Looking at the way the plugin filters by user capability it seems to be using ‘install_plugins’ as the capability needed to load the plugin. When I set-up sites for clients that are managed by ourselves we use composer & wpackigist to install, update and remove plugins (I know developers who use WP-CLI for this purpose too) as well as define( 'DISALLOW_FILE_MODS', true ); which appears to set the 'install_plugins' to false for all users regardless of role.
As a result stopping the plugin loading using install_plugins doesn't really work and should be using a different capability check, maybe manage_options if DISALLOW_FILE_MODS is true?
At the moment I've hot-fixed my installation by changing to use manage_options in the following locations:
/includes/class-bsr-admin.php – Line 84 & Line 263
/better-search-replace.php – Line 56
Looking at the way the plugin filters by user capability it seems to be using ‘install_plugins’ as the capability needed to load the plugin. When I set-up sites for clients that are managed by ourselves we use composer & wpackigist to install, update and remove plugins (I know developers who use WP-CLI for this purpose too) as well as
define( 'DISALLOW_FILE_MODS', true );
which appears to set the 'install_plugins' to false for all users regardless of role.As a result stopping the plugin loading using
install_plugins
doesn't really work and should be using a different capability check, maybemanage_options
ifDISALLOW_FILE_MODS
is true?At the moment I've hot-fixed my installation by changing to use
manage_options
in the following locations: