Wordpress - How to disable core and plugin updates
Yes you can do that…
define( 'DISALLOW_FILE_MODS', true );
Put this snippet in your wp-config.php
file and you will able to disable core and plugin updates.
Disable Plugin updates all together
It should be as easy as that:
<?php
defined( 'ABSPATH' ) or exit;
/* Plugin Name: (#120589) Disable Plugin Updates */
remove_action( 'load-update-core.php', 'wp_update_plugins' );
Deny (or reroute) Updates for Themes/Plugins
Single core and theme updates can be deactivated by this script my Mark Jaquith:
For plugins from within some themes files
// Plugins
add_filter( 'http_request_args', 'cws_hidden_plugin_12345', 5, 2 );
function cws_hidden_plugin_12345( $r, $url )
{
if ( 0 !== strpos( $url, 'http://api.wordpress.org/plugins/update-check' ) )
return $r;
$plugins = unserialize( $r['body']['plugins'] );
unset(
$plugins->plugins[ plugin_basename( __FILE__ ) ],
$plugins->active[ array_search( plugin_basename( __FILE__ ), $plugins->active ) ]
);
$r['body']['plugins'] = serialize( $plugins );
return $r;
}
For themes from within a themes functions.php
file
// Themes
add_filter( 'http_request_args', 'cws_hidden_theme_12345', 5, 2 );
function cws_hidden_theme_12345( $r, $url )
{
if ( 0 !== strpos( $url, 'http://api.wordpress.org/themes/update-check' ) )
return $r;
$themes = unserialize( $r['body']['themes'] );
unset(
$themes[ get_option( 'template' ) ],
$themes[ get_option( 'stylesheet' ) ]
);
$r['body']['themes'] = serialize( $themes );
return $r;
}
Disable specific plugins
From within any custom plugin as described in this answer here on the stack:
<?php
defined( 'ABSPATH' ) or exit;
/* Plugin Name: (#120589) Disable Aksimet Updates */
add_filter( 'site_transient_update_plugins', 'wpse120589DisableAkismetUpdates' );
function filter_plugin_updates( $value )
{
unset( $value->response['akismet/akismet.php'] );
return $value;
}
Core updates
Actually that should be as easy as that:
<?php
defined( 'ABSPATH' ) or exit;
/* Plugin Name: (#120589) Disable Core Updates */
add_filter( 'pre_site_transient_update_core', '__return_null' );
For older versions John Billion has written a complete plugin that targets them all.
Further info and fine grained control for Automatic updates
Andi Nacin just put up a post on WordPress/Make that gets into detail on that topic:
Version Control is a shut down switch:
If WordPress detects a version control system, it recognizes you know what you are doing and avoids automatic updates of any kind. It looks for Subversion, Git, Mercurial, and Bazaar, and it looks everywhere.
It works by searching two directories (ABSPATH and whatever you are updating, like
WP_PLUGINS_DIR
, orWP_LANG_DIR
) for VCS directories (.svn
,.git
,.hg
,.bz
). And it looks a level up, too — and keeps looking until it reaches the root of the drive. So if you are running a single Subversion checkout at/
or/var/www/
or/var/www/mysite.com/
, the WordPress install at/var/www/mysite.com/public_html/wordpress/
will be blocked from receiving updates. Clearly, it errs on the site of caution.
The same goes for disabling the File and Themes Editor:
The
DISALLOW_FILE_MODS
constant blocks any kind of filesystem changes, not just by background updates but by all users as well. So, gone are the file editors; the ability to update core, themes, or plugins; and the ability to install new themes or plugins.
Single wp-config.php
switch:
define( 'AUTOMATIC_UPDATER_DISABLED', (bool) true/false );
and
# Disables all core updates:
define( 'WP_AUTO_UPDATE_CORE', false );
# Enables all core updates, including minor and major:
define( 'WP_AUTO_UPDATE_CORE', true );
# Enables core updates for minor releases (default):
define( 'WP_AUTO_UPDATE_CORE', 'minor' );
More detail on the linked post.
Note: All above code is scraped during a 5 minute google search run and therefore not tested, only visually diffed/tested against the GitHub WordPress source code and GitHub search results. You have to verify the contents yourself. Also, for the future, please include such research in your question.