Our agency does a lot of development on local servers, and then migrates WordPress websites to live production hosting.
A common issue we've come across when developing locally and then migrating via all-in-one WP migrate two hosts like Cloudways, Pantheon, and WPEngine is getting locked out of adding new plugins, deleting existing plugins, and updating WordPress.
When we first encountered this issue, we did a lot of searching online typing queries like:
Unfortunately, all of these queries lead to guides that don't give you a definite answer on how to re-enable the add new plugin capability to WordPress. We created this guide to help you with their situation, as it's a pretty simple fix if you're experiencing the same issue that we typically experience (let’s hope it shows up on Google and actually helps people ????).
The problem is being unable to add new WordPress plugins, and delete existing WordPress plugins. Furthermore, you cannot access the default WordPress update page on the back end and you cannot update the WordPress version of your website. Hovering over the plugins menu, which usually gives you a sub menu of three options does nothing.
If we manually enter the URL that should allow us to install plugins, we get this error message “Sorry, you are not allowed to access this page.”
Doing all the basic troubleshooting, like checking the database, ensuring that you have admin privileges, disabling all plugins, disabling all themes, reverting to the default 2020 theme, and more does absolutely nothing to help this situation.
Lucky for you, this problem is typically caused by a built in WordPress feature called disallow file edit, and disallow file mods.
If you head over to your WordPress Config (wp-config.php) file (via FTP, C panel, or a file browser),
The simple way to fix being unable to add or delete WordPress plugins is to change these two lines of code from true to false.
define('DISALLOW_FILE_EDIT', false);
define('DISALLOW_FILE_MODS', false);
At least for us, this situation typically occurs when we are migrating our websites from local WAMP development to publicly accessible production servers.
In our case, this is automatically written by the receiving host (typically Cloudways) as a way to protect the website from hackers.
The most noticeable thing that this causes is locking an admin user from being able to add new plugins, delete existing plugins, update WordPress, and do as the rules suggest (edit files and modify files).
You may also experience an error with your site health interface in WordPress.
In our case, every time the disallow file mods and disallow file edits settings are causing this problem, we get one critical issue in our site health status interface in WordPress. The critical issue states that background updates are not working as expected, that a plugin has prevented updates, that all automatic updates are disabled, and that our index.PHP file is not writeable by WordPress.
Unfortunately, WordPress doesn't state that a common cause of the background updates are not working as expected issue with this site health check can simply be fixed by editing those two lines of code in the WP-config.php file.
You may also not be able to access the theme editor, and the plugin editor from the WordPress back end.
These two functions in WordPress are created for security. Disabling the ability to edit files and modify files from the back end can harden your website in the case of an attack/hack.
If a hacker is able to access a well privileged account, which would typically be an admin, they would be unable to inject malicious code via the back end of the WordPress website.
At the same time, if a hacker is trying to get into your website, there are probably much better methods to do it, and we feel that the disallow file mods is a bit outdated. You can seriously hard in the security of your WordPress website via third party plugins like WordFence (we wrote a guide on that here), and disallowing file edits (again, our opinion) causes more confusion than good.
The WordPress Codex also mentions something else: disallowing file editing and modification can safeguard your website against users editing files that would end up crashing the site. This may be a more appropriate use of the define( 'DISALLOW_FILE_EDIT', true );, But there are also plugins that will allow you to fine tune these restrictions.
If we would like to read more about these features, browse the official WordPress Codex: https://wordpress.org/support/article/editing-wp-config-php/#disable-the-plugin-and-theme-editor
This short guide should have helped you fix the following problems:
This issue typically occurs after migrating your website, and can simply be fixed by going into your WordPress config file and changing the two lines of code from true to false:
define('DISALLOW_FILE_EDIT', false);
define('DISALLOW_FILE_MODS', false);
We hope this guide on how to re enable adding new WordPress plugins helped you in troubleshooting your issue. We understand how frustrating this problem might be, and if we were unable to answer your question, please let us know in the comments. We will work with you to troubleshoot the issue, and publish a step by step guide on your individual issue if need be!
Yo, thank you so much. It worked!
Thanksss, I was trying to fix this problem!!!!
nice i was starting to pulling my hair
it worked bro love you this is the only blog which helped me