How to Disable WordPress Plugin and Theme Editors from the Admin Area
Do you want to disable WordPress plugin and theme editors? If yes then this article is for you. WordPress comes with built-in editors for the themes and plugins. You can find the theme editor at Appearance>>Theme Editor Page and the plugin editor at Plugins>>Plugin Editor Page. This is a plain code that enables you to edit the theme and plugin files from the dashboard. Although this can be helpful it can also lead to some issues as well as vulnerabilities.
Why disable the plugin and theme editors?
When you open the theme editor you will see all the active theme files. The case is the same when you open the Plugin Editor page. Visiting the editors for the first time will give you a warning that using the editor might break your website. This is why the editors in WordPress 4.9 both themes and plugin editors were upgraded to protect you from breaking your website by accident. In case of a fatal error, the editor will revert back the changes. But this did not always happen.
The main reason you might want to disable WordPress plugin and theme editor is because they give you full access to add any code that you want to your site. What this means is that a hacker can easily use the editor to access all your WordPress data. Hackers can also edit your themes or plugins so that they distribute malware or even launch DDOS attacks from your website. Removing the built-in editors thus improves the security of your website.
How to disable the editor
It is easy to disable WordPress plugin and theme editors from your admin area. You need to edit the wp-config.php file and paste it to the code before the line that says “That’s all, stop editing! Happy Publishing”
define ( ‘DISALLOW_FILE_EDIT’, true );
After pasting go ahead and save the changes and upload the file to your site. After this the plugin and theme editors will disappear from the plugins and themes menus in your WordPress admin area. The above line of code can also be added to the functions.php file if yours is a site-specific plugin or by using the code snippets plugin.
Most people use the plugin and theme editors to add custom CSS, look up the code or edit code in their child themes. If what you want to do is add a custom CSS to your theme, you can do this using the theme customizer under Appearance>>Customize. You can look up the code in your plugins using the FTP client.