WordPress includes an internal editor for theme template files, which allows logged-in users to manually manipulate the source code. This gives you the ability to modify the functions and behavior of the theme template, which can be convenient on one hand, but a security risk on the other. In my opinion, it’s definitely better to disable this feature (I’ll explain why below) and handle any necessary edits via FTP or code snippets. In this article, I’ll show you how to disable file editing in the WordPress administration.
How to disable file editing in WordPress administration
The theme template file editor itself presents a security risk, especially if an unauthorized person gains access to the administration panel, such as a hacker. They could inject their own malicious code into the theme template files via the administration panel, which would harm the website’s users. Therefore, I always recommend deactivating this feature as a precautionary measure. Besides, the deactivation process is straightforward.
How to disable file editing in WordPress administration via the wp-config.php file
Disabling file editing involves adding a single line of code to the configuration file. Follow these steps:
// Disallow file edit define( 'DISALLOW_FILE_EDIT', true );
Once you have added the line of code above, save the changes. That’s it! If you log in to the administration panel, you will notice that the file editor is no longer in the appearance menu. This resolves the issue and minimizes the security risk.
This is just one of the few steps you can take to make your WordPress website more secure. For any future modifications, such as editing the functions.php file, I recommend using snippets or a plugin to insert code. Not only is it less risky in terms of code damage, but it is also much more convenient than editing files within the administration panel’s editor.
More content about WordPress
Je mi líto, že pro Vás nebyl článek užitečný.
Jak mohu vylepšit článek?
Řekněte mi, jak jej mohu zlepšit.