How to Disable Theme and Plugin Editors From WordPress Admin Panel:-Did you guys know WordPress has built-in themes & plugin editors? This plain code editor enables you to edit your theme and plugin files directly from WordPress dashboard. This may seems really helpful but it can also cause issues like breaking your site & potential security issues when merged with other vulnerabilities.
In this post, we will explain why and how to disable theme & plugin editors from WordPress admin area.
Why Disable Theme and Plugin Editors in WordPress?
WordPress comes with inbuilt code editor which allow you to make edits to WordPress them and plugin files directly from admin area.
The theme editor is present at Appearance >> Theme Editor page. By default it shows current active theme files.
Similarly the plugin editor can be available at Plugins>>Plugin editor page. By default, it shows one of the installed plugins from your website that comes first in alphabet order.
If you visit theme or plugin editor for first time, WordPress will warn you about using editor can break your site.
In wordpress 4.9 editors are upgraded to protect users from accidentally breaking their site. In many cases, the editor will get fatal error and revert back the changes.
How to Disable Theme and Plugin Editors From WordPress Admin Panel
However that’s not guaranteed and some code may slip through & you would end up losing access to admin area. The main issue with the built-in file editor is that it gives access to add any kind of code to your site.
If a hacker broke into WordPress admin area, then they can access your built-in editor to gain access to all you website data. Hackers also make use of it to distribute malware or launch DDOS attacks from WordPress site.
To improve WordPress site security, we advise to remove built-in file editors completely.
How to Disallow Themes and Plugins Editor in WordPress:-
Disabling plugins & theme editor in WordPress is easy. Simply edit wp-config.php file and paste following code just before the line: ‘That’s all, stop editing! Happy publishing!’
define(‘DISALLOW_FILE_EDIT’, true);
Now you can save changes and upload the file back to your site. That’s all theme & plugin editor will now disappear from themes and plugins menus in admin area.
You may also add this line of code to theme’s functions.php file, a site specific plugin or using code snippets plugin.
If you don’t wish to edit file directly, then you can install Sucuri WordPress plugin which provides 1 click hardening feature.
Proper Way to edit WordPress Theme and Plugin Files:
Many wordpress users use WordPress theme and plugin editors to look up the code, editing child themes code or to add custom css.
If you want some custom css to your website then you can also do this by using customizer located under Appearance>> Customize
If you want to look up the code in plugin, then you can do so by using FTP client. For better syntax highlighting & file management, you can use these code editors for editing wordpress files on your computer.
Lastly you can also build a custom WordPress theme without any coding.