Securing WordPress – Disabling Theme and Plugin Editors

Last Updated at : July 25, 2017 By - Usama Muneer | 2026


    When you log into your WordPress dashboard on a fresh install, you can edit your core theme files as well as your plugin files directly from the WordPress dashboard. Which is quite risky. In this short article, we’ll learn how to disable Theme and Plugin editors from the WordPress dashboard.

    Security risk with enabled Editors

    If someone somehow gained access to your WordPress website & with the enabled Plugin and theme Editors. They can use or edit any of the code they want. They won’t need any FTP or SFTP access to exploit your website.

    Easy Fix

    In your wp-config.php file, add the following line, save back your file & set your mind free from this security risk.

    define('DISALLOW_FILE_EDIT', true);

    Final thoughts

    While creating a WordPress websites, its really important to take care of these small security measures in order to prevent any loss of data.

    If you have any queries, comment below. You can also follow us on Twitter.

    blog user
    Usama Muneer

    A web enthusiastic, self-motivated & detail-oriented professional Full-Stack Web Developer from Karachi, Pakistan with experience in developing applications using JavaScript, WordPress & Laravel specifically. Loves to write on different web technologies with an equally useful skill to make some sense out of it.

    Related Posts

    You are in constant danger. Maybe you do not realise. Maybe you are very naive and you think you are not going to attack, because you have nothing important to be attacked.

    If you're running a WordPress website or blog, its always a good practice to setup some sort of security for your admin area & restrict access for smart users.

    Generating random strings is usually part of almost every application. But securely generating these strings is what matters.