WordPress comes with a built-in theme and plugin editor that allows users to directly edit their theme and plugin files from the dashboard. However, editing can lead to issues such as website breakage and security vulnerabilities. To disable the theme and plugin editor in WordPress, users can add a line of code to the wp-config.php file or use a plugin like Sucuri WordPress. It is recommended to use alternative methods like the theme customizer for adding custom CSS or an FTP Client application for viewing plugin code to enhance security and prevent unauthorized access to the website.
Did you know that WordPress comes with a built-in theme and plugin editor? The code editor allows you to edit your theme and plugin files directly from your WordPress dashboard. Editing is quite useful but it can also lead to problems like breaking the website and potential security issues.
In this article, I will explain why and how to disable theme and plugin editor from WordPress admin area.
Why disable theme and plugin editor in WordPress?
WordPress comes with a built-in code editor that allows you to edit WordPress theme and plugin files directly from the admin area. The theme editor is located on the page Appearance » Theme Editor. By default, it will show the files of your currently active theme.
Similarly, you can see the plugin editor at the Plugins » Plugin Editor. By default, it will show one of the plugins that appears first in alphabetical order.
If you are accessing the theme or plugin editor for the first time, WordPress will warn you that using the editor may break your site.
Theme and Plugin Editor in WordPress 4.9
In WordPress 4.9, theme and plugin editors have been upgraded to protect users from accidentally breaking their sites. Often, the editor will encounter a fatal error and undo changes. However, this is not guaranteed and you may lose Admin access.
The biggest problem with the built-in file editor is that it gives full access to add any kind of code to your website. If a hacker breaks into your WordPress admin area, then they can use the built-in editor to gain access to all of your WordPress data. Hackers can also use it to spread malware or launch DDOS attacks from your WordPress site.
To improve WordPress security, we recommend completely removing the built-in file editors.
How to Disable Theme and Plugin Editor in WordPress
Disabling the theme and plugin editor in WordPress is quite easy. Just edit the wp-config.php file and paste the following code before the line That’s all, stop editing! Happy publishing
:
define( 'DISALLOW_FILE_EDIT', true );
You can now save your changes and upload the file back to your website. The editor will disappear from the theme and plugin menu in the WordPress admin area. You can also add this line of code to your theme’s functions.php file. If you don’t want to edit the file directly, you can install a plugin Sucuri WordPress offers 1-click hardening.
The Proper Way to Edit WordPress Plugin and Theme Files
Many users actually use the WordPress plugin and theme editor to look up code, add custom CSS, or edit code in their child themes. If you just want to add custom CSS to your theme, you can use the theme customizer located in Appearance » Customize. If you want to look up the code in a plugin, you can use an FTP Client application.
Epilogue
I hope you were able to disable Theme and Plugin editor easily. If you find it interesting, you can follow the basic WordPress section to learn more new knowledge. Follow fan page to receive the latest articles: Hocwordpress Group