WordPress allows users to edit the Theme/Plugin files directly from the WordPress dashboard. This is a great feature that makes it extremely easy to edit the files without having to access the hosting account every single time. However, this also opens a door for the hackers and exploiters to inject files and scripts to your website. So, if you ever wanted to disable this built-in feature provided by WordPress, this guide might help you in accomplishing that.
Steps to Disable File Editing in WordPress Admin Area
- Open the wp-config.php file located in the directory of your WordPress installation.
- Add the following line of code just above the line saying /* That’s all, stop editing! Happy blogging. */.
define( 'DISALLOW_FILE_EDIT', true );
- Save the changes.
As soon as you save the changes to your wp-config.php file, you will no longer see the Editor option in your Appearance or Plugins menu sections. Which means, no one will be able to edit your files from the WordPress dashboard or inject some bad scripts in your content. If you don’t make frequent changes to the theme files such as functions.php or any other plugin files, it is recommended to disallow file editing from the WordPress dashboard.