How to Disable Plugin and Theme Updates and Installation

Due to installing a faulty plugin to one of my sites, I had an experience of being hacked — twice. What I noticed is that every time hackers got access to my site, they tried to install a new plugin. Because I already disable file editing in my WordPress dashboard, these new plugins they install are probably meant to be used as backdoors in the future.

So I found this quick way to disable future installs of plugins and themes (by wpmudev). To your wp-config file simply add

/**Disable plugin and theme updates*/
define('DISALLOW_FILE_MODS',true);

Unfortunately this prevents even your own updates and installs as well. Once the line is added to your wp-config file, you will simply stop receiving new updates notifications.

In the future, I will probably need another solution, but for now this is good enough for my compromised site that keeps getting hacked. I will settle for this code until I figure out how to close the backdoor.