Everyone who builds and/or (technical) manage websites for their clients probably recognises the following situation. Your client’s website ‘suddenly’ breaks, after asking what happend you probably got one of the following answers:
- Installed/Updated/Removed random plugin name
- Installed/Updated/Removed random theme name
- Updated WordPress (Core)
Of course plugins, themes and Core should be updatable, but backing up your files and database before doing so is advised. Plus majority of my clients don’t want anything to do with these things, they want to spend their time on other stuff (that’s why they’ve got a technical manage and support plan in the first place).
So we don’t want our clients to install, update and remove plugins and themes, and update their WordPress Core. At first sight this doesn’t look like a problem, just don’t give them the Administrator role. Unfortunately allot of plugins require your client to have the Administrator role to work properly. Modifying the plugin to make it work with a lower role will remove its ability of updating and you definitely don’t want to start hacking into the WordPress default roles.
The solution is simple, install Admin Restriction. Admin Restriction is a plugin I wrote that disables installing, updating and removing plugins and themes, and disables updating the WordPress Core for all users except for the Administrator user with ID 1. The only restriction this plugin has is that your Administrator account has to have user ID 1 in the database, which is most likely the case if you’re the creator of the website.