How to Disable WordPress Plugin and Theme Editor


WordPress comes with a useful feature, a file editor that allows you to edit your plugins and theme files right from your Dashboard.

All you need to do is to go to Appearance -> Editor to edit your theme files, or to Plugins -> Editor to edit your plugins files.

While the WordPress file editor can come in handy, it can also be dangerous!

If someone other than yourself has an Administrator user role on your WordPress website, and they don’t need to edit code, but start “playing” around anyway in the file editor, for whatever reason, they can break your entire website.

Or worse, they can install malware.

So, since there are other ways to access your WordPress website’s files, it would be safer if you’d disable the WordPress plugin and theme editor from your admin panel.

In this tutorial, I’ll show you how.

1. Disable the WordPress plugin and theme editor via code

I recommend using this method.

Adding a small piece of code is always better than adding yet another plugin. The fewer plugins you have, the better!

So, you’ll have to access your WordPress wp-config.php file, which can’t be accessed via the WordPress editor.

It’s normally found in the WordPress root directory, in /public_html/.

If you’re using and add-on domain, then it should be in /public_html/

Editing the wp-config.php file via cPanel

Once you’ve found the file, open it for editing and add the below code right before this line: /* That's all, stop editing! Happy blogging. */.

define( 'DISALLOW_FILE_EDIT', true );

Save the file and that’s it! The WordPress plugin and theme editor will be disabled.

2. Disable the WordPress plugin and theme editor via plugin

A. If you’re using iThemes Security

Having a security plugin is a must! It’s one of the things to do right after installing WordPress.

And if you’re using iThemes Security or iTheme Security Pro, then it’s a damn good choice!

Now, iThemes Security comes with a great feature that allows you to disable the WordPresss theme and plugin editor. So, you won’t have to add a code, nor an additional plugin!

Here’s how to do it:

1. Go to Security -> Settings from your Dashboard sidebar.

2. Go to WordPress Tweaks.

3. Check Disable File Editor.

4. Click the Save Settings button.

That’s it!

Perhaps other security plugins might have this feature as well, but I don’t know, to be honest, since I’ve always used and recommended iThemes Security.

I really don’t think there’s a better one in order to grab my attention. At least not for me.

B. Install the ‘Disable File Editor’ plugin

I managed to find a plugin that’s not outdated, and that’s Disable File Editor.

You just have to install the plugin and activate it, nothing more, because it doesn’t have any settings.

Once you activate it, the WordPress theme and plugin editor will be disabled!

If you enjoyed this article, then you’ll love Stromonic’s WordPress Hosting platform. Turbocharge your website and get 24/7 support from our veteran team. Our world-class hosting infrastructure focuses on auto-scaling, performance, and security. Let us show you the Stromonic difference! Check out our plans.

About the author

Akash Kohli

Akash Kohli is part of the Stromonic marketing team. With years of content writing experience behind him, it's one of his favorite activities. Akash takes part in the SEO of the Stromonic website and blog. His goal is to write comprehensive posts and guides, always aiming to help our clients with essential information. Akash also has a thirst for knowledge and improvement, which makes the hosting environment a perfect place for him.

Email Newsletter

Subscribe to receive inspiration, news, and ideas in your inbox.