Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
WPB Cup
25 Million+
Websites using our plugins
16+
Years of WordPress experience
3000+
WordPress tutorials
by experts

How to Prevent Clients from Deactivating WordPress Plugins

Editorial Note: We earn a commission from partner links on WPBeginner. Commissions do not affect our editors' opinions or evaluations. Learn more about Editorial Process.

Do you want to prevent clients from accidentally deactivating WordPress plugins?

If you build websites for other people, then you probably have a few important plugins that you install on every client site. If a client accidentally deactivates one of these essential plugins, then it could break their site completely.

In this article, we will show you how to stop clients from deactivating WordPress plugins.

How to prevent clients from deactivating WordPress plugins

Why Prevent Clients from Deactivating WordPress Plugins?

If you create websites for other people, then you may have a list of must-have WordPress plugins that you install on every site. These might be security plugins that protect the client against hackers and malicious code.

You might even use plugins to automate crucial WordPress maintenance tasks such as creating regular backups or deleting spam comments.

If the client accidentally deactivates one of these plugins, then it could make their website vulnerable to attack or affect how it works. In the worst-case scenario, it might even break their website completely.

Even though this isn’t your fault, it’s still a bad client experience and could damage your reputation. With that being said, let’s see how you can stop clients from accidentally deactivating plugins in WordPress.

Simply use the quick links below to jump straight to the method you want to use:

Method 1: Using the Default WordPress User Roles (No Plugin Required)

WordPress comes with a simple but powerful user management system where each user has different capabilities based on their assigned role.

When you install WordPress, it creates the following user roles automatically: 

By default, only the Administrator has permission to manage plugins, which includes deactivating plugins. 

With that in mind, we recommend creating a single admin account for your clients so they have a way to manage their sites. You can then create non-admin accounts for anyone else who needs access but doesn’t require admin privileges.

Without admin rights, the majority of your clients won’t be able to deactivate plugins.

You can use any role for the non-administrator accounts. However, we recommend using Editor as it allows users to create, edit, publish, and delete content, including content created by other people. This can improve the editorial workflow and help your clients manage their new site.

It’s also a good idea to give the Admin account to someone who has experience with WordPress and understands how to manage a WordPress website.

To create an account for one or more clients, go to Users » Add New in the WordPress dashboard. You can then type in some information about the person, including their name and email address.

Adding new users to a WordPress website

With that done, open the Role dropdown and choose the role you want to assign this user, such as Admin or Editor.

When you are happy with the information you’ve entered, click on ‘Add New User.’

Preventing clients from deactivating WordPress plugins with user roles

To create more accounts, simply follow the same process described above. For more on this topic, please see our guide on how to add new users to your WordPress blog.

Method 2: Using the Members Plugin (Create a Custom Client Role)

Sometimes, you may need to stop clients from deactivating plugins without restricting their access to other areas.

With that being said, the built-in user roles may not be right for your website. For example, Editors can’t deactivate plugins, but they also can’t add new users or install WordPress themes, which may be a problem for your clients.

If the default user roles aren’t quite right for your client, then you can create a custom role that has the right permissions and capabilities. You can even create different roles for different teams or even individual employees.

The easiest way to create custom roles is by using the free Members plugin. This plugin allows you to create new roles and then add and remove capabilities to those user roles, including the ability to activate and deactivate WordPress plugins.

This permission removes the Plugins setting from the left-hand menu, as you can see in the following image.

Stop clients from deactivating plugins by hiding the Plugins menu

The first thing you need to do is install and activate the Members plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.

Upon activation, go to Members » Add New Role.

Prevent clients from deactivating WordPress plugins using the Members plugin

In the ‘Enter role name’ field, type in the name you want to use. This will be visible to anyone who has access to the WordPress dashboard.

After that, it’s time to grant and deny permissions.

The left column shows all the different types of content, such as reusable blocks and WooCommerce products. Simply click on a tab, and you’ll see all the permissions for that content type.

You can then go ahead and check the ‘Grant’ or ‘Deny’ box for each permission. For more detailed instructions, please see our guide on how to add or remove user capabilities.

How to add and remove permissions from a client account

To stop clients from deactivating plugins, click on the ‘Plugins’ tab on the left.

On this screen, check the ‘Deny’ box on the line that says ‘Activate Plugins.’ This stops the user from activating and deactivating WordPress plugins.

Preventing clients from deactivating plugins with a custom user role

When you are happy with how the user role is set up, click on ‘Add Role.’

You can now assign this role to any user, following the same process described in Method 1.

Method 3: Using Custom PHP (Prevent Clients From Deactivating Specific Plugins)

If you want to stop clients from deactivating all plugins, then you can use one of the methods mentioned above.

However, sometimes you may want to protect specific plugins while still allowing clients to deactivate and delete non-essential software.

The best way to protect specific plugins is by adding custom code in WordPress. This allows you to remove the ‘Deactivate’ link for specific plugins.

This is an advanced method, so we don’t recommend it for beginners.

Removing the 'Deactivate' link from the WordPress plugins menu

Note: Just be aware that clients can still deactivate any plugin using the Bulk Actions dropdown menu or with an advanced tool like FTP or phpMyAdmin. However, removing the ‘Deactivate’ link makes it much more difficult for clients to accidentally deactivate an essential plugin.

To start, you’ll need to know the plugin’s file name and where it lives on your server. Typically, these files use the plugin’s name followed by .php and live inside a folder named after the plugin. For example, the WooCommerce file is named ‘woocommerce.php’ and lives inside a ‘woocommerce’ folder.

