Login Start for free
Login Start for free
Blog / WordPress/ How to Disable Theme and Plugin Editing in WordPress Admin

How to Disable Theme and Plugin Editing in WordPress Admin

2020-03-29 · Ryan · Post Comment
WordPress后台禁止编辑主题和插件

Why Disable the Backend Editor?

WordPress allows users with sufficient permissions (like administrators) to edit theme and plugin source code directly from the admin panel. While convenient for quick debugging, disabling this feature on a live site is crucial for security and stability.

  • Prevent Accidents: Avoid accidental edits to critical code that could break the site or cause a white screen.
  • Enhance Security: If an admin account is compromised, attackers cannot directly tamper with theme or plugin files via the backend.
  • Maintain Code Consistency: Forces all code changes through version control (like Git) or FTP/SFTP, making changes easier to track and manage.

How to Disable Backend Editing

You can disable this feature by adding a single line of code to your WordPress configuration file.

Method 1: Disable File Editing Only

This method disables the Theme Editor (Appearance → Theme Editor) and Plugin Editor (Plugins → Plugin Editor). Users can still install, update, and delete themes and plugins.

Add the following code to your site's root wp-config.php file, typically near define('WP_DEBUG', false);:

// Disable theme and plugin file editing in the WordPress admin
define('DISALLOW_FILE_EDIT', true);

Method 2: Disable All File Modifications

This stricter method completely disables installing, updating, deleting, and editing themes and plugins from the WordPress admin. All modifications must be made via the server's file system.

Add this code to your wp-config.php file:

// Disable all file modifications (install, update, edit) in the WordPress admin
define('DISALLOW_FILE_MODS', true);

Note: After adding the code, refresh your admin dashboard. The corresponding editor menus will be hidden or disabled.

Best Practices & Warnings

  • Backup First: Always back up your wp-config.php file before editing.
  • Code Placement: Add the code after the opening <?php tag and before the /* That's all, stop editing! Happy publishing. */ comment.
  • Environment Strategy: Keep editing enabled in development/staging environments for debugging. Disable it only on the live production site.
  • Complementary Measure: This setting supplements, but does not replace, proper user role and capability management. Grant administrator privileges sparingly.

Post a Comment

Your email will not be published. Required fields are marked with *.