How To Hide WordPress Plugins From Some Users

You can use the undocumented all_plugins filter to control what plugins will show up on the “Plugins” page.

WordPress applies this filter to the list of all installed plugins just before sorting it into “active”, “inactive”, “update available” and other categories and displaying it to the user. The list of plugins is an array indexed by plugin file path relative to the plugins directory. To hide a plugin, remove the corresponding array entry and return the modified array.

Here’s a practical example:

function filter_visible_plugins($plugins) {
	//Plugin file paths relative to /wp-content/plugins/
	$pluginsToHide = array(
		'akismet/akismet.php',
		'hidden-plugin/hidden-plugin.php',
		'another-plugin/filename.php',
	);

	//As an example, lets hide the above plugins from everyone 
	//except user 'smith'. Replace this with your own security checks.
	$currentUser = wp_get_current_user();
	$shouldHide = $currentUser->get('user_login') != 'smith';

	if ( $shouldHide ) {
		foreach($pluginsToHide as $pluginFile) {
			unset($plugins[$pluginFile]);
		}
	}

	return $plugins;
}
add_filter('all_plugins', 'filter_visible_plugins');

Technically, this doesn’t actually deny users who can’t see a plugin the ability to (de-)activate it, but since WordPress won’t give them an “Activate” link they won’t have the nonce required to do it. So it should be pretty secure in practice.

If you want to learn more about how the all_plugins filter works, take a look at the prepare_items() method in /wp-admin/includes/class-wp-plugin-list-table.php.

Related posts :

One Response to “How To Hide WordPress Plugins From Some Users”

  1. Maor Chasen says:

    This is one killer snippet! I like the idea. I’ve been thinking to check for a specific capability and based on that to show or hide the plugins, but your approach is also very useful.

Leave a Reply