Skip to content
Ways to Stop Users from Deactivating WordPress Plugins

Ways to Stop Users from Deactivating WordPress Plugins

Are you concerned about clients accidentally turning off important WordPress plugins?

If you build websites for others, you likely have certain essential plugins you always install. If a client accidentally deactivates one of these, it could lead to serious issues on their website. In this post, we’ll show you how to prevent clients from disabling WordPress plugins.

 

As a website owner, you rely on certain WordPress plugins to improve your website’s functionality.

 

But what happens when a user, either intentionally or accidentally, deactivates a plugin? It can cause your website to malfunction or break entirely. In this blog, we’ll look at a few ways to stop users from deactivating WordPress plugins and keep your website running smoothly.

 

1. Use a plugin to disable plugin deactivation

Installing a plugin that blocks the deactivation option is one of the simplest methods to stop users from uninstalling WordPress plugins. One such plugin that eliminates the deactivation link from plugins essential to the operation of your website is the Disable Plugin Deactivation plugin. By doing this, you may prevent people from deactivating certain plugins and perhaps breaking your website.

 

2. Restrict access to the plugins page

Restricting users’ access to the plugins page is another technique to stop them from removing plugins. You may accomplish this by utilizing a plugin called Members, which enables you to design unique roles and functions for visitors of your website. You may make sure that visitors cannot access the plugins page and, consequently, cannot disable any plugins by defining a custom role that only has access to specific regions of your website.

 

3. Educate your users

Users frequently disable plugins because they are unaware of their significance or how they influence the functioning of the website. Providing your users with information about the value of certain plugins and the possible repercussions of deactivating them can help to greatly reduce the likelihood of inadvertent deactivation. You should make sure that all users have easy access to any documentation or tutorials you develop on how to use and maintain plugins.

 

4. Implement a website backup system

Having a website backup system in place might help you restore your website to its prior condition if a plugin is mistakenly removed and it malfunctions. Utilizing a plugin like UpdraftPlus, which enables you to backup and restore your website with a single click, is one way to accomplish this. You can rapidly recover from any unintentional deactivations if you have an established website backup strategy.

 

5. Password protect the plugins page

An other useful method of preventing visitors from accessing the plugins page is to password-protect it. To secure the plugins page and make sure that only authorized users can access it and make changes, you may use a plugin like Password Protected to set a password. If various users have varying degrees of access to your website, this is extremely helpful.

 

6. Use a monitoring plugin

You can keep track of all modifications made to your website, including the activation and deactivation of plugins, with the use of a monitoring plugin like WP Activity Log. This can assist you in swiftly identifying any possible difficulties and taking steps to stop them from becoming problems. When a plugin is deactivated, the plugin might notify you through email so that you can take prompt action to fix the problem.

 

7. Customize the user roles and capabilities

Another technique to stop users from deactivating WordPress plugins is to modify user roles and capabilities. You may limit access to the plugins page and guarantee that only authorized users can make modifications by giving your users special roles and capabilities. To give your users unique roles and skills, you may use a plugin like User Role Editor.

You can stop people from deactivating WordPress plugins and make sure your website functions properly by putting these suggestions into practice. Keep in mind that although it’s crucial to prevent unintentional deactivations, it’s as crucial to provide your users the opportunity to make the required adjustments and upgrades. You can preserve your website’s functioning and security while giving your users the best experience by striking the correct balance.

 

Here are some snippets of code that you can use to put some of the advice I gave previously into practice to prevent users from uninstalling WordPress plugins.

 

1. Use a plugin to disable plugin deactivation:

 

/**
* Disable Plugin Deactivation
*/
function disable_plugin_deactivation($actions, $plugin_file, $plugin_data, $context) {
  if(array_key_exists('deactivate', $actions) && in_array($plugin_file, array(
    'plugin1/plugin1.php',
    'plugin2/plugin2.php',
    'plugin3/plugin3.php'
  ))) {
    unset($actions['deactivate']);
  }
  return $actions;
}
add_filter('plugin_action_links', 'disable_plugin_deactivation', 10, 4);

To remove the deactivation link from particular plugins, we are utilizing the disable_plugin_deactivation() method in this bit of code. This method modifies the actions accessible for each plugin on the Plugins page using the plugin_action_links filter. When a plugin is one of those we wish to safeguard, we look to see whether the deactivate link is present, and if it is, we delete it.

 

2. Restrict access to the plugins page:

 

/**
* Restrict Access to the Plugins Page
*/
function restrict_plugins_page() {
  global $pagenow;
  if($pagenow == 'plugins.php' && !current_user_can('manage_options')) {
    wp_redirect(admin_url());
    exit();
  }
}
add_action('admin_init', 'restrict_plugins_page');

The restrict_plugins_page() method is used in this bit of code to reroute users who lack the manage_options capability away from the Plugins page. This function checks whether the current user is on the Plugins page and does not have the manage_options capability using the admin_init action. If so, the user is forwarded to the Dashboard, and the script is then ended.

