Last updated December 6th, 2023 00:30
WordPress includes an internal editor for theme template files, which allows logged-in users to manually manipulate the source code. This gives you the ability to modify the functions and behavior of the theme template, which can be convenient on one hand, but a security risk on the other. In my opinion, it’s definitely better to disable this feature (I’ll explain why below) and handle any necessary edits via FTP or code snippets. In this article, I’ll show you how to disable file editing in the WordPress administration.
How to disable file editing in WordPress administration
Security Risk
The theme template file editor itself presents a security risk, especially if an unauthorized person gains access to the administration panel, such as a hacker. They could inject their own malicious code into the theme template files via the administration panel, which would harm the website’s users. Therefore, I always recommend deactivating this feature as a precautionary measure. Besides, the deactivation process is straightforward.
How to disable file editing in WordPress administration via the wp-config.php file
Disabling file editing involves adding a single line of code to the configuration file. Follow these steps:
- Log in to FTP using any FTP client.
- Open the root directory of your WordPress installation.
- Find the wp-config.php file and edit it.
- Add the following line of code:
// Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );
Once you have added the line of code above, save the changes. That’s it! If you log in to the administration panel, you will notice that the file editor is no longer in the appearance menu. This resolves the issue and minimizes the security risk.
Conclusion
This is just one of the few steps you can take to make your WordPress website more secure. For any future modifications, such as editing the functions.php file, I recommend using snippets or a plugin to insert code. Not only is it less risky in terms of code damage, but it is also much more convenient than editing files within the administration panel’s editor.
The website is created with care for the included information. I strive to provide high-quality and useful content that helps or inspires others. If you are satisfied with my work and would like to support me, you can do so through simple options.
Subscribe to the Newsletter
Stay informed! Join our newsletter subscription and be the first to receive the latest information directly to your email inbox. Follow updates, exclusive events, and inspiring content, all delivered straight to your email.
