Bedrock: Updating WP Core and plugins from WordPress admin

If you deliver a Bedrock website to a client, and you want the client to maintain the installation (perform core & plugin updates), you need to allow file mods: add Config::define('DISALLOW_FILE_MODS', false); to /config/environments/production.php.

The main problem with this approach is that it allows users not only to update WP core & plugins, but it also allows users to add plugins. This means when you deploy a new version, these plugins will be deleted.

I created a mu-plugin which disables plugin installation from the WordPress admin. The plugin simply removes the install_plugins capability. I have added a check 'plugin-install.php' != $pagenow, to make sure we can view update notes (changelog).

composer require tombroucke/otomaties-disable-plugin-installation

Be carefull when deploying a new version, because the plugins in your git repository could be out of date, so you need to update them accordingly or you could experience some problems caused by regression.

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *

Overtuigd?

Neem dan contact op voor een offerte of vrijblijvend gesprek.
Stuur een e-mail naar [email protected] of maak gebruik van het contactformulier.