By default it is possible in Wordpress to edit your plugin code and theme. Which can be very useful to make changes quickly. Because of this however, a malicious person can also modify your website without accessing to the files on the server.
To improve the security of your website, you can choose to use the enable option disalow_file_edit for Wordpress. If this option is enabled, you can no longer make code changes to the theme or the plugins. To do this, you need to create or modify a rule in your wp-config.php file from Wordpress.
Note: some plugins like iThemes security and Wordfence already have built in a function to apply this to you. If you use one of these plugins used, this function may already be enabled. Check this first before you follow the manual.
When customizing functions to your Wordpress files it is always recommended to make a backup in advance. You can make this via admin.savvii.com.
Turn on option manually
First you connect to the site via sFTP. Then you go to your wp-config.php file from the site, it can be found in the default Wordpress folder at /wordpress/current/. Download the file, and search first on whether the next line already exists:
define('DISALLOW_FILE_EDIT', true ); or define('DISALLOW_FILE_EDIT', false );
If the rule exists, and it's set to true, then you don't have to do anything about it yourself. fit. The line is already enabled in this case. If the rule is set to false, then adjust your true to false as a rule.
If the rule doesn't exist, you can still add the rule by adding put the next line in your configuration:
define('DISALLOW_FILE_EDIT', true );
Save your changes, and replace the wp-config.php file on the server with the version you just created. After this you clear the cache of your Wordpress website. The change will be active immediately after that.