Do you know WordPress comes with a built-in feature to edit your theme and plugin from your dashboard? Well, it’s a very useful option to edit your theme or plugin directly from the WordPress dashboard.
But it can be a serious security issue if a hacker accesses your site dashboard. They could easily add malicious code to the theme and plugin file and hack your site.
So, In this article, we will describe how you can find the theme and plugin editors in the admin dashboard and how you can disable them from the WordPress admin area.
We are all familiar with the WordPress built-in code-editor feature already. This feature allows users to edit WordPress theme and plugin files directly from the admin area. But along with some positive side, this feature also can cause some significant security risks. If a hacker gains access to your WordPress blog dashboard and pushes any type of envious code on the theme or plugin editor, it can break your full site or even you may lose your admin access to your website. Hence it is essential to disable the theme and plugin editors option from the WordPress admin panel to secure your coding files.
Also, theme and plugin editors can be dangerous to your site maintenance. Suppose, you have multiple administrators on your site and one of the administrators inadvertently edits a file they shouldn’t, the site could be compromised. Even if you give your access to the admin dashboard, although the actions might not be malicious, they can still cause untold damage.
To find WordPress themes and plugin editors, first, you have to log in to your dashboard. From there, to find the theme editor you need to go to Appearance ► Theme Editor.
When you click on the Theme Editor option, for the first time WordPress gives you a warning message that “Editing your theme directly can break your site and your changes may be lost in future updates.” Now, if you click on the “I understand” button, it will show your current active theme’s code.
Similarly, you can go to the plugin Editor by going to the Plugins ► Plugin Editor page. Now when you click on the Plugin Editor option you will get the same warning message you have seen in the Theme editor option. Here, it will view one of the installed plugins that appear first in alphabetical order.
The biggest drawback of this function is that anyone can apply any sort of code to your website. Moreover, it can also be used by hackers to initiate DDoS attacks against your website.
So we advise you to disable theme and plugin editors in your admin area.
The process of Disabling the theme and plugin editors is quite simple.
define( 'DISALLOW_FILE_EDIT', true );
After putting this code on the file, it will look like the below screenshot,
That’s all, isn’t it an easy process!
Now, unfortunately, many users still use WordPress theme and plugin editors to apply custom CSS or modify HTML on the file.
For this purpose, we would recommend you use the WordPress Customizer to add any kind of functionality to your site. To get a clear idea about theme customizer you can read our complete guide on “How to Use WordPress Customizer“.
In the end, disabling the theme and plugin editor from the admin area will make the barrier between the source code of your theme and plugin file and the malicious code of hackers. Also, it will reduce the risk of damage to your website from authorized access.
To learn more about WordPress, you may check our WordPress Tips and How-To’s to know more about WordPress.
If this article will help you, then please subscribe to our YouTube channel to get more tutorials related to WordPress. You may join our Facebook page to update yourself with more tips, solutions, offers and so on.
You may also ask any questions related to it in the comment or want us to write on some specific topics you have in your mind. We appreciate your further comments, support or suggestions!