Did you know WordPress includes a disable theme and plugin editors? This simple code editor lets you change your theme and plugin files right from the WordPress dashboard. This may look to be very useful, but it can also cause problems.

Such as breaking your site and possible risks to security when combined with other deficiencies. This post will explain why and how to disable theme and plugin editors in the WordPress admin area.

Why Disable Theme and Plugin Editors in WordPress?

WordPress includes a built-in code editor that allows you to modify WordPress themes and plugin files directly from the admin area.

The theme editor is found on the Appearance » Theme File Editor page. By default, it displays the files related to the currently active theme.

Similarly, the plugin editor may be found on the Plugins » Plugin File Editor page. By default, it will display the first plugin installed on your site in alphabetical order.

If you visit the theme or plugin editor page for the first time, WordPress will warn you that using the editor may cause your website to crash.

Theme and plugin editors in WordPress 4.9 have been improved to keep users from accidentally breaking their websites. In most cases, the editor will detect a fatal error and revert the changes. However, this is not guaranteed, and some code may still creep through, resulting in you losing access to the WordPress admin panel.

The main issue with the built-in file editor is that it allows you to add any code to your website. If a hacker gains access to your WordPress admin area, they might use the built-in editor to view your WordPress data. Hackers can also use it to spread malware or launch DDOS attacks against your WordPress site.

To boost WordPress security, we recommend deleting the built-in file editors entirely. That being said, let’s look at how to easily disable the theme and plugin editors in WordPress.

How to Disable Theme and Plugin Editors in WordPress

Disabling theme and plugin editors in WordPress is simple. However, WordPress demands the addition of code. If you’ve never done this before, check out our guide to pasting web snippets into WordPress.

You can add this line of code to your theme’s functions.php file, a site-specific plugin, or a code snippets plugin.

define( 'DISALLOW_FILE_EDIT', true );

We recommend the WPCode plugin because it is free, simple to use, and will not harm your website if something goes wrong. WPCode also has a paid edition, which includes additional capabilities like code changes, automated conversion pixels, scheduled snippets, and more.

First, install and activate the free WPCode plugin.

Once the plugin is activated, click Code Snippets » Add Snippet to your WordPress dashboard. Then, hover over the ‘Add Your Custom Code (New Snippet)’ option and select the ‘Use Snippet’ button.

Add a title to your snippet and paste the above code into the ‘Code Preview‘ box. In addition, pick ‘PHP Snippet‘ as the code type from the dropdown menu on the right.

After that, simply switch from ‘Inactive’ to ‘Active‘ and click the ‘Save Snippet‘ button.

That’s it; plugin and theme editors will no longer be available in the WordPress admin area’s themes and plugins menu. Alternatively, you can modify your wp-config.php file and add the previous code just before the line that states ‘That’s all, stop editing! Happy publishing:

Next, save your modifications and upload the file back to your website. If you do not want to edit the files directly, you can install the Sucuri WordPress plugin, which includes a 1-click hardening option.

Proper Way to Edit WordPress Theme and Plugin Files

Many users use WordPress themes and plugin editors to look up the code, add custom CSS, or edit code in their child themes.

If you only want to add custom CSS to your theme, then you can do so by using the theme customizer located under Appearance » Customize.

Read More Relevant Blog

• How to Fix ‘Failed To Load Resource’ Error in WordPress
• How To Fix “The Link You Followed Has Expired” Error in WordPress
• How to Fix WordPress RSS Feed Errors (Step-by-Step Guide)
• How to Fix Post-Processing of Image Failed Error in WordPress
• How to Block WordPress Referrer Spam in Google Analytics 
• How to Fix WordPress SEO Crawl Budget Problem
• How To Easily Disable the Default WordPress Sitemap
• How to Disable Overflow in WordPress – Remove Horizontal Scroll
• How to Disable WordPress Admin Email Verification Notice
• How to Delay Posts from Looking in the WordPress RSS Feed 

The Final Line

In conclusion, disabling the theme and plugin editors from the WordPress admin panel is a wise step toward improving the security of your website. By avoiding unauthorized access to critical files, you reduce the risk of virus code injections and other potential security violates.

Implementing this measure helps safeguard your website’s integrity and ensures a safer online experience for both you and your visitors. Remember to always prioritize security measures to maintain the trust and reliability of your WordPress site.