You Should Disable WordPress Theme and Plugin Editor! WordPress comes with a built-in code editor that allows you to modify theme and plugin files directly from the dashboard. While this feature can be useful for quick edits, it can also pose a security risk if unauthorized users gain access to your admin area. To manage this feature effectively, you can disable or enable it using a simple line of code in your wp-config.php file.
Table Of Contents
Why Disable the WordPress Editor?
The WordPress editor, accessible under Appearance > Theme Editor and Plugins > Plugin Editor, can be a double-edged sword. Here are some reasons to consider disabling it:
- Security: Prevent unauthorized users or hackers from injecting malicious code into your files.
- Stability: Avoid accidental changes to critical theme or plugin files that could break your website.
- Best Practices: Encourages the use of proper development environments for making changes.
We have a complete article about WordPress Security, you can read it for more security tips.
How to Disable the WordPress Editor
To disable the built-in editor, follow these steps:
- Locate the
wp-config.phpFile:- This file is located in the root directory of your WordPress installation. in Cpanel, Direct Admin and similar webhost manage apps, it located in public_html folder .
- Edit the File:
- Open the
wp-config.phpfile in a text editor or code editor or online editor.
- Open the
- Add the Code:
- Add the following line of code before the line that says (Note: Check This Line Doesn’t Exists before add a new one, if Exists just edit it)
/* That's all, stop editing! Happy blogging. */:define('DISALLOW_FILE_EDIT', true); 
- Add the following line of code before the line that says (Note: Check This Line Doesn’t Exists before add a new one, if Exists just edit it)
- Save the File:
- Save your changes on online editor or re-upload the file if you’re using an FTP client.
Once added, the Theme Editor and Plugin Editor menus will no longer be accessible in the WordPress admin area.
How to Enable the WordPress Editor
If you need to re-enable the editor, you can simply remove the code or set it to false. Here’s how:
- Open the
wp-config.phpfile. - Locate the line:
define('DISALLOW_FILE_EDIT', true); - Modify it to:
define('DISALLOW_FILE_EDIT', false); - Save the file and upload it back to your server if necessary.
After this, the Theme Editor and Plugin Editor menus will be restored in the WordPress admin dashboard.
Additional Tips
- Use Ftp Clients:
- Instead of relying on the WordPress editor, You Can Upload Files to your webhost by Ftp Clients Like Filezilla.
- Secure Your Admin Area:
- Use strong passwords and two-factor authentication to minimize the risk of unauthorized access.
- Backup Your Site:
- Always take a backup of your site before making any changes to theme or plugin files.
Conclusion
Disabling the WordPress theme and plugin editor is a simple yet effective way to enhance your site’s security and stability. Whether you choose to enable or disable it, this feature should be managed thoughtfully based on your specific needs and development practices.