Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
WPB Cup
25 Million+
Websites using our plugins
16+
Years of WordPress experience
3000+
WordPress tutorials
by experts

How to Prevent Clients from Deactivating WordPress Plugins

If you build websites for other people, then you probably have a few important plugins that you install on every client site. If a client accidentally deactivates one of these essential plugins, then it could break their site completely.

That’s why it is important to prevent clients from deactivating certain key plugins. At WPBeginner, we have experience in controlling who can see the plugins on our site.

There are three easy ways to go about it. You can change the user roles, use a member plugin, or add custom code to prevent access to plugins.

In this article, we will show you how to stop clients from deactivating WordPress plugins.

How to prevent clients from deactivating WordPress plugins

Why Prevent Clients from Deactivating WordPress Plugins?

If you create websites for other people, then you may have a list of must-have WordPress plugins that you install on every site. These might be security plugins that protect the client against hackers and malicious code.

You might even use plugins to automate crucial WordPress maintenance tasks such as creating regular backups or deleting spam comments.

If the client accidentally deactivates one of these plugins, it could make their website vulnerable to attack or affect its functionality. In the worst-case scenario, it might even break their website completely.

Even though this isn’t your fault, it’s still a bad client experience that could damage your reputation. Let’s see how you can prevent clients from accidentally deactivating plugins in WordPress.

Simply use the quick links below to jump straight to the method you want to use:

Method 1: Using the Default WordPress User Roles (No Plugin Required)

WordPress comes with a simple but powerful user management system where each user has different capabilities based on their assigned role.

When you install WordPress, it creates the following user roles automatically: 

By default, only the Administrator has permission to manage plugins, which includes deactivating plugins. 

With that in mind, we recommend creating a single admin account for your clients so they have a way to manage their sites. You can then create non-admin accounts for anyone else who needs access but doesn’t require admin privileges.

Without admin rights, the majority of your clients won’t be able to deactivate plugins.

You can use any role for the non-administrator accounts. However, we recommend using Editor as it allows users to create, edit, publish, and delete content, including content created by other people. This can improve the editorial workflow and help your clients manage their new site.

It’s also a good idea to give the Admin account to someone who has experience with WordPress and understands how to manage a WordPress website.

To create an account for one or more clients, go to Users » Add New in the WordPress dashboard. You can then type in some information about the person, including their name and email address.

Adding new users to a WordPress website

With that done, open the Role dropdown and choose the role you want to assign this user, such as Admin or Editor.

When you are happy with the information you’ve entered, click on ‘Add New User.’

Preventing clients from deactivating WordPress plugins with user roles

To create more accounts, simply follow the same process described above. For more on this topic, please see our guide on how to add new users to your WordPress blog.

Method 2: Using the Members Plugin (Create a Custom Client Role)

Sometimes, you may need to stop clients from deactivating plugins without restricting their access to other areas.

With that being said, the built-in user roles may not be right for your website. For example, Editors can’t deactivate plugins, but they also can’t add new users or install WordPress themes, which may be a problem for your clients.

If the default user roles aren’t quite right for your client, then you can create a custom role that has the right permissions and capabilities. You can even create different roles for different teams or even individual employees.

The easiest way to create custom roles is by using the free Members plugin. This plugin allows you to create new roles and then add and remove capabilities to those user roles, including the ability to activate and deactivate WordPress plugins.

This permission removes the Plugins setting from the left-hand menu, as you can see in the following image.

Stop clients from deactivating plugins by hiding the Plugins menu

The first thing you need to do is install and activate the Members plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.

Upon activation, go to Members » Add New Role.

Prevent clients from deactivating WordPress plugins using the Members plugin

In the ‘Enter role name’ field, type the name you want to use. This will be visible to anyone with access to the WordPress dashboard.

After that, it’s time to grant and deny permissions.

The left column shows all the different types of content, such as reusable blocks and WooCommerce products. Simply click on a tab, and you’ll see all the permissions for that content type.

