Theme/Plugin editors are put inside your WordPress backend to make it easier to edit/customize the look and feel of your website. These features are accessible from Appearance > Theme Editor, Plugins > Plugin Editor respectively. It provides an editor to edit the code of your themes and plugins currently installed on your website. The editor packs a nice interface and numerous features such as error detection to help you efficiently edit your theme or plugin files without having to directly access the server.
While this is an extremely useful feature for someone who makes frequent changes to the website, it can also be exploited. For example, if someone gains access to your WordPress backend, they can easily hack into your files by editing the plugin/theme files. So, if you are not making any changes to your website from the backend or want to be extra secure, you can disable these two features. You can always edit the files using an FTP program to re-enable the editor in the future.
Usage
- To improve the security of the website by not letting anyone directly access the important theme/plugin files.
- If you want to give admin access to certain users/developers and you want to temporarily disable the plugin/theme editor so that they cannot make any changes directly from the backend. This will be extremely useful if you are hiring someone and they want to have a look at the backend of the website.
Code
// Disable Theme/Plugin editor
define( 'DISALLOW_FILE_EDIT', true );
Explanation
- Just a WordPress comment. Don’t worry about it. It allows you to determine the code from other code blocks.
- Defining the constant
DISALLOW_FILE_EDIT
to true to notify WordPress that you want to disable the ability to edit the files from the WordPress backend.