◦ Comprehensive security
◦ 24/7 support
WordPress Guide → Plugins → Disable Plugin Deactivation
How to disable plugin deactivation in WordPress
Sometimes, the wrong person clicks the wrong button—and suddenly, your most important WordPress plugin is deactivated. If you run a multi-user site or manage a project with clients, preventing plugin deactivation can save your site from serious functionality issues.
Let’s look at how to disable plugin deactivation in WordPress, step-by-step.
Get fast, reliable hosting for WordPress
Power your site with the industry’s fastest, most optimized WordPress hosting
Why you might want to disable plugin deactivation
Preventing users from deactivating plugins is about control and stability. Whether you’re protecting security tools, ecommerce systems, or core functionality plugins, it’s a smart way to:
- Prevent accidental deactivations that could break your site
- Block malicious or unauthorized changes
- Maintain a stable environment when handing off sites to clients or teams
- Stop inexperienced users from making critical changes in wp-admin
WordPress doesn’t offer a built-in toggle for this, but you can disable plugin deactivation using code or role restrictions.
Method 1: Use DISALLOW_FILE_MODS in wp-config.php
If you want to prevent any file modifications—including plugin installations, updates, and deactivations—the most secure way is with DISALLOW_FILE_MODS.
Steps:
- Use FTP or your host’s File Manager to open your WordPress root directory.
- Locate and edit the wp-config.php file.
- Add the following line above the line that says /* That’s all, stop editing! Happy blogging. */:
define(‘DISALLOW_FILE_MODS’, true); - Save and re-upload the file if using FTP.
This disables the plugin and theme editors, plugin installations, updates, and deactivation. It’s an aggressive option that works best when you don’t want users managing plugins at all.
Important: Admins won’t be able to install or update plugins from the dashboard either. For most production sites, this is a feature—not a bug.
Method 2: Disable the plugin editor only (DISALLOW_FILE_EDIT)
If you just want to block users from editing plugin and theme files (but still allow deactivation), use:
define(‘DISALLOW_FILE_EDIT’, true);
Place it in wp-config.php the same way as above. This doesn’t block plugin deactivation, but it’s useful to combine with other methods for extra safety.
To fully prevent plugin deactivation, combine this with user role controls or a dedicated plugin.
Method 3: Restrict plugin access by user role
For more control over who can manage plugins, modify user capabilities. WordPress assigns the ability to activate and deactivate plugins via the activate_plugins capability.
Option A: Use a role editor plugin
Install a plugin like User Role Editor:
- Go to Plugins > Add New and search for “User Role Editor”
- Install and activate the plugin
- Go to Users > User Role Editor
- Select a role (e.g., Editor)
- Uncheck activate_plugins and edit_plugins
- Click Update
Now, users with that role won’t see plugin management options in the dashboard.
Option B: Add custom code to functions.php or a plugin
If you prefer code, you can strip capabilities from roles with:
function remove_plugin_caps() {
$role = get_role('editor');
if ($role) {
$role->remove_cap('activate_plugins');
$role->remove_cap('edit_plugins');
$role->remove_cap('delete_plugins');
}
}
add_action('admin_init', 'remove_plugin_caps');
This example targets the Editor role. You can copy the function and modify it for other roles as needed.
Note: Admin users still retain full plugin access unless you remove those capabilities from the administrator role—which isn’t recommended unless you’re running a multisite or very locked-down setup.
Method 4: Use a security plugin to block deactivation or access
Several popular WordPress security plugins offer features that restrict plugin access or harden your site against unauthorized changes.
Look for plugins like Solid Security. These typically include toggles to:
- Disable the file editor
- Restrict plugin changes
- Lock down admin settings
Check the plugin’s settings for file change or plugin management protections. This is a non-technical way to add the same security that code provides.
What to know before locking plugin deactivation
- Admin access remains powerful. If someone has administrator rights, they can usually override restrictions unless you’re using DISALLOW_FILE_MODS or a multisite setup.
- Use caution when removing capabilities. Stripping admin rights or plugin capabilities from key roles can lock you out of important site controls if not done carefully.
- Backup your site first. Always test capability or config changes on a staging site or after making a full site backup.
Next steps for disabling plugin deactivation
Preventing plugin deactivation in WordPress is one of the best ways to secure your site from accidental changes or unauthorized tampering. Whether you choose code, plugins, or user role edits, each option gives you more control over your admin environment.
Start with the method that fits your use case: total lockout with DISALLOW_FILE_MODS, selective role control with a plugin, or a middle-ground using both.
Ready to upgrade your WordPress experience? Professional hosting improves speeds, security, and reliability for a website and a brand that people find engaging and trustworthy.
Don’t want to deal with server management and maintenance either? Our fully managed hosting for WordPress is the best in the industry. Our team are not only server IT experts, but WordPress hosting experts as well. Your server couldn’t be in better hands.
Click through below to explore all of our hosting for WordPress options, or chat with a WordPress expert right now to get answers and advice.
Additional resources
What is a WordPress plugin? →
A complete beginner’s guide to WordPress plugins and how to manage them
School Management System for WordPress: Top 7 [Updated]→
Manage classes, students, staff, and academic activities efficiently with a school management plugin for WordPress.
How to check if a plugin is safe →
Simple steps to evaluating a plugin before you install and activate it