You can then go ahead and check the ‘Grant’ or ‘Deny’ box for each permission. For more detailed instructions, please see our guide on how to add or remove user capabilities.

How to add and remove permissions from a client account

To stop clients from deactivating plugins, click on the ‘Plugins’ tab on the left.

On this screen, check the ‘Deny’ box on the line that says ‘Activate Plugins.’ This stops the user from activating and deactivating WordPress plugins.

Preventing clients from deactivating plugins with a custom user role

When you are happy with how the user role is set up, click on ‘Add Role.’

You can now assign this role to any user, following the same process described in Method 1.

Method 3: Using Custom PHP (Prevent Clients From Deactivating Specific Plugins)

If you want to stop clients from deactivating all plugins, then you can use one of the methods mentioned above.

However, sometimes, you may want to protect specific plugins while still allowing clients to deactivate and delete non-essential software.

The best way to protect specific plugins is by adding custom code in WordPress. This allows you to remove the ‘Deactivate’ link for specific plugins.

This is an advanced method, so we don’t recommend it for beginners.

Removing the 'Deactivate' link from the WordPress plugins menu

Note: Just be aware that clients can still deactivate any plugin using the Bulk Actions dropdown menu or with an advanced tool like FTP or phpMyAdmin. However, removing the ‘Deactivate’ link makes it much more difficult for clients to accidentally deactivate an essential plugin.

To start, you’ll need to know the plugin’s file name and where it lives on your server. Typically, these files use the plugin’s name followed by .php and live inside a folder named after the plugin. For example, the WooCommerce file is named ‘woocommerce.php’ and lives inside a ‘woocommerce’ folder.

However, it’s still worth checking, especially if the plugin has a long, complicated name or multiple words. For example, if you are using the SR Product 360° View plugin to add interactive 360-degree images in WordPress, then its file is named ‘sr.php.’

You can check the file name and location by connecting to the site’s server using an FTP client such as FileZilla, or you can use the file manager of your WordPress hosting cPanel.

If this is your first time using FTP, then you can see our complete guide on how to connect to your site using FTP.

After that, go to /wp-content/plugins/. Here, you’ll see all the different plugins on your site.

An FTP WordPress client

Simply find the plugin that you want to protect and open its folder.

After that, find the .php file.

How to find a plugin file in FileZilla

Now, make a note of the folder name and .php file, as you’ll be using this information in your code. Simply repeat this process for every plugin you want to protect.

With that done, it’s time to add a code snippet to your site. Often, you’ll find guides asking you to add code to the site’s functions.php file.

However, this isn’t recommended, as simple errors can cause countless common WordPress errors. You’ll also lose the custom code when you update your WordPress theme.

That’s where WPCode comes in.

WPCode is the best code snippets plugin used by over 2 million WordPress websites. It makes it easy to add custom CSS, HTML, PHP, and more.

The first thing you need to do is install and activate the free WPCode plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.

Upon activation, head over to Code Snippets » Add Snippet.

Adding custom code snippets to a WordPress website

Here, you’ll see all the pre-made snippets you can add to your site. These include a snippet that allows you to completely disable comments, upload file types that WordPress doesn’t usually support, disable attachment pages, and much more.

Instead, hover your mouse over ‘Add Your Custom Code’ and then select ‘User snippet’ when it appears.

Prevent clients from deactivating plugins using WPCode

To start, type in a title for the custom code snippet. This can be anything that helps you identify the snippet in the WordPress dashboard.

After that, open the ‘Code Type’ dropdown and select ‘PHP Snippet.’

Adding a PHP snippet to WordPress

Now, you’re ready to add the custom PHP. The exact code will vary depending on the plugins you’re protecting, but here’s a template you can use:

add_filter( 'plugin_action_links', 'disable_plugin_deactivation', 10, 4 );
function disable_plugin_deactivation( $actions, $plugin_file, $plugin_data, $context ) {

	if ( array_key_exists( 'deactivate', $actions ) && in_array( $plugin_file, array(
		'wpforms/wpforms.php',
		'woocommerce/woocommerce.php'
	)))
		unset( $actions['deactivate'] );
	return $actions;
}

This snippet disables deactivation for WPForms and WooCommerce. To protect other plugins, simply replace ‘wpforms/wpforms.php’ and ‘woocommerce/woocommerce.php’ with the folders and file names you got in the previous step.

