In my wp-config.php file I have define('DISALLOW_FILE_MODS', true); which stops clients from being able to update plugins or add new ones.
It also stops WP from running its auto update when a security patch is released.
Is there a ways I can stop the plugin updating and adding but allow WP to update itself automatically?
Would additionally having define('WP_AUTO_UPDATE_CORE', 'minor'); override that aspect of DISALLOW_FILE_MODS?
It’s a bit of a difficult thing to test since the updates don’t happen all that often.
To answer your question directly, you can use the file_mod_allowed filter to override the DISALLOW_FILE_MODS setting for the automatic updates only. Here is an example of how to do it:
add_filter('file_mod_allowed', 'override_file_mod_allowed', 10, 2);
function override_file_mod_allowed($setting, $context){
if ($context == 'automatic_updater'){
return true;
}
return $setting;
}
The second option, as someone suggested to me in the WordPress IRC channel, is to give the client an editor user role rather than an admin, as this seems to be closer to their needs.
