Disable theme and plugin editors in WordPress admin area
Posted: Mon Jan 20, 2025 9:21 am
Did you know that WordPress has a built-in theme and plugin editor? This simple code editor allows you to edit your theme and plugin files directly from the WordPress dashboard.
While this may sound very helpful, we have seen that the ability to edit files directly can lead to problems such as causing your website to crash, and when combined with other vulnerabilities, it can even lead to potential security issues.
In this article, we'll show you how to disable theme and plugin editors in the WordPress admin area and explain why it's a good idea.
Why should theme and plugin editors be disabled in WordPress?
WordPress has a built-in code editor that allows you to list of belarus cell phone number edit WordPress theme and plugin files directly in the administration area.
The Theme Editor is located on the Appearance » Theme File Editor page . By default, it displays the files of your currently active theme.
Theme file editor in WordPress
The plugin editor is also located on the Plugins » Plugin File Editor page . By default, you will be shown one of your website's installed plugins, listed first in alphabetical order.
Plugin file editor in WordPress
When you visit the theme or plugin editor page for the first time, WordPress warns you that using the editor may break your website.
Theme editor warning in WordPress
In WordPress 4.9, the theme and plugin editors were updated to protect users from accidentally breaking their site. In most cases, the editor will detect a fatal error and revert the changes.
While this may sound very helpful, we have seen that the ability to edit files directly can lead to problems such as causing your website to crash, and when combined with other vulnerabilities, it can even lead to potential security issues.
In this article, we'll show you how to disable theme and plugin editors in the WordPress admin area and explain why it's a good idea.
Why should theme and plugin editors be disabled in WordPress?
WordPress has a built-in code editor that allows you to list of belarus cell phone number edit WordPress theme and plugin files directly in the administration area.
The Theme Editor is located on the Appearance » Theme File Editor page . By default, it displays the files of your currently active theme.
Theme file editor in WordPress
The plugin editor is also located on the Plugins » Plugin File Editor page . By default, you will be shown one of your website's installed plugins, listed first in alphabetical order.
Plugin file editor in WordPress
When you visit the theme or plugin editor page for the first time, WordPress warns you that using the editor may break your website.
Theme editor warning in WordPress
In WordPress 4.9, the theme and plugin editors were updated to protect users from accidentally breaking their site. In most cases, the editor will detect a fatal error and revert the changes.