Disable WordPress Plugin and Theme Editor
It’s not too difficult to make a strong case for disabling access to the theme and plugin editors that are easily accessible from within the WordPress admin dashboard.
While having access to the editors can be incredibly convenient at times, they also pose some significant security risks. Not to mention what might happen if someone inadvertently makes changes to a file.
If a hacker gains access to your WordPress blog dashboard, they could easily edit the files as they see fit, potentially executing malicious code. The result can be an expensive and time-consuming problem to fix.
The easiest way to disable both editors is by adding a single line of code to your wp-config file on your web hosting platform.
The first step is to login to your cPanel VPS (usually found at http://mydomain.com/cpanel). Once you’ve logged in follow these steps:
Select Web Root and find your wp-config.php file and select it.
Click download and save a copy to your desktop (this will serve as your backup file).
With the file still highlighted, click edit (at the top of the screen) and then click edit in the popup window to confirm.
Scroll to the bottom of the file, add a single blank line and then paste in the code from below.
// Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );
Now, if you go back into your WordPress admin panel, you should find both editors disabled. In case you have a problem or make a mistake while editing your files, you can always upload your backup file and start from scratch.