Do you want to disable file editing from WordPress? WordPress comes with a very useful feature. In this post, we will talk about how you can disable wp-editor from your admin dashboard.
You can easily edit your themes or plugins files through the WordPress admin panel.
Once you are logged in to your site backend you can navigate to Appearance >> Theme Editor or Plugins >> Plugin Editor section and choose the theme or plugins that you need and edit the files as per your requirements.
Although handy, this is dangerous because a single typo can render your website blank. Moreover, you may want to give admin access to people where they just need to play around by changing the code and break the entire site.
In this post, I will show you how you can easily disable these options in 3 easy steps.
Why do you need to disable the theme or plugin editor from your WordPress Panel?
WordPress comes with this feature so that you don’t have to access your server and edit the files. You don’t want to login to your cPanel or FTP server every now and then to make a simple change on your PHP or CSS files.
When you click on the Appearance >> Editor or Plugins >> Editor section you will see a Dialog box where it will warn you that editing the files could break your site. You need to read the instructions and then you can proceed further if you are sure as to what you are doing or else you can Go Back.
The biggest threat with the built-in editor is that it will access each and every file that your themes and plugins have and it is easily accessible for hackers to insert malicious code and get access to all of your data.
So you need to make sure that while granting admin access you are not only providing access to your WordPress site but also giving him full access to your WordPress themes and plugins files which your developer or any person can easily change the code or add malicious code on your site.
How to Disable the editor from the WordPress Admin panel?
You can disable the editor option in 3 ways which you can follow easily without any help of the third person.
The first method is quite easy and I would recommend that you can follow this method.
Disable the editor using the wp-config.php file
You can easily edit the wp-config file and add a piece of code that will disable the theme and plugin editor from your admin panel.
So how you can do this? You can do either by accessing the FTP server or cPanel of your hosting server and locate the wp-config.php file
Modifying the wp-config.php file through an FTP server.
You can modify the file simply by accessing the FTP server with the hostname, username, and password which the hosting provider Bluehost has provided to you.
FileZilla is a great software tool that you can use to access your FTP or SFTP server.
Once you are logged in you need to navigate to the /public_html/ folder and on the root folder, you will find the wp-config.php file.
You need to edit the wp-config.php file and paste the following code.
/** Disable File Editor */
define( ‘DISALLOW_FILE_EDIT’, true );
Once adding the code, save the file and upload it to your server.
Now, the theme and plugin editor has been disabled from your admin panel.
Modifying the wp-config.php file through the cPanel server.
Editing the cPanel can be easier for some people. The first step is you need to access your cPanel hosting server which is provided by your hosting partner Bluehost with cPanel URL, username, and password.
First, you need to log in then you need to click on the File Manager option located on the cPanel Dashboard.
Secondly, it will redirect to the root directory of your theme files where you will find the wp-config.php file.
You can also make sure that you are redirected to /public_html/ folder where all of your themes and plugins folders are located.
Finally, find the wp-config.php file and edit it by adding the following code.
/** Disable File Editor */
define( ‘DISALLOW_FILE_EDIT’, true );
And Click on Save Settings. That’s it.
Disable the editor using the iThemes Security plugin
For those who are extra cautious with their WordPress and have installed iThemes security plugin which is a great choice then there is a feature that can disable the theme and plugin editor from the site backend.
Once you install the iThemes plugin then you don’t need to access an FTP server or cPanel and edit the wp-config.php file.
The iThemes Security plugin has the feature which will disable the theme and plugin editor.
You just need to navigate to the Security >> Settings from your admin dashboard panel.
Go to WordPress Tweaks and click on Configure Settings.
Check Disable File Editor option and Save Settings. That’s it, the themes and plugins editor has been disabled from your admin panel.
There might be some other plugins that could have a similar feature. I would recommend having a high-rated security plugin with advanced features which come with the iThemes Security plugin.
Install ‘Disable File Editor’ Plugin
I see that this plugin is not tested with the latest WordPress version. Still, I have mentioned this method in this post in case none of the above methods worked on your site.
You can install the Disable File Editor plugin and that’s it, your theme and plugin editor gets disabled. There is no setting managed by this plugin. You can install the plugin and your file editor for themes and plugins get disabled.
But I would mention that since this plugin is no longer in use. Thus not tested with the latest WordPress 5 version. I would recommend you not to use this plugin. If you have a large amount of data this can lead to outdated codes and vulnerabilities.
Conclusion
I hope you liked this post, and I would love to hear from you. Please let us know which method you are using to disable the file editing on the WordPress dashboard.
If you find the file editing missing you can follow this step as to how to enable theme editor in WordPress?
I would really appreciate it if you share this post on Facebook and Twitter. Thanks for your time and Take care!