Deactivating Troy Client
If you can't find the Deactivate link — that's by design. Troy Client blocks its own deactivation while Troy-dependent plugins are installed. This page explains why, and how to remove it if you still want to.
What You See on the Plugins Screen
When Troy-dependent plugins are active, Troy Client:
- Removes the Deactivate link from its plugin row and links to this page instead.
- Hides the bulk-action checkbox so it cannot be selected during bulk deactivation.
- Displays a lock icon with a message listing the plugins that depend on it.
If Troy Client Daemon is active, the link to this page is removed, and the message simplifies to "Troy Client can not be deactivated" without listing individual dependents.
Why Deactivation Is Blocked
A plugin developer added Troy as an update channel for their plugin. Troy Client delivers new versions, security patches, and bug fixes from that developer to your site. Remove Troy Client, and that channel breaks.
That alone is reason enough to block deactivation. But there's a second reason.
WordPress.org can overwrite your plugins
WordPress sends your full list of installed plugin slugs to WordPress.org on every update check. WordPress.org can push updates without your approval through an autoupdate flag that installs code immediately, without your consent. This has been used to force-patch plugins affecting over a million sites and to seize a plugin from its developer and release a fork under the same slug.
A forced update from WordPress.org can silently overwrite the version a developer shipped — with code they didn't author or approve.
Troy Client blocks this:
- It strips Troy plugins from the outbound update request so WordPress.org never sees them.
- It forces
autoupdatetofalseon every inbound Troy plugin response — even if the source sendstrue.
Remove Troy Client, and both protections are gone.
Removing Troy Client
If you understand the risks and still want to remove Troy Client, follow these steps.
You will lose update protection:
Once Troy Client is removed, WordPress.org can overwrite every formerly protected plugin. The developer loses the ability to send updates to your site, and you lose control over which source delivers code. Reinstalling Troy Client later won't undo changes already made.
Identifying Dependent Plugins
You can find Troy-dependent plugins in two places in your WordPress admin:
- Plugins screen — Troy Client's plugin row displays a lock icon followed by the names of all dependent plugins.
- Tools → Site Health → Info → Troy Client — lists every Troy-enabled plugin with its update repository URL, version, and status.
Remove via the WordPress Admin
Remove dependent plugins
Deactivate and delete every plugin that depends on Troy. You can find them on the Plugins screen (listed under Troy Client's lock icon) or in Tools → Site Health → Info → Troy Client.
Troy Client will not unlock until all dependents are gone.
Deactivate Troy Client
Once no Troy-dependent plugins remain, the Deactivate link reappears on Troy Client's plugin row. Click it.
Delete Troy Client
After deactivation, click Delete on the Plugins screen to remove the plugin files.
Remove via FTP or File Manager
You can bypass the WordPress admin entirely by deleting the plugin folder directly:
wp-content/plugins/troy-client/
Delete this folder via FTP, SSH, or your hosting provider's file manager. WordPress detects the missing files on the next admin page load.
Same risks apply:
Deleting via FTP removes Troy Client's protections immediately. WordPress.org can overwrite your Troy-managed plugins on the next update cycle — which can happen within minutes.