However, it’s still worth checking, especially if the plugin has a long, complicated name or multiple words. For example, if you are using the SR Product 360° View plugin to add interactive 360-degree images in WordPress, then its file is named ‘sr.php.’

You can check the file name and location by connecting to the site’s server using an FTP client such as FileZilla, or you can use the file manager of your WordPress hosting cPanel.

If this is your first time using FTP, then you can see our complete guide on how to connect to your site using FTP.

After that, go to /wp-content/plugins/. Here, you’ll see all the different plugins on your site.

An FTP WordPress client

Simply find the plugin that you want to protect and open its folder.

After that, find the .php file.

How to find a plugin file in FileZilla

Now, make a note of the folder name and .php file, as you’ll be using this information in your code. Simply repeat this process for every plugin you want to protect.

With that done, it’s time to add a code snippet to your site. Often, you’ll find guides asking you to add code to the site’s functions.php file.

However, this isn’t recommended, as simple errors can cause countless common WordPress errors. You’ll also lose the custom code when you update your WordPress theme.

That’s where WPCode comes in.

WPCode is the best code snippets plugin used by over 1 million WordPress websites. It makes it easy to add custom CSS, HTML, PHP, and more.

The first thing you need to do is install and activate the free WPCode plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.

Upon activation, head over to Code Snippets » Add Snippet.

Adding custom code snippets to a WordPress website

Here, you’ll see all the pre-made snippets you can add to your site. These include a snippet that allows you to completely disable comments, upload file types that WordPress doesn’t usually support, disable attachment pages, and much more.

Instead, hover your mouse over ‘Add Your Custom Code’ and then select ‘User snippet’ when it appears.

Prevent clients from deactivating plugins using WPCode

To start, type in a title for the custom code snippet. This can be anything that helps you identify the snippet in the WordPress dashboard.

After that, open the ‘Code Type’ dropdown and select ‘PHP Snippet.’

Adding a PHP snippet to WordPress

Now, you’re ready to add the custom PHP. The exact code will vary depending on the plugins you’re protecting, but here’s a template you can use:

add_filter( 'plugin_action_links', 'disable_plugin_deactivation', 10, 4 );
function disable_plugin_deactivation( $actions, $plugin_file, $plugin_data, $context ) {

	if ( array_key_exists( 'deactivate', $actions ) && in_array( $plugin_file, array(
		'wpforms/wpforms.php',
		'woocommerce/woocommerce.php'
	)))
		unset( $actions['deactivate'] );
	return $actions;
}

This snippet disables deactivation for WPForms and WooCommerce. To protect other plugins, simply replace ‘wpforms/wpforms.php’ and ‘woocommerce/woocommerce.php’ with the folders and file names you got in the previous step.

To disable deactivation for more plugins, simply add them to the code. For example:

  'wpforms/wpforms.php',
        'woocommerce/woocommerce.php',
		'service-box/service-box.php'
	
    )))

After that, scroll to the ‘Insertion’ section. WPCode can add your code to different locations, such as after every post, frontend only, or admin only.

You only need to use the PHP code in the WordPress admin area, so click on ‘Auto Insert’ if it isn’t already selected. Then, open the ‘Location’ dropdown menu and choose ‘Admin only.’

Adding custom PHP code to the WordPress admin area

After that, you’re ready to scroll to the top of the screen and click on the ‘Inactive’ toggle so it changes to ‘Active.’

Finally, click on ‘Save Snippet’ to make the PHP snippet live.

How to prevent clients from deactivating plugins using WPCode

Now, if you select Plugins from the left-hand menu, you’ll see the ‘Deactivate’ link has been removed for those plugins.

If you need to restore the ‘deactivate’ links at any point, then you can disable the code snippet. Simply go to Code Snippets » Code Snippet and click the switch next to your snippet to turn it from blue (enabled) to grey (disabled).

How to disable a code snippet in WordPress

You can now deactivate these plugins by heading over to the Plugins menu.

You can also deactivate protected plugins using phpMyAdmin or an FTP client. This may be a good solution if you want to remove a specific plugin but don’t want to completely disable the code snippet and leave all your protected plugins vulnerable.

To learn more, please see our guide on how to deactivate all plugins when not able to access WP-Admin.

We hope this article helped you learn how to prevent clients from deactivating WordPress plugins. You may also want to see our ultimate guide on how to boost WordPress speed and performance or the best phone services for small businesses.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

6 CommentsLeave a Reply

  1. Syed Balkhi says

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

  2. THANKGOD JONATHAN says

    This is great, but I think for me it’s not necessary to do that. Your clients should have absolute control over their websites except where they tell you to keep on maintaining it for them.
    What you should do instead is to tell them exerctly the plugins that are very important for the primary function of the website and once that should not be deleted. And also tell them what they should be careful about and advice them to hire an expert to do the technical aspects for them and also keep keep regular backups.

    • WPBeginner Support says

      The disable option should be removed from the dropdown of the bulk action options :)

      Admin

  3. Bart Kuijper says

    The article and code are both useful and provide some nice insights. However it’s important to note that using the example code, administrators can still easily disable plugins by simply ticking the box in front of one or more plugins and then selecting ‘Deactivate’ from the ‘Bulk Actions’ drop-down list.

    • WPBeginner Support says

      Thank you for letting us know, we’ll be sure to look into updating the code when we’re able.

      Admin

Leave a Reply to Ibrahim Rumani Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

WPBeginner Assistant
How can I help you?

By chatting, you consent to this chat being stored according to our privacy policy and your email will be added to receive weekly WordPress tutorials from WPBeginner.