Roots Discourse

Allow adding plugins in Wordpress when WP_ENV is set to production. Is this possible?

Is there a way to allow admin users to add plugins in a Wordpress admin dashboard even when the WP_ENV variable in the .env file is set as production?

Yes, if you define DISALLOW_FILE_MODS and set it to false for production in the config, you’ll be able to install plugins from the wp-admin

Thanks @benword! Do I add this into the production.php file in the config directory of my website? Also, is there any security risks or any risk at all in doing this to a production website?

I need to define DISALLOW_FILE_MODS and set it to false for production in the config to allow admins to be able to install plugins from the wp-admin.

Are there any security risks or any risk at all in doing this to a production website? Is it no advised to do so?

Allowing people to upload code that will be executed by your site is a pretty clear security risk.

In the context of bedrock, changing that setting will also prevent bedrock from being able to accurately track what plugins you have installed, since plugins installed/updated via the admin won’t modify the composer.json. That’s one of the primary purposes of bedrock, so if you’re going to disable it you’re working and cross-purposes with the stack.

This topic was automatically closed after 42 days. New replies are no longer allowed.