How to Disable File Editing in WordPress Admin Area

Easily disable theme and plugin editors in WordPress

Disable File Editing in WordPress

File-editing in WordPress is an obscure feature that allows privileged users to edit plugin and theme files directly from the WordPress admin area. If one gets adventurous, this could result in making a PHP syntax error, thereby causing the site to break. And you would end up losing access to the WordPress admin area.

WordPress built-in plugin and theme editor

The Security Concern With File-Editing Inside WordPress

There is also a strong security case for disabling file editing on a WordPress site. If a hacker gets access to an “Administrator” account on your WordPress site and file editing is enabled, then the attacker can easily use the built-in editor to add malicious code to any theme or plugin files.

To improve website security, it is strongly recommended to disable file editing in WordPress admin area.

Steps to Disable File Editing in WordPress

Here’s how to go about disabling this feature and ensure enhanced security:

You’ll need a text editor, and access to your wp-config.php file (via FTP).

  1. Open up your wp-config.php file in a code editor.
  2. Find the line that says /* That's all, stop editing! Happy blogging. */
  3. Add the following before this line: define( 'DISALLOW_FILE_EDIT', true );.
  4. Save the file.

That’s all! Check and verify in your WordPress dashboard, you should no longer see, the links at “Appearance > Theme File Editor” and “Plugins > Plugin File Editor”.

See Also:

This article is written by Evelyn Allison. Evelyn has over two decades of experience with the big-tech corporate giants. Starting in 2002 with consumer IT remote support, he transitioned into IT enterprise support and systems provisioning for Windows and Linux servers. Her prowess spans her expertise in network security, security audit and scripting-based-automation. Actively involved in web security since 2017, Evelyn has worked with various technologies to secure the web, leveraging tech like Nginx, modsecurity, reverse-proxies, developing web-application-firewalls, on-the-fly asset optimization using Google’s PageSpeed Module and more. Her expertise is reflected in the top-tier plugins and comprehensive consulting-services she offers in the domain of web-security.