Are you looking to disable file editor on your WordPress Dashboard? If yes then keeps reading this post. I will explain how you can disable file editor on your WordPress Dashboard to secure your website. disabling of file editor and install will provide extended security to your WordPress website. File editing is one of the awesome features of WordPress that allows you to edit the file right from your WordPress Dashboard rather than using Cpanel or File manager but it is very risky if a hacker got access of your WordPress Dashboard so it is always recommended from my end to disable file editor on WordPress dashbiard.
Why Disable File Editor in WordPress Dashboard-:
As WordPress is more popular CMS, therefore, it is the main target for a hacker. As per Sucuri WordPress accounted for 90 per cent of all hacked CMS sites in 2018. WordPress is very secure by default itself most of the security breach occurs due to the use of theme and plugin from unauthorized sources.
When file editing is enabled on WordPress Dashboard, Administrator users can edit the code of themes and plugins directly from the WordPress dashboard. This is a potential security risk because not everyone has the skills to write code. Ideal Practice is to take the backup of the file and then edit it. if a hacker breaks in, they would have access to all your data. That’s why I recommend disabling it.
If you want file manager feature on your WordPress Dashboard you can Read my Post How to Add WordPress File Manager on WordPress Dashboard. You can also use File Zilla FTP client or you hosting cPanel to take a backup of core file and then edit it.
How to Disable File editor in WordPress-:
WordPress Dashboard allows to edit WordPress core File and Theme from Dashboard itself.it could be risky if a Hacker gets access to your WordPress dashboard and inject malicious code to your WordPress website. A theme and Plugin editor look like as per below image.
It is an awesome feature of WordPress but it is not a recommended method from my end. If you want to edit theme or plugin file login to your cPanel, locate the file and take its backup and then edit it because if something went wrong you will have a backup. You can also use Filezilla FTP client to connect with your hosting to edit core file and upload it, for complete guide read my post How to use FileZilla FTP client with WordPress Hosting.
A hacker can take advantage of Theme and Plugin installer to enter a WordPress website, but do not worry WordPress has a feature to disable theme and plugin install using wp-config.php file. locate your wp-config.php file on your hosting cPanel and take a backup of the wp-config.php file because of its very important file. you can also use FileZilla FTP client with your WordPress Hosting. Add the following line of code to the wp-config.php file.
define( 'DISALLOW_FILE_EDIT', true ); //disables file editor define( 'DISALLOW_FILE_MODS', true ); //disables both file editor and installer
With the addition of the above code, it would be impossible for a hacker to access the theme or plugin editor even with the admin account. If you want to edit your WordPress core file from admin panel which is not recommended remove the above piece of code from your wp-config file.
Conclusion-: Running a self-hosted website is very cost-effective but the only challenge is you have to manage everything with your own like backup and security. wp-config and htaccess are the two most useful and important file for any WordPress website. we can make our website very secure using these two files for more post you can visit the WordPress Security category section of my blog.
If you like my work, Please Share on Social Media! You can Follow WP knol on Facebook, Twitter, Pinterest, Quora and YouTube for latest updates. You may Subscribe to WP Knol Newsletter to get latest updates via Email. You May also Continue Reading my Recent Posts Which Might Interest You.