Is there a way to allow admin users to add plugins in a Wordpress admin dashboard even when the WP_ENV variable in the .env file is set as production?
Yes, if you define DISALLOW_FILE_MODS and set it to false for production in the config, you’ll be able to install plugins from the wp-admin
Thanks @ben! Do I add this into the production.php file in the config directory of my website? Also, is there any security risks or any risk at all in doing this to a production website?
I need to define DISALLOW_FILE_MODS and set it to false for production in the config to allow admins to be able to install plugins from the wp-admin.
Are there any security risks or any risk at all in doing this to a production website? Is it no advised to do so?
Allowing people to upload code that will be executed by your site is a pretty clear security risk.
In the context of bedrock, changing that setting will also prevent bedrock from being able to accurately track what plugins you have installed, since plugins installed/updated via the admin won’t modify the composer.json. That’s one of the primary purposes of bedrock, so if you’re going to disable it you’re working and cross-purposes with the stack.
This topic was automatically closed after 42 days. New replies are no longer allowed.