Disable the theme / plugin editor

Protection Requirement:

SPECIAL

>

Skills/Resources:

>Edit system files
>Text editor

THE THREAT
Anyone with access to your WordPress admin can edit your theme or plugin files and insert their own malicious code, replace a template file into a PHP uploader and upload more files or change file permissions without your knowledge.

THE OBJECTIVE
Disabling the built-in Theme and Plugin text editor inside of WordPress to ensure that these unauthorised people aren’t able to modify your Theme or Plugin code in any way.

Only recommended if you have a concern with others with access to your WordPress admin.

This will also restrict your own access which is not really an issue if you do not need to make changes very often.

PROPOSED SOLUTION
Locate the file called wp-config.php (normally in the root of the directory where WordPress has been installed) and add the following code into that file:

/* disable theme editor and plugin editor */
define( ‘DISALLOW_FILE_EDIT’, true );
define( ‘DISALLOW_FILE_MODS’, true );

Once disabled, you should no longer be able to edit files inside of the WordPress admin panel.

MORE ADVANCED
none

NEED HELP?
If you need help implementing this and other security measures then Virtual Webmaster Services can help. Visit Virtual Webmaster Services

MORE INFORMATION
none