WordPress admin panel has plenty of options to manage important things from the frontend. Frankly, certain options are not supposed to be part of the frontend. Theme and plugin editor are two such options that may cause you trouble using from the admin frontend. However, it is easy to disable theme and plugin editor in WordPress admin panel and we will explain how to do this in this article.
Theme and Plugin Editors
After logging into your admin panel navigate to “Appearance > Theme Editor” to view all theme files. You can go to theme editor to modify core theme files like functions.php, header.php, single.php, etc.
Similarly, go to “Plugins > Plugin Editor” to view plugin editor. You can modify all the available plugin’s core files from plugin editor.
Default Warnings When Accessing
When you access theme editor, WordPress will show you a warning message to modify the CSS using live customize option. However, many people use theme editor to modify theme’s core PHP files.
Similarly, plugin editor also show warning when you access the page. This will be more serious warning than theme editor page.
You can also find a clear warning that making changes to active plugins is not recommended.
Why You Should Disable Theme and Plugin Editor in WordPress Admin Panel?
There are multiple reasons for disabling theme and plugin editor from your frontend.
- With so many warnings, we do not see the purpose of the editors available in the frontend. Instead of warning it is better to disable the editors. People can use FTP or File Manager from hosting account to access the files.
- Entire site including admin panel will not be accessible when you wrongly add functions in functions.php.
- Anyone having admin panel password can modify and show some different content through your site. This is especially a problem when multiple people maintains your website.
- If your site is compromised and hacked by someone, theme and plugin editors are one of the first target to change the file content.
For safety and security reasons, it is a good idea to disable theme and plugin editors from admin panel.
How to Disable Theme and Plugin Editor in WordPress Admin Panel?
You have to add the following code in your config.php file in order to disable the editors.
//Disable File Edits define('DISALLOW_FILE_EDIT', true);
You can do this in two ways.
- Login to your FTP account and go to your WordPress installation root.
- Locate wp-config.php file and edit using a plain text editor.
- Add the code before the line that says that’s all stop editing.
- Save and upload the file back to your server.
Now, check in WordPress admin panel and you will not see both theme and plugin editors menu.
Using File Manager
If you do not have access to FTP account, you can modify wp-config.php file from your hosting account.
- Login to you hosting account. Depending upon the setup, find File Manager app under your site settings or cPanel. For example in Bluehost, you can find “File Manager” app under “Advanced” section after logging into your account.
- Locate wp-config.php file, select the file and click on the edit link.
- Select UTF-8 encoding and click on the edit button.
- Add the above code and save your changes.
Using Plugin to Disable Theme and Plugin Editors
If you do not want to modify the files, there are plugins to disable the editors. Most of the security plugins offer this as it is an important security feature to protect your dashboard. We recommend the free All In One WP Security and Firewall plugin that has high reputation.
- Install and activate the plugin.
- Go to “WP Security > Filesystem Security” section.
- Under “PHP File Editing” tab, enable the option “Disable Ability to Edit PHP Files”.
Save your settings to remove the theme and plugin editors menu. The plugin also offer an option to backup and upload your own wp-config.php file under “Settings” section. So, you can use this to modify the configuration file.
Will This Impact Anything Else?
Disabling PHP file editing will impact plugins and themes that have options to modify files. Remember, disabling PHP file editing will not only remove theme and plugin editor menus from the admin panel but also completely disable admin users ability to modify PHP files. This can create some restrictions. For example, the popular GeneratePress theme offers element hooks to insert PHP codes into the template. Functions like this will not work if you have disabled file editing with wp-config.php entry.