WordPress has a default functionality that allows the administrators to make changes to the theme and the plugin files by directly accessing the dashboard. Although this is convenient, in case an account is compromised, this could pose a serious security risk. In this brief tutorial, we are going to demonstrate the steps required to turn off file editing on the WordPress administration screen with just a simple configuration change.
You have to make amendments to the file wp-config.php that is found in the root folder of your WordPress installation.
Insert the line of the code below the line, which is /* That's all, stop editing! Happy blogging. */.
define( 'DISALLOW_FILE_EDIT', true );Click save and reload your WordPress dashboard. The Theme Editor and Plugin Editor will not be provided anymore.
File editing should be disabled as it can help in the prevention of malicious code injection, and it is also a good security practice that should be observed by all WordPress websites.
