Stop Your Clients From Deactivating Important WordPress Plugins

There’s nothing worse than a client stumbling through their WordPress installation and messing with things they don’t understand.

You know how it goes. One fine day the curious client decides to experiment with all those shiny knobs and buttons in the WordPress dashboard. Within a few minutes they’ve broken their site, and they get straight on the phone to blame the whole mess on you.

Many developers try to avoid this unfortunate scenario by restricting the client’s options to a bare minimum.

Remove the deactivate link from WordPress plugins
Stop right there, client!

If you build WordPress sites for a living, you probably have an arsenal of core plugins that you use on all (or at least most) of your projects.

If these plugins are vital to the functioning of your site, you sure as hell as don’t want your client deactivating them by accident, and then sending you a barrage of abusive emails because their site has gone belly-up.

Disable plugin deactivation in WordPress

You can entirely remove the option of deactivating plugins in WordPress, to safeguard all your hard work against the wandering fingers of an unsuspecting client.

To get started, add the following code to the functions.php file of your WordPress theme.

add_filter( 'plugin_action_links', 'disable_plugin_deactivation', 10, 4 );
function disable_plugin_deactivation( $actions, $plugin_file, $plugin_data, $context ) {
	// Remove edit link for all plugins
	if ( array_key_exists( 'edit', $actions ) )
		unset( $actions['edit'] );
	// Remove deactivate link for important plugins
	if ( array_key_exists( 'deactivate', $actions ) && in_array( $plugin_file, array(
		'wpmu-dev-plusone/plusone.php',
		'plugin-folder-name/plugin.php',
                'plugin-folder-name/plugin.php'
	)))
		unset( $actions['deactivate'] );
	return $actions;
}

Thanks to WPBeginner for the snippet.

You’ll need to change the array of $plugin_file for each of the specific plugins that you’re targeting here. The format is plugin-folder-name/plugin.php.

As you can see in the example above, I’m targeting the Google + plugin from WPMU DEV. The plugin file is called plusone.php, and lives in the folder wpmu-dev-plusone, which is in the wp-content/plugins directory on my server.

This code also removes the ‘edit plugin’ option, which is very unlikely to be used in any constructive manner by your client. If you want to keep the ‘edit plugin’ option for whatever reason, just remove that section of code from the snippet.

Hey presto – the ‘deactivate’ and ‘edit’ links are removed from your important plugins, and you’ve got one less potential headache to worry about.

Got any more suggestions for ‘client-proofing’ your WordPress projects?

Please leave a comment and let us know about any tools and tricks you use to secure your sites and stop clients messing everything up.

Image credit: Construction Stop Isolated from Bigstockphoto.