List of content you will read in this article:
There are many things that need to be taken into account when hosting a website, even ones made with WordPress. One such thing is its security. While there is no single sure way to keep your site 100 percent safe, there are a few steps that you can take to keep it safe, even if your login information is compromised. Today, we will discuss disabling plugin and theme editors in WordPress and why in most cases you should keep them disabled.
Why Disable Plugin and Theme Editor?
One of the features of WordPress is its built-in code editor that allows users to edit WordPress theme and plugin files directly from the admin area. The theme editor can be found in Appearance -> Theme Editor and the plugin editor is located at Plugins -> Plugin Editor.
While they are both convenient features, it’s not too difficult to make a strong case for disabling access to the theme and plugin editors. In fact, when you visit either of the editor pages for the first time, a warning message pops up saying that using the editor may break your site. It looks like this:
Along with this danger, they also pose some significant security risks. Not to mention what might happen if someone inadvertently makes changes to a file. If a hacker gains access to your WordPress blog dashboard, they could easily edit the files as they see fit, potentially executing malicious code. The result can be an expensive and time-consuming problem to fix.
How to Disable Theme and Plugin Editors in WordPress?
The easiest way to disable both editors is by adding a single line of code to your wp-config file on your web hosting platform.
The first step is to log in to your cPanel VPS (usually found at http://yourdomain.com/cpanel). Once you’ve logged in, follow these steps:
Select Web Root and find your wp-config.php file and select it.
Click download and save a copy to your desktop (this will serve as your backup file).
With the file still highlighted, click edit (at the top of the screen) and then click edit in the popup window to confirm.
Scroll to the bottom of the file, add a single blank line and then paste in the code from below.
// Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );
Now, if you go back into your WordPress admin panel, you should find both editors disabled. In case you have a problem or make a mistake while editing your files, you can always upload your backup file and start from scratch.
We hope that you now see the upsides to disabling the WordPress Theme and Plugin editors, especially if you do not customize them using programming. By following this simple tutorial, you should now be able to effortlessly disable these features. If you have any questions or suggestions, please leave them in the comment section below.