I've already tried the DISALLOW_FILE_MODS constant, but it disables plugin updates as well, which is not what I need. I need automatic theme and plugin update checking, and the ability to install the found updates to work in the Wordpress dashboard, but disallow new plugin and theme installs. How could I achieve this?

I've already tried the DISALLOW_FILE_MODS constant, but it disables plugin updates as well, which is not what I need. I need automatic theme and plugin update checking, and the ability to install the found updates to work in the Wordpress dashboard, but disallow new plugin and theme installs. How could I achieve this?

• plugins
• security
• updates
• dashboard

• seems that creating an user and give him a different role would do the same, the administrators will have access, but other roles will not. its an alternative – tiago calado Commented Dec 25, 2021 at 21:08
• Well yes, that is true. However, I would like to disable it for everyone, so even the admins couldn't install new plugins (I was thinking about the reprecussions of an admin area intrusion, and was thinking of a way to protect the site's files, so the intruder couldn't just install a file manager plugin and access sensitive files, such as the WP-Config file and such). – Evaldash Commented Dec 26, 2021 at 22:11
• I think wp doesnt have such a thing, the most alike is what you already have with the disallow_file_mods. But I could be wrong, But there are others ways to achieve such a task, one is for example activate by default disallow_file_mods, create a cron job that runs 1 time each day or whatever, that deactivates disallow_file_mods, do the updates if any, and activate disallow_file_mods again. – tiago calado Commented Dec 27, 2021 at 0:21
• update, create a super admin, that way only super admin can have those functionalities, check point 6 of this page themeisle.com/blog/wordpress-user-roles – tiago calado Commented Dec 28, 2021 at 0:20

1 Answer 1

This would probably make a job done, although using die is not the pretty way

add_filter( 'upgrader_package_options', function( $options ) {

    if (
        isset( $options['hook_extra']['action'] ) &&
        $options['hook_extra']['action'] === 'install' &&
        isset( $options['hook_extra']['type'] ) &&
        in_array( $options['hook_extra']['type'], [ 'plugin', 'theme' ] 
    ) {
        die('Plugins & Themes installation disabled!');
    }

    return $options;
} );