To tighten security of your WordPress site, you can disable users’ ability to edit your theme and plug-in files. After all, isn’t that what your web development team should be doing? How are you capturing updates to your site’s files if you allow this and you don’t commit changes to the code repository? It’s never a good idea to alter code through this editor, except for really small sites with a single admin user who is determined to do things on his or her own.
Just simply place this snippet inside your WordPress’s wp-config.php file to deactivate the file editing features in your WordPress admin section:
1 2 3 | define('DISALLOW_FILE_EDIT',true); |