 

3. Password protect the plugins page:

 

/**
* Password Protect the Plugins Page
*/
function password_protect_plugins_page() {
  global $pagenow;
  if($pagenow == 'plugins.php' && !is_user_logged_in() && !isset($_POST['wp-submit'])) {
    auth_redirect();
  }
}
add_action('admin_init', 'password_protect_plugins_page');

In this bit of code, the Plugins page is password-protected using the password_protect_plugins_page() method. If the current user is on the Plugins page, isn’t logged in, and hasn’t filled out a password form, this method will utilize the admin_init action to check for those conditions. If this is the case, we take the user to the login page and request their credentials.

These are just a few instances of how you can use code to put some of the advice I previously gave into practice. It’s crucial to keep in mind that you should always test any code before putting it into use on a local computer or a staging website to make sure it won’t interfere with your live website.

 

4. Hide the deactivate button:

 

/**
* Hide the Deactivate Button
*/
function hide_deactivate_button() {
  global $pagenow;
  if($pagenow == 'plugins.php') {
    echo '<style>.plugins .button.deactivate {display:none;}</style>';
  }
}
add_action('admin_head', 'hide_deactivate_button');

The deactivate button on the Plugins page is hidden in this snippet of code by utilizing the hide_deactivate_button() method. This method employs the admin_head action to insert some CSS code that uses the display:none attribute to conceal the disable button.

 

5. Monitor plugin activations and deactivations:

 

/**
* Monitor Plugin Activations and Deactivations
*/
function monitor_plugin_changes($plugin, $action) {
  if($action == 'activate' || $action == 'deactivate') {
    $message = sprintf('Plugin %s was %sd', $plugin, $action);
    error_log($message);
  }
}
add_action('activated_plugin', 'monitor_plugin_changes', 10, 2);
add_action('deactivated_plugin', 'monitor_plugin_changes', 10, 2);

While putting security measures in place is necessary, it’s also critical to strike the correct balance between protection and flexibility. A website’s operation may suffer if there are too many limits placed on users’ ability to make important updates and modifications. Therefore, it’s crucial to take into account the requirements of your customers and adopt security measures that preserve the operation and security of your website while giving your consumers the flexibility they require. To guarantee that only authorized users can access and edit your website, you may block users from deactivating WordPress plugins, keep track of any modifications made to your plugins, and adjust the user roles and capabilities by using the code snippets above. Remember, too, that allowing your users the opportunity to make required alterations and updates is equally crucial. You can retain the operation and security of your website while giving your users the freedom they want by striking the correct balance between security and flexibility.

 

6. Restrict access to plugin settings pages:

 

/**
* Restrict Access to Plugin Settings Pages
*/
function restrict_plugin_settings_page() {
  global $pagenow;
  if($pagenow == 'options-general.php' && !current_user_can('manage_options')) {
    wp_redirect(admin_url());
    exit();
  }
}
add_action('admin_init', 'restrict_plugin_settings_page');

The restrict_plugin_settings_page() method is used in this snippet of code to steer users who lack the manage_options capability away from plugin settings pages. This function checks whether the current user is on a plugin settings page and does not have the manage_options capability using the admin_init action. If so, the user is forwarded to the Dashboard, and the script is then ended.

 

7. Disable plugin updates:

 

/**
* Disable Plugin Updates
*/
function disable_plugin_updates($value) {
  unset($value->response['plugin-folder/plugin-file.php']);
  return $value;
}
add_filter('site_transient_update_plugins', 'disable_plugin_updates');

The disable_plugin_updates() method is used in this code snippet to prevent updates for particular plugins. The list of accessible plugin updates is modified by this function using the site_transient_update_plugins filter. In order to delete a plugin from the list, we must determine if it is one of the plugins we wish to stop receiving updates for.

 

Conclusion

While it’s necessary to allow your users the freedom to edit your WordPress website, it’s also critical to make sure that only approved users can access and make changes. To guarantee that only authorized users can access and edit your website, you may prevent users from deactivating crucial plugins, keep track of any changes made to your plugins, and adjust the user roles and capabilities by combining advice and code snippets. While putting security measures in place is necessary, it’s also critical to strike the correct balance between protection and flexibility. A website’s operation may suffer if there are too many limits placed on users’ ability to make important updates and modifications. Therefore, it’s crucial to take into account the requirements of your customers and adopt security measures that preserve the operation and security of your website while giving your consumers the flexibility they require. If you want to create WordPress Website / WordPress Services / Support you can check our services.

 

 

 

 

Categories

Featured Products

Recommended Posts

1 Comment

  1. you are truly a just right webmaster The site loading speed is incredible It kind of feels that youre doing any distinctive trick In addition The contents are masterwork you have done a great activity in this matter


Add a Comment

Your email address will not be published. Required fields are marked *