By default it is possible in Wordpress to edit your plugin code and theme.
which can be very useful to make changes quickly. Because of this
However, a malicious person can also modify your website without accessing
to the files on the server.
To improve the security of your website, you can choose to use the
Enable option disalow_file_edit for Wordpress. If this option is
enabled, you can no longer make code changes to the theme
or the plugins. To do this, you need to create or modify a rule in your
wp-config.php file from Wordpress.
Note: some plugins like iThemes security and Wordfence already have
built in a function to apply this to you. If you use one of these
plugins used, this function may already be enabled. Check
this first before you follow the manual.
When customizing functions to your Wordpress files it is always
recommended to make a backup in advance. You can make this via
Turn on option manually
First you connect to the site via sFTP. Then you go to
your wp-config.php file from the site, it can be found in the default
Wordpress folder at /wordpress/current/. Download the file, and search
first on whether the next line already exists:
define('DISALLOW_FILE_EDIT', true ); or define('DISALLOW_FILE_EDIT',
If the rule exists, and it's set to true, then you don't have to do anything about it yourself.
fit. The line is already enabled in this case. If the rule is set to false,
then adjust your true to false as a rule.
If the rule doesn't exist, you can still add the rule by adding
put the next line in your configuration:
define('DISALLOW_FILE_EDIT', true );
Save your changes, and replace the wp-config.php file on the server
with the version you just created. After this you clear the cache of
your Wordpress website. The change will be active immediately after that.