How to Hide WordPress Update Notifications from Non-Admins

Posted on

There are many things you can do to keep WordPress secure. On this website alone, we’ve covered dozens of tips including changing the name of the login page, removing version information from WordPress, and many others. However, the single most important thing you can do to keep your installation safe and secure from hackers is to make sure that it’s always up-to-date. The team behind WordPress is constantly looking out for vulnerabilities and fixing them as soon as they appear. For this reason, updates to the core WordPress installation are a priority.

If you’re running an older version of WordPress, you must always keep in mind that your website is vulnerable. To underscore the importance of this, WordPress includes a comprehensive “nag” system. When a new version is out, it’ll make sure that everyone knows about it. The admins, the authors and editors – in short, anyone who is able to access the administration area will see a big message saying that the WordPress installation is out of date. You can see what that looks like in the screenshot here:

useless upgrade notice

While it’s easy to understand the motivations of the WordPress team to have this system, it’s undeniably irritating especially when users don’t have the ability to perform the upgrade on their own. This is the case in the screenshot above, and instead of seeing a “upgrade now” link, the user is simply instructed to contact the administrator. Personally, I doubt that this ever actually happens.

This can become a problem if you’re maintaining the website of one of your clients. You would like them to be abstracted from all of the day-to-day problems of running a WordPress website. This means that you don’t want them to know about any pending upgrades or administration notices. So how do we go about achieving this goal? How do we restrict the upgrade notifications only to those who can do something about it?

Luckily, WordPress has a convenient hook that allows us to remove unnecessary nag notifications based on whatever conditions we choose to impose. Let’s take a look.

Show Nag Notices only to Admins

For the purposes of this article, I’m going to use the word “admin” to designate those who have the capability to upgrade the core WordPress installation. Open up your functions.php file and paste the following before the closing ?> PHP tag:

function show_updated_only_to_admins()
    if (!current_user_can('update_core')) {
        remove_action( 'admin_notices', 'update_nag', 3 );
	remove_action( 'network_admin_notices', 'update_nag', 3 );
add_action( 'admin_head', 'show_updated_only_to_admins', 1 );

This hooks into the “admin_head” action and redirects us to a custom function where we first check whether or not the current user has the capability to update the core (update_core) and if so, removes the two actions that cause the update notification to be displayed. If you don’t know how to add code to your WordPress installation like this, take a look at my earlier tutorial on the same. Save the changes to your functions.php file and if everything goes well, the same screenshot above should now display without the notification for the user who can’t do anything about it:

removed site notice

Administrators and those who actually have the permissions to update the WordPress core will still continue to see the important notification regarding newer versions of WordPress. Technically, you can go all the way and remove these notifications altogether for every user – including admins. But that would be a terrible security blunder since it’s so easy to forget about patching WordPress without some kind of notice reminding you to do so.

Leave a Reply

Your email address will not be published. Required fields are marked *