Disable WordPress Update Checks via Code
To fully stop WordPress from checking for updates (core, plugins, and themes), place the following code in your theme’s functions.php file.
🧩 Theme Tip
If you’re placing the code in
functions.php, make sure you’re using a child theme — otherwise, your changes will be lost the next time the theme is updated.
Step 1: Disable Transient Checks
This prevents WordPress from caching or checking update data.
add_filter('pre_site_transient_update_core', '__return_null');
add_filter('pre_site_transient_update_plugins', '__return_null');
add_filter('pre_site_transient_update_themes', '__return_null');Step 2: Remove Core Update Hooks
These lines prevent WordPress from loading update-related functions in the admin panel.
remove_action('load-update-core.php', 'wp_update_plugins');
remove_action('load-update-core.php', 'wp_update_themes');
remove_action('load-update-core.php', 'wp_version_check');
Step 3: Block API Requests to wordpress.org
This final step stops WordPress from even attempting to connect to its update servers.
add_filter('pre_http_request', function($pre, $args, $url) {
if (
strpos($url, 'api.wordpress.org/core/version-check') !== false ||
strpos($url, 'api.wordpress.org/plugins/update-check') !== false ||
strpos($url, 'api.wordpress.org/themes/update-check') !== false
) {
return true; // Prevent the request from being sent
}
return $pre;
}, 100, 3);
This combination gives you complete control and ensures zero external calls to WordPress update APIs.
If you’d rather not add the code in separate blocks, you can simply copy and paste the following snippet into your theme’s functions.php file (preferably in a child theme).
// Disable update transients for core, plugins, and themes
add_filter('pre_site_transient_update_core', '__return_null');
add_filter('pre_site_transient_update_plugins', '__return_null');
add_filter('pre_site_transient_update_themes', '__return_null');
// Remove update check actions from the admin panel
remove_action('load-update-core.php', 'wp_update_plugins');
remove_action('load-update-core.php', 'wp_update_themes');
remove_action('load-update-core.php', 'wp_version_check');
// Block outbound update requests to WordPress.org
add_filter('pre_http_request', function($pre, $args, $url) {
if (
strpos($url, 'api.wordpress.org/core/version-check') !== false ||
strpos($url, 'api.wordpress.org/plugins/update-check') !== false ||
strpos($url, 'api.wordpress.org/themes/update-check') !== false
) {
return true; // Prevent the request from being sent
}
return $pre;
}, 100, 3);
Download the Free Plugin to Disable WordPress Updates Instantly
Instead of adding custom code, you can install a lightweight plugin I’ve developed specifically for this purpose — clean, minimal, and safe to use.
If you’d like, you can visit the GitHub releases page to get the latest version.
This plugin:
– Blocks all update checks for core, themes, and plugins
– Doesn’t rely on bulky third-party frameworks
– Written in clean native WordPress code
Potential Risks of Disabling Updates
While disabling updates can help with stability and compatibility, it comes with clear security trade-offs:
-
Security vulnerabilities: Outdated core or plugins may expose your site to known exploits.
-
Compatibility issues: Some plugins/themes may rely on newer WordPress functions.
-
Missing features or performance fixes that come with updates.
If you’re going to disable updates, make sure you:
-
Keep regular manual backups.
-
Periodically test updates in a staging environment.
-
Use a security plugin (like Wordfence or iThemes Security) to monitor threats.
By applying this method, you’re taking updates fully under your control — just make sure you’re also taking responsibility for maintaining the site’s stability and security manually.
