WordPress provides file editing capabilities in two specific locations. One is through Appearance » Editor and other is through Plugins » Editor.
Using this feature you can edit Theme and Plugin files from the comfort of your WordPress dashboard.
Having access to file editors is extremely helpful for administrators and webmasters.
But this feature pose a significant threat to your website’s security.
Why You Should Disable File Editing Capabilities?
- If your website is hacked, hackers can use the file editors to make malicious code changes to the files.
- To be on the safer side, it’s always advisable to disable file editing capabilities in the WordPress admin dashboard.
- Editing theme and plugin files should be done safely via SFTP.
- In this post, I will show how to disable file editing capabilities on your WordPress website.
Modifying Your wp-config.php With SFTP
First, you should have access to the Server via FTP. FileZilla and WinSCP are great free tools if you don’t have one already.
Once logged in to the Server, perform below steps:
- Find wp-config.php file in the root WordPress directory and download the file to your desktop.
- Create a backup copy of the file.
- Open the file using your preferred text editor.
- Navigate to the bottom of the file and paste in the lines of code displayed below.
/** Disable File Editor */ define( 'DISALLOW_FILE_EDIT', true );
- Once you add the code, here’s how it should look:
- Save the file and then upload it to your server, replacing the original wp-confg.php file.
Modifying Your wp-config.php With cPanel
- Access cPanel and navigate to “Files” section.
- Now click “File Manager”.
- A directory selection window will pop-up. Select Web Root and click “Go”.
- Find your wp-config.php file and select it.
- Download wp-config.php file and save a copy to your desktop.
- With the file still highlighted, click edit (at the top of the screen) and then click edit in the popup window to confirm.
- Scroll to the bottom of the file and add the following code.
/** Disable File Editor */ define( 'DISALLOW_FILE_EDIT', true );
- Click “Save”. Once you add the code, here’s how it should look:
Now, both your Theme and Plugin editors should be disabled.
Always Backup Before Making Changes
- wp-config.php is one of the most important file in WordPress installation.
- Any errors or accidental deletion will cause your site to be inaccessible. Please be careful while making changes to the wp-config.php file.
- It’s always better to create a backup of your website before making any changes to files.
- In case of errors, you can always restore the site from your backup.
- Icon by Smashicons