We know that, WordPress is secure when used the latest version of it. Also, when some vulnerability comes up, it will be patched in the version update too. But, is it really secure? We don’t think so. One of the way that WordPress is not secure is the ability to change the theme and plugin code through the WordPress dashboard. By default, when there are other users in your site, having different permissions, such as an editor role, can easily edit the theme and plugin files through their WordPress dashboard, which sometimes may create the security issue, since, they may inject the unnecessary and malicious code in the theme’s or plugin’s file, which may lead to the WordPress security issue. So, here we will provide the function to disable file edits in WordPress through the dashboard, which is below:
define('DISALLOW_FILE_EDIT', true); // disabling the option to edit the theme and plugin files through WordPress dashboard
The above provided code needs to be inserted in your wp-config.php file, which can be kept just above the code shown below in that file:
/* That's all, stop editing! Happy blogging. */
The image of your WordPress dashboard before applying the above provided code would be like below:
Here, from the above image, we can easily see that the file edit of the theme’s and plugin’s is easily possible through the WordPress dashboard. Hence, it is better to make this fix in your WordPress install if you provide the ability for the users to register for your site to make it more secure. So, if you want to use that code and applied it to your site, then, after applying the above provided code, then your WordPress dashboard will be seen like below:
From the above image, now it is clear that the user does not have the permission to edit the theme and plugin files directly, since they could not see that section at all, from which you can say that your WordPress site is now secure from one respect.
In case, if you could not find where to add the above provided code in your wp-config.php file, then, this below image may assist you to add the provided code in exact place of your file, to disable file edits through the WordPress dashboard:
Now, if you have followed the above tutorial properly for your site, then, we can conclude that your WordPress site is secure from one respect, which is disable file edits from WordPress dashboard. So, for this security issue, since it is fixed and can’t be reverted back until the users have the FTP access to your site, now you can relax and look for the other security issue too for your site to be fixed.