By default, WordPress comes with a feature where users can edit theme and plugin file directly from the WordPress admin dashboard. This is a very useful option as it allows you to edit any theme or plugin file from the WordPress dashboard.
However, it can be a serious security issue to your site. If anyhow hackers gain unauthorized access to your WordPress admin panel, the first thing they look for is injecting malicious codes. Now, if your WordPress theme and plugin editors are editable, then they can inject any type of malicious code which will be unknown to you.
Besides, if you are running a multi-author WordPress site, then a higher-level user can edit your theme or plugin. Not to mention, any mis-edit in theme editor can end up by inaccessible to your website.
To prevent these type of issues, you can disable theme and plugin editors from your WordPress admin panel by adding a simple line of code to your (wp-config.php) file.
In this article, I will show you how to disable theme and plugins editors from your WordPress site.
How to disable theme and plugin editors from WordPress admin panel
Before we start, let’s see how the editor looks like.
You can access both theme and plugin editor by going Appearance> Editor and Plugins> Editor.
Disabling theme and plugin editors are quite easy. First, you need to login to your hosting cPanel and go to the root directory where your WordPress site is hosted.
From there, find the wp-config.php file and click on edit. Then add the following code:
define( 'DISALLOW_FILE_EDIT', true );
Save the file and reload your WordPress dashboard. You can see the theme and plugin editors have been removed. If you want to restore the feature, simply delete the code from the file.
That’s it. This is how you can disable theme and plugin editors from your WordPress dashboard.
Related articles,
- How to Password Protect WordPress login page
- How to Hide WordPress Version Number
- How to Create a Temporary Login Without Password
