How to disable theme and plugin editing in WordPress admin page – Learn WordPress from a to z

Did you know WordPress comes with a built-in theme editor and plugin? The code editor allows you to edit your theme and plugin files directly from the WordPress dashboard.

Editing is quite helpful, but it can also lead to problems like website crashes and potential security issues.

In this article, I will explain why and how to disable the theme and plugin editors from the WordPress admin area.

Why disable the theme editor and plugin in WordPress?

WordPress comes with a built-in code editor that allows you to edit WordPress theme and plugin files directly from the admin area.

The theme editor is located on Appearance »  Theme Editor page . By default, it will display your currently active theme’s files.

Similarly, you can view the plugin editor at Plugins » Plugin Editor page . By default, it will show one of the plugins that appear first in alphabetical order.

If you are accessing the theme or plugin editor for the first time, WordPress will warn you that using the editor can damage your site.

Theme and plugin editor in WordPress 4.9

In WordPress 4.9, the theme editors and plugins have been upgraded to protect users from accidentally crashing their sites. Usually, the editor will encounter a fatal error and will undo the changes.

However, this is not guaranteed and you may lose access to Admin.

The biggest problem with the built-in file editor is that it allows full access to add any kind of code to your site.

If a hacker breaks into your WordPress admin area, then they can use the built-in editor to gain access to all your WordPress data.

Hackers can also use it to spread malware or launch DDOS attacks from your WordPress site.

To improve the security of WordPress, we recommend that you completely remove the built-in file editors.

How to Disable Theme Editor and Plugins in WordPress

Disabling the theme editor and plugin in WordPress is quite easy.

Just edit the wp-config.php file and paste the following code before the That’s all, stop editing! Happy publishing line :

define( 'DISALLOW_FILE_EDIT', true );<div><span>1</span></div>

You can now save your changes and upload the file back to your website.

The editor will disappear from the themes and plugins menu in the WordPress admin area.

You can also add this line of code to your theme’s functions.php file.

If you don’t want to directly edit the file, then you can install the Sucuri WordPress plugin which provides 1-click hardening.

The right way to edit WordPress theme and plugin files

Many users actually use the WordPress theme and plugin editor to look up code, add custom CSS, or edit code in their child themes.

If you just want to add custom CSS to your theme, you can use the theme customizer located under Appearance »  Customize .

If you want to look up the code in a plugin, then you can use the FTP Client application.

Epilogue

I hope you were able to disable Theme and Plugin editor easily.

If you find it interesting, you can follow the  WordPress basics section  to know more new knowledge.

Follow fanpage to receive the latest posts:  Group