There's quite a lot of misinformation in this thread. Any EU user under GDPR has the right to request that any data that can identify them individually be removed, and a copy of all data in scope provided to them for review. Regardless of whether the forum depends on your content for survival isn't relevant at all - if the user requests any attributable data be deleted, then masking or redaction is a possibility.
If the platform allows the user to delete their account, then this typically means all information associated with that account. You can keep the content, provided their is zero attribution.
Finally, you could argue legitimate interest in keeping such data, but be warned that this isn't easy to prove with a forum. Anything outside of this would be implied consent, which has it's own legal basis for processing. In most cases, regulatory requirements will trump GDPR such as the SEC, FINRA, or the FCA, but if you are not a regulated industry, you cannot take this route.
The larger concern here that nobody has addressed is the ability any potential extension or core feature would need to be able to report a breach of information to members. There is also the need for Subject Access Requests. under GDPR, as a custodian or processor of data belonging to an EU national, you have 30 days to respond - or face a penalty from the ICO - this currently stands at €20m, or 4 times the annual turnover of any parent company.