Securing WordPress - Disabling Theme and Plugin Editors

  • Share this:
Securing WordPress - Disabling Theme and Plugin Editors


When you log into your WordPress dashboard on a fresh install, you can edit your core theme files as well as your plugin files directly from the WordPress dashboard. Which is quite risky. In this short article, we'll learn how to disable Theme and Plugin editors from the WordPress dashboard.

Security risk with enabled Editors

If someone somehow gained access to your WordPress website & with the enabled Plugin and theme Editors. They can use or edit any of the code they want. They won't need any FTP or SFTP access to exploit your website.

Easy Fix

In your wp-config.php file, add the following line, save back your file & set your mind free from this security risk.

define('DISALLOW_FILE_EDIT', true);

Final thoughts

While creating a WordPress websites, its really important to take care of these small security measures in order to prevent any loss of data.

If you have any queries, comment below. You can also follow us on Twitter.

Usama Muneer

Usama Muneer

A web enthusiastic, self-motivated & detail-oriented professional Full-Stack Web Developer from Karachi, Pakistan with experience in developing applications using JavaScript, WordPress & Laravel specifically. Loves to write on different web technologies with an equally useful skill to make some sense out of it.