Stand-Alone WordPress Plugin Deactivator

      Comments Off on Stand-Alone WordPress Plugin Deactivator

If you have ever got the “white screen of death” or another error in WordPress due to activating too many plugins or a dodgy plugin, and cannot get into wp-admin to sort it, you will appreciate this simple stand-alone plugin deactivator script.

The problem is that if WordPress cannot load or runs out of memory you just get a white screen with no way of getting back in to wp-admin to solve the problem. Often this is caused by having too many plugins loaded (shared hosting often only allows 32MB memory for PHP and a large number of plugins can easily exceed that), or by a dodgy or badly coded plugin.

The normal solution is to access the installation via FTP or a file manager and rename the folder of the offending plugin so that it doesn’t load. But if you don’t have FTP access, or would rather not give your clients that access, you are stuck.

The list of active plugins is stored in a single database entry named ‘active_plugins’ in the ‘wp_options’ table, however the format of the value does not lend itself to manual editing – if you even have or allow access to phpMyAdmin.

This simple PHP script reads the database value and displays the active plugins in a list with tick boxes and a button to unselect those ticked. It runs independently of WordPress so it will work even if WordPress won’t. The only WordPress files it uses are ‘wp-config.php’ (for the database settings) and ‘wp-admin/css/install.css’ (to make it look nice). The active plugin files are just read as text files to get their names.

wp-plugin-deactivator

Installation

Simply download the PHP script, unzip it and put it in your WordPress root folder (the same folder as the ‘wp-config.php’ file).

You can then access it by going to http://<blog-domain>/deactivate-wordpress-plugins.php in your browser.

If you want to put it in a different folder just change the three config values at the top of the script to suit the changed paths.

Security

The security problem should now be obvious. Anyone who knows or guesses that URL can deactivate your plugins, messing up your WordPress blog. Here are a couple of possible solutions:

  1. Rename the PHP script to something really obscure (such as a string of random characters) so nobody could guess it.
  2. Put the script in a folder protected with a .htaccess password. You will need to change the three config values at the top of the script to suit the changed paths.

Release Notes

Version 1.0 (14/02/2013)

  • Original release
  • Tested with WordPress 3.5.1

Version 1.1 (19/03/2015)

  • Read rather than include config file
  • Uses mysqli functions (instead of deprecated mysql ones)
  • Uses serialize() and unserialize() functions correctly
  • Tested with WordPress 4.1.1

Version 1.2 (19/05/2015)

  • Updated copyright details
  • Tested with WordPress 4.2.2

Disclaimer

This PHP script is offered on an ‘as-is’ basis with no guarantee that it will work correctly etc. Please carry out your own tests before using it. No liability is accepted for any errors or damage however caused. Tested on WordPress versions 3.5.1, 4.1.1 and 4.2.2 only.

This PHP script is free of charge, however I would appreciate a link to this website if you find it useful. The copyright notices must not be removed.

This script is not endorsed by or in any way connected with WordPress.

This script is Copyright (c) 2013-2015 Paul Stenning.

Click here to download the PHP script (in a ZIP file)