Stop Your Clients From Deactivating Important WordPress Plugins

There’s nothing worse than a client stumbling through their WordPress installation and messing with things they don’t understand.

You know how it goes. One fine day the curious client decides to experiment with all those shiny knobs and buttons in the WordPress dashboard. Within a few minutes they’ve broken their site, and they get straight on the phone to blame the whole mess on you.

Many developers try to avoid this unfortunate scenario by restricting the client’s options to a bare minimum.

Remove the deactivate link from WordPress plugins
Stop right there, client!

If you build WordPress sites for a living, you probably have an arsenal of core plugins that you use on all (or at least most) of your projects.

If these plugins are vital to the functioning of your site, you sure as hell as don’t want your client deactivating them by accident, and then sending you a barrage of abusive emails because their site has gone belly-up.

Disable plugin deactivation in WordPress

You can entirely remove the option of deactivating plugins in WordPress, to safeguard all your hard work against the wandering fingers of an unsuspecting client.

To get started, add the following code to the functions.php file of your WordPress theme.

add_filter( 'plugin_action_links', 'disable_plugin_deactivation', 10, 4 );
function disable_plugin_deactivation( $actions, $plugin_file, $plugin_data, $context ) {
	// Remove edit link for all plugins
	if ( array_key_exists( 'edit', $actions ) )
		unset( $actions['edit'] );
	// Remove deactivate link for important plugins
	if ( array_key_exists( 'deactivate', $actions ) && in_array( $plugin_file, array(
		unset( $actions['deactivate'] );
	return $actions;

Thanks to WPBeginner for the snippet.

You’ll need to change the array of $plugin_file for each of the specific plugins that you’re targeting here. The format is plugin-folder-name/plugin.php.

As you can see in the example above, I’m targeting the Google + plugin from WPMU DEV. The plugin file is called plusone.php, and lives in the folder wpmu-dev-plusone, which is in the wp-content/plugins directory on my server.

This code also removes the ‘edit plugin’ option, which is very unlikely to be used in any constructive manner by your client. If you want to keep the ‘edit plugin’ option for whatever reason, just remove that section of code from the snippet.

Hey presto – the ‘deactivate’ and ‘edit’ links are removed from your important plugins, and you’ve got one less potential headache to worry about.

Got any more suggestions for ‘client-proofing’ your WordPress projects?

Please leave a comment and let us know about any tools and tricks you use to secure your sites and stop clients messing everything up.

Featured Plugin - WordPress Wiki Plugin

To get a wiki up and running you used to need to install Mediawiki and toil away for days configuring it... not any more! This plugin gives you *all* the functionality you want from a wiki, in WordPress!!!
Find out more

Image credit: Construction Stop Isolated from Bigstockphoto.

Comments (17)

  1. For clients I usually customize the entire Dashboard. Two great plugins that can are very helpful to accomplish that in a relatively easy way are Members ( by Justin Tadlock and Hide Admin Menu ( by Rilwis.

    With Members I make a Websiteowner Role and then I hide a whole bunch of menus for that specific Role.

    Recently I released a plugin myself to customize the toolbar of WordPress 3.3 and make some more changes. It’s called Dashboard Tweaks and you can find it at:

  2. It is really important as when you design a website you do it with its plugins, for any reason but thinking about seo, and user experience if they disable them, you will then not be offering what you designed or thought of, so thanks for your article..

  3. The cleanest way of pulling this off would be to use the /mu-plugins folder. It’s often referenced as something just for Multisite, but there has been support for it in single WordPress installations since 2.8. So instead of removing the ability to deactivate plugins, you could put the essential plugins for the site in /mu-plugins. Anything in there will automatically run, and there’s no way for the user to log in to the dashboard and disable them.

    I prefer that way, since disabling the ability to disable/deactivate plugins might create a confusing experience for the user.

  4. Sometimes coders solutions are more complicated then they need be. Adding functions for each plugin?

    If you can’t trait them to deactivate plugins, then you can’t trust them to install them either.

    Just enable multisite. Network enable plugins. Make them site admin. disable new blog creation.

    Give them super admin if you’re not maintaining.

    Yeah. It’s not custom code, and maybe you’ll feel like less of a man. But it takes 1 minute?