The WordPress editors are useful tools for those who know what they’re doing in code. A person can make quick changes to themes and plugins without the use of third-party software. However, it can also lead to a world of trouble in the hands of the wrong person.
This is why many developers disable the WordPress editors for their websites. It prevents other users from making accidental changes to files, which could ultimately lead to a broken website.
In this tutorial, I’ll show you how to disable WordPress editors for themes as well as plugins. And all it takes is a simple line of code.
Lock the WordPress Editor in wp-config.php
Today, we’ll add a bit of coding to the wp-config.php file of your website. This will disable the editors in the admin screen of WordPress.
You have several methods available for accessing the wp-config.php file. Many people like using FTP programs like FileZilla. This is a useful tool as it gives you the means to directly access online website files from your computer.
To keep things quick and easy, I’m going to use the File Manager from cPanel.
Add this code to the wp-config.php file:[ht_message mstyle=”info” title=”” show_icon=”” id=”” class=”” style=”” ]define( ‘DISALLOW_FILE_EDIT’, true );[/ht_message]
After saving the file, both the theme and plugin editors are removed from the system. If you have the WordPress admin screen open, simply refresh to see the changes.
Some users may also put this code in the functions.php file of a theme.
An important thing to keep in mind is how updates can remove any custom coding changes. If you want to include this code in a theme, I suggest creating a child as it keeps it protected from updates.
Why Remove the WordPress Editors?
Not everyone needs access to the coding editors of WordPress. All it takes is the slightest misspelling or improper coding element to crash a site or leave it open to hackers.
In reality, the only ones who should have access to the code of WordPress itself are those who are developing the site.
Keeps Themes and Plugins Safe from Unauthorized Access
You can create custom user roles to remove certain abilities or access specific areas of WordPress. However, these aren’t always the best ways to handle code editing. Perhaps you have people who need admin privileges who do not need to access the editors.
Prevent Client Changes
If you create WordPress sites for clients, most of the time they don’t know how to code anyways. The last thing you want is to have someone poking around and making changes without informing you.
It’s better to prevent the problem in the first place than to spend hours, if not days, trying to fix a site a client broke by changing files.
Keeping the Site Safe
Disabling the WordPress editors is a simple way to keep the site safe from users. It can also prevent a hacker from making changes should he or she gain access to a user’s account. In any case, removing the ability to make these changes is just another way to protect the site.
What kind of security measures do you have in place for your website? How often do users try to make changes to themes and plugins without telling you?