The following items should be looked at:
- The 'UserCreateForm' and 'UserLoginForm' hooks are deprecated. To just inject text, you might use the 'AuthChangeFormFields' hook instead (like this).
- The 'AbortNewAccount' hook is deprecated. Implement a PreAuthenticationProvider (or other AuthenticationProvider) instead.
- $wgAuth is deprecated, and uses of it should be replaced.
- Adding users directly to the database is probably not going to reliably work anymore in all cases. Ideally users would be created through the normal Special:CreateAccount page, and assigned a group (e.g. using the 'LocalUserCreated' hook) that would cause a PreAuthenticationProvider to prevent any login. "Confirming" the account would then remove this group.
- Deletion of users is a tricky business when other extensions might still have record of the user and might even try to auto-create them if they're missing. If you really need this sort of thing, you'll likely need to add a hook on deletion and make sure every other extension that tracks users implements it.