Disabling Theme and Plug-in Editors from the WordPress Dashboard
- November 2, 2016
- Leave a comment
WordPress by default permits it’s users (administrators) to edit the theme and plug-in files from the admin panel (Dashboard). It looks like a very good feature for the users but at the same time, it can be dangerous.
Let’s assume that you have lost the internet connection while updating a Theme or plug-in file, your website is screwed now. Reason being that the file can not be updated completely due to the lost connection and your file is empty now. Even the file has a zero chance of recovery. And if somehow hackers access your admin panel and this feature is activated, then they can easily modify the file or remove code from it.
In order to avoid this problem, it is a best practice to disable Theme and plug-in editors from the WordPress Dashboard. You need to just add the following line of code in your wp-config.php file:
define('DISALLOW_FILE_EDIT', true );
Instead of wp-config.php file, you can also add this line of code in your Theme’s functions.php file.
If it is compulsory for you to update a Theme or plug-in file from the admin panel, then it is advisable to take a backup of the file. In this way, you will be able to restore the file (in case of any loss).