Hi, friends! If you’ve been using WordPress for a definite period of time, you probably know that its admin dashboard includes specific editors allowing to make changes in the code of a theme or a plugin installed on your website.
To reach the plugin editor, go to Plugins – > Plugin Editor, and you’ll see the disclaimer recommending you to create a copy of a file with a new name and hang it to the original file before you make any changes. It will help you to re-enable the functional version if your changes make the plugin stop working or bring any incompatibilities that can break your website.
The same warning is shown to you when you open an editor in the Appearance -> Theme Editor menu. Here it is recommended to create a child theme to make any changes and keep them working even after the future theme updates.
Here’s how the plugin editor looks like. It includes the codes of every installed plugin you have.
And this is the theme editor which contains the code of the active theme you currently use for your WordPress website.
In this post I will show you how to disable the theme and plugin editors in your WordPress dashboard the easy way.
Why disabling WP editors?
It seems great that you can edit the code of your theme or plugin right from your WordPress dashboard, but, as it is stated in the disclaimers, such changes may result in some issues with your website, break your website completely or be the subject to security problems.
The warning messages are shown to you only when you enter the editors for the first time but after that, you are free to make any changes you prefer. This means the integrated editors provide you with the possibility to add any type of code to your website, so if someone hacks your site and gets access to your admin dashboard, they can capture all of your WordPress data.
If your editors are easy to reach, this is a significant threat for your website security, so this insecure situation should be changed. Let’s see how to disable the theme and plugin editors in your WordPress admin dashboard.
How to restrict editing your themes and plugins in WordPress?
If you want to disable the integrated WP editors in your admin dashboard you should connect to your website using the FTP client like File Zilla by entering your login information. Please see the details on how to login to your site using FTP client here.
After that, find a wp-config.php file which is usually located in your website’s root folder. You can learn the purpose of a wp-config.php file in this Important WordPress Files breakdown post.
Open the file and add the following code at the end of it; before the ‘That’s all, stop editing!..’ line:
define( ‘DISALLOW_FILE_EDIT’, true );
When you save the changes, your theme and plugin editors will be removed from your WordPress admin area.
You can also go to Appearance -> Theme Editor and insert this code into your functions.php. This will work the same.
Note: If you don’t want to edit the code completely and you just wish to add custom CSS to make slight changes to the look and behavior of your theme, there’s no need to use the editors. Go to Live WP Customizer and open the Additional CSS section to insert your custom CSS code.
Please read this WP theme customization post to learn more details on how to put additional CSS into your Customizer.
For now, that is all.
I hope this post was helpful for you,
Melany H.