To disable deactivation for more plugins, simply add them to the code. For example:

  'wpforms/wpforms.php',
        'woocommerce/woocommerce.php',
		'service-box/service-box.php'
	
    )))

After that, scroll to the ‘Insertion’ section. WPCode can add your code to different locations, such as after every post, frontend only, or admin only.

You only need to use the PHP code in the WordPress admin area, so click on ‘Auto Insert’ if it hasn’t already been selected. Then, open the ‘Location’ dropdown menu and choose ‘Admin only.’

Adding custom PHP code to the WordPress admin area

After that, you’re ready to scroll to the top of the screen and click on the ‘Inactive’ toggle so it changes to ‘Active.’

Finally, click on ‘Save Snippet’ to make the PHP snippet live.

How to prevent clients from deactivating plugins using WPCode

Now, if you select ‘Plugins’ from the left-hand menu, you’ll see the ‘Deactivate’ link has been removed for those plugins.

If you need to restore the ‘deactivate’ links at any point, then you can disable the code snippet. Simply go to Code Snippets » Code Snippet and click the switch next to your snippet to turn it from blue (enabled) to grey (disabled).

How to disable a code snippet in WordPress

You can now deactivate these plugins by heading over to the Plugins menu.

You can also deactivate protected plugins using phpMyAdmin or an FTP client. This may be a good solution if you want to remove a specific plugin but don’t want to completely disable the code snippet and leave all your protected plugins vulnerable.

To learn more, please see our guide on how to deactivate all plugins when not able to access WP-Admin.

We hope this article helped you learn how to prevent clients from deactivating WordPress plugins. You may also want to see our ultimate guide on how to hide unnecessary menu items from WordPress admin and the best mobile apps to manage your WordPress site.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

7 CommentsLeave a Reply

  1. Jiří Vaněk

    This is a very good idea. Many times I’ve created a website for someone that worked perfectly, only to have the customer later report issues because they disabled plugins they thought were unnecessary. For these situations, where as an admin I need technical management to be solely my responsibility, this is a great solution, aside from the option of user roles. Great article, and thanks for it.

  2. THANKGOD JONATHAN

    This is great, but I think for me it’s not necessary to do that. Your clients should have absolute control over their websites except where they tell you to keep on maintaining it for them.
    What you should do instead is to tell them exerctly the plugins that are very important for the primary function of the website and once that should not be deleted. And also tell them what they should be careful about and advice them to hire an expert to do the technical aspects for them and also keep keep regular backups.

    • Jiří Vaněk

      On one hand, I understand, but on the other, it’s a double-edged sword. I handed over websites to customers with complete freedom, but sometimes situations arose where a customer made changes to the site, such as uninstalling a plugin, and then returned the site to you saying it didn’t work. You had extra work, and often no one paid you for it. So, as a safeguard, I absolutely understand this, and I think it’s important to differentiate between customers who are technically proficient and those who are not. It’s also okay to be upfront with them about why it’s set up this way. Many will understand and will actually be glad that they can’t “break” it so easily.

  3. Ibrahim Rumani

    But with this method the plugins can still be disabled via bulk options.

    • WPBeginner Support

      The disable option should be removed from the dropdown of the bulk action options :)

      Admin

  4. Bart Kuijper

    The article and code are both useful and provide some nice insights. However it’s important to note that using the example code, administrators can still easily disable plugins by simply ticking the box in front of one or more plugins and then selecting ‘Deactivate’ from the ‘Bulk Actions’ drop-down list.

    • WPBeginner Support

      Thank you for letting us know, we’ll be sure to look into updating the code when we’re able.

      Admin

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.