How to disable WordPress plugin deactivation

As seen on Steve Taylor’s blog.

Someone asked in a comment here recently whether a WordPress plugin I’d posted could be adapted to work as theme code. The reasoning was that a client might deactivate a plugin, breaking some of the site’s functionality.

Careless clients clicking around in the admin interface can be a concern for a responsible developer. Of course, the primary way of limiting this kind of risk is to assign clients to appropriate roles. If the pre-defined roles don’t quite fit, Justin Tadlock’s excellent Membersplugin can help you get it right.

But say you have a client to whom you want to give plugin activation / deactivation capabilities (so they can add new plugins themselves), but the site you’ve built includes certain plugins that really shouldn’t be deactivated. What then?

I’ve come up with a bit of code (to be added to your custom theme’s functions.php) that removes the “Deactivate” links on the plugins list. In the code below, the$plugin_file values being tested for are those from my own core set of plugins. The values are just the paths (relative to /wp-content/plugins/) of the main plugin PHP files. Adjust this array as appropriate.

As a bonus, the “Edit” links are removed for all plugins. Adjust this as you see fit. Personally, I don’t think there’s much use for the plugin editor, and there’s a lot of risk.

add_action( 'admin_init', 'slt_lock_theme' );
function slt_lock_theme() {
    global $submenu, $userdata;
    if ( $userdata->ID != 1 ) {
        unset( $submenu['themes.php'][5] );
        unset( $submenu['themes.php'][15] );

Of course, this isn’t preventing the actual deactivation. A crafty client could cobble together the deactivation URL and just run it. But if you’ve got a crafty client… well, they almost certainly have FTP details to their own site, so even if you’ve disabled actual deactivation, they could just go in there and delete plugins if they really want to. The above seems like a quick-and-easy method of preventing gross risks.


No comments yet.

Leave a Reply