How to Disable Theme and Plugin Editors from WordPress Admin Panel
By default, WordPress comes with a feature where users can edit theme and plugin file directly from the WordPress admin dashboard. This is a very useful option as it allows you to edit any theme or plugin file from the WordPress dashboard.
However, it can be a serious security issue to your site. If anyhow hackers gain unauthorized access to your WordPress admin panel, the first thing they look for is injecting malicious codes. Now, if your WordPress theme and plugin editors are editable, then they can inject any type of malicious code which will be unknown to you. Generally, most of the users hardly check their WordPress theme or plugin editor area and it’s hard to detect what is wrong in it. That’s why I recommend using Securi Security. Securi security always monitors our WordPress sites 24×7. More than that, it also scans your plugin file and if it detects any suspicious code in it, it lets you know via email notification and helps you to remove the hack.
Besides, if you are running a multi-author WordPress site, then a higher-level user can edit your theme or plugin. Not to mention, any mis-edit in theme editor can end up by inaccessible to your website.
To prevent these type of issues, you can disable theme and plugin editors from your WordPress admin panel by adding a simple line of code to your (wp-config.php) file.
In this article, I will show you how to disable theme and plugins editors from your WordPress site.
How to disable theme and plugin editors from WordPress admin panel
Before we start, let’s see how the editor looks like.
You can access both theme and plugin editor by going Appearance> Editor and Plugins> Editor.
Disabling theme and plugin editors are quite easy. First, you need to login to your hosting cPanel and go to the root directory where your WordPress site is hosted.
From there, find the wp-config.php file and click on edit. Then add the following code:
define( 'DISALLOW_FILE_EDIT', true );
Save the file and reload your WordPress dashboard. You can see the theme and plugin editors have been removed. If you want to restore the feature, simply delete the code from the file.
That’s it. This is how you can disable theme and plugin editors from your WordPress dashboard.