[wp-hackers] Block Specific Plugins

Nikola Nikolov nikolov.tmw at gmail.com
Thu Apr 30 11:34:43 UTC 2015

Stephen Rider's solution is the best IMO - cron job is not the best way,
because they might be able to start the export in even under 1
minute(that'd be hell of tricky and take some trial and error, but not

The code must go in a mu-plugin. My suggestion is to symlink the mu-plugins
folder in all of your projects to a single directory on your hosting.

Now, here comes another question though - having a blacklist is more
difficult(and much longer), than having a white-list. The white-list is
some extra work on a per-project basis, but protects you from tricks(like
renaming the directory of the plugin, zip-ing it and uploading it as a new
plugin - which your blacklist will never catch). I think you can manually
create an option in the DB(maybe some code in functions.php if you're going
to disable the editors anyway) that lists all plugins that are needed for
the site to function - this will be your whitelist. Just grab that option
from the DB in the filtering function and return it's value.

Andrew Bartel's advice is good too - if you're afraid that your clients
will leave you high and dry, then ask them to sign a contract. If they have
some doubts, point out that having a contract protects them too. If they
still refuse, just get up and leave - there's something fishy with them and
you don't want to have them as clients.

I use a modified version of the "Contract Killer
<https://gist.github.com/malarkey/4031110>", which you can find here
Obviously you would want to add your own clauses and adjust the existing
ones. I like that contract because it's written in an easy to understand
language(well, unless you make it complicated). I usually discuss the
contract with the clients and if they have any concerns I adjusted in a way
that works for both of us.

Note the Copyrights section - I preserve the ownership of the source code
and license it's use to the client. This way I can later re-use any parts
of the code in the case of something complex being created that could be
useful in another project.

On Thu, Apr 30, 2015 at 7:45 AM, Stephen Rider <wp-hackers at striderweb.com>

> Something like this will remove specific plugins any time WP calls the
> list of actives:
> add_filter( 'option_active_plugins', 'filter_get_active_plugins' );
> add_filter( 'transient_active_plugins', 'filter_get_active_plugins' );
> function filter_get_active_plugins( $data ) {
>         $blocked = array( <plugins you don’t want to allow> );
>         foreach ($blocked as $plugin) {
>                 unset( $data[$plugin] );
>         }
>         sort( $data );
>         return $data;
> }
> Some pseudo code there, but you get the idea.
> --
> Stephen Rider
> wp-hackers at striderweb.com
> http://striderweb.com/nerdaphernalia
> > On Apr 29, 2015, at 4:01 PM, chris at 314media.com wrote:
> >
> > Any function to block a specific plugins based on its repository name?
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list