Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
Recommended
WordPress Plugins
View all Guides

How to Disable Plugin Updates in WordPress and Why You Shouldn’t

Last updated on by
Elegant Themes
How to Disable Plugin Updates in WordPress and Why You Shouldn’t

One of our users asked if there was a way to disable plugin updates in WordPress? As we say it in the WordPress community, “there’s a plugin for that”. In this article we will answer the question how to disable plugin updates in WordPress, but we will also discuss why it is not a good idea to disable plugin updates.

If you want to disable plugin updates, simply install and activate the plugin Disable WordPress plugin updates.

Now lets discuss why you should not disable plugin updates entirely. First of all, there is NO benefit of disabling plugin updates. It is very important that you keep your WordPress plugins up to date. If you don’t, then your blog could be susceptible to security vulnerabilities or performance issues. Some developers or consultants like this ability because they do not want the clients to upgrade a plugin (just in-case if it breaks the site). This is not a very good reason. You are potentially risking security, performance, and additional features all because of a fear that the site will break down due to an upgrade. It does not take that long to downgrade a plugin if the site breaks.

Another reason that developers disable plugin updates is if they have customized the core files. Again, this is not a good excuse to disable all plugin updates. You can use a plugin like WP Manage plugins which allows you to disable plugin updates for specific plugins.

There is no reason why you should disable plugin updates in WordPress for all plugins. If you have an argument for this, we would like to hear it in the comments section.


Editorial Staff at WPBeginner is a team of WordPress lovers led by Syed Balkhi. Page maintained by Syed Balkhi.

WPBeginner's Video Icon
Our HD-Quality tutorial videos for WordPress Beginners will teach you how to use WordPress to create and manage your own website in about an hour. Get started now »
  • Steve Buzonas

    My WordPress deployments for my clients have the core, themes, and plugins managed by composer. Composer is configured with a post install/update command to run a phing build, the phing build stands up the installation and allows for identical replication from environment to environment to keep agile development practices working on exactly what is on production. Updates are disabled site wide and file editing is as well. Plugins are installed and updated by making a change to the composer.json and executing a composer update

  • http://ajmorris.me/ AJMorris

    Actually I have a benefit that might not be 99% of your traffic, but one I think should be explained. Let’s say you work for a corporation that uses WordPress to manage their website. If you have WordPress, plugins, themes, under version control, it’s actually better to disable update notices in your production (live) server environment so that your users don’t just update them. Sure, you could limit their access, but if your developers aren’t logging into the production system daily, it’s not really going to change anything. This way, you’re actually allowing your developers to control the updates, both WordPress and plugin/theme related, and they will get the proper attention they need. Some updates require you to change some code around. Imagine running a corporation’s website just assuming no code is going to break. Wouldn’t you have egg on your face if you hit update and the site went down… Just a thought. :)
     
    I have this setup for a client right now and it works great because we can put the updates on our backlog (unless they are security related), and get to them when we have the time. This also ensures that QA also looks at the updates to make sure that we don’t simply miss something as they get updated. Having 2 sets of eyes look at the updates before deploying it to a live site is necessary in some regards.

    • Steve Buzonas

      Didn’t notice this comment before posting mine. Generally the same idea. WordPress for a corporation is often kept in version control and has to go some level of a QA process; this makes updates on production far from ideal.

  • dyls

    The only reason people tend to do this is as you described. To make sure the clients do not update plugins which break, and these clients are not willing to pay for support or the downgrade of this plugin.. 
     
    Ofcourse as a developer you should just support the client and help them (that’s good for business most of the time?) But those clients basicly do this every week and then it becomes a high cost business..