn-default btn-delete-social-comment',
+                    'data-id' => $message['id'],
+                    'data-sectoken' => Security::get_existing_token('social'),
                 ]
             );
         }
@@ -3017,30 +3019,6 @@ class SocialManager extends UserManager
         }
 
         $htmlHeadXtra[] = '<script>
-            function deleteMessage(id)
-            {
-                $.ajax({
-                    url: "'.$socialAjaxUrl.'?a=delete_message" + "&id=" + id,
-                    success: function (result) {
-                        if (result) {
-                            $("#message_" + id).parent().parent().parent().parent().html(result);
-                        }
-                    }
-                });
-            }
-
-            function deleteComment(id)
-            {
-                $.ajax({
-                    url: "'.$socialAjaxUrl.'?a=delete_message" + "&id=" + id,
-                    success: function (result) {
-                        if (result) {
-                            $("#message_" + id).parent().parent().parent().html(result);
-                        }
-                    }
-                });
-            }
-
             function submitComment(messageId)
             {
                 var data = $("#form_comment_"+messageId).serializeArray();
@@ -3069,33 +3047,39 @@ class SocialManager extends UserManager
             $(function() {
                 timeAgo();
 
-                /*$(".delete_message").on("click", function() {
-                    var id = $(this).attr("id");
-                    id = id.split("_")[1];
-                    $.ajax({
-                        url: "'.$socialAjaxUrl.'?a=delete_message" + "&id=" + id,
-                        success: function (result) {
+                $("body").on("click", ".btn-delete-social-message", function () {
+                    var id = $(this).data("id");
+                    var secToken = $(this).data("sectoken");
+
+                    $.getJSON(
+                        "'.$socialAjaxUrl.'",
+                        { a: "delete_message", id: id, social_sec_token: secToken },
+                        function (result) {
                             if (result) {
-                                $("#message_" + id).parent().parent().parent().parent().html(result);
+                                $("#message_" + id).parent().parent().parent().parent().html(result.message);
+
+                                $(".btn-delete-social-message").data("sectoken", result.secToken);
                             }
                         }
-                    });
+                    );
                 });
 
+                $("body").on("click", ".btn-delete-social-comment", function () {
+                    var id = $(this).data("id");
+                    var secToken = $(this).data("sectoken");
 
-                $(".delete_comment").on("click", function() {
-                    var id = $(this).attr("id");
-                    id = id.split("_")[1];
-                    $.ajax({
-                        url: "'.$socialAjaxUrl.'?a=delete_message" + "&id=" + id,
-                        success: function (result) {
+                    $.getJSON(
+                        "'.$socialAjaxUrl.'",
+                        { a: "delete_message", id: id, social_sec_token: secToken },
+                        function (result) {
                             if (result) {
-                                $("#message_" + id).parent().parent().parent().html(result);
+                                $("#message_" + id).parent().parent().parent().html(result.message);
+
+                                $(".btn-delete-social-comment").data("sectoken", result.secToken);
                             }
                         }
-                    });
+                    );
                 });
-                */
             });
 
             function timeAgo() {
@@ -3467,14 +3451,16 @@ class SocialManager extends UserManager
         );
 
         if ($canEdit) {
-            $htmlDelete = Display::url(
+            $htmlDelete = Display::button(
+                '',
                 Display::returnFontAwesomeIcon('trash', '', true),
-                'javascript:void(0)',
                 [
                     'id' => 'message_'.$message['id'],
                     'title' => get_lang('SocialMessageDelete'),
-                    'onclick' => 'deleteMessage('.$message['id'].')',
-                    'class' => 'btn btn-default',
+                    'type' => 'button',
+                    'class' => 'btn btn-default btn-delete-social-message',
+                    'data-id' => $message['id'],
+                    'data-sectoken' => Security::get_existing_token('social'),
                 ]
             );