By default it is possible in Wordpress to edit your plugin code and theme.

which can be very useful to make changes quickly. Because of this 

However, a malicious person can also modify your website without accessing 

to the files on the server. 

To improve the security of your website, you can choose to use the

Enable option disalow_file_edit for Wordpress. If this option is 

enabled, you can no longer make code changes to the theme 

or the plugins. To do this, you need to create or modify a rule in your 

wp-config.php file from Wordpress. 

Note: some plugins like iThemes security and Wordfence already have 

built in a function to apply this to you. If you use one of these 

plugins used, this function may already be enabled. Check

this first before you follow the manual. 

When customizing functions to your Wordpress files it is always 

recommended to make a backup in advance. You can make this via 

Turn on option manually

First you connect to the site via sFTP. Then you go to 

your wp-config.php file from the site, it can be found in the default 

Wordpress folder at /wordpress/current/. Download the file, and search 

first on whether the next line already exists: 

define('DISALLOW_FILE_EDIT', true ); or define('DISALLOW_FILE_EDIT', 

false );

If the rule exists, and it's set to true, then you don't have to do anything about it yourself. 

fit. The line is already enabled in this case. If the rule is set to false,

then adjust your true to false as a rule. 

If the rule doesn't exist, you can still add the rule by adding 

put the next line in your configuration: 

define('DISALLOW_FILE_EDIT', true ); 

Save your changes, and replace the wp-config.php file on the server 

with the version you just created. After this you clear the cache of

your Wordpress website. The change will be active immediately after that.