By default WordPress allows users to edit the theme and plugin codes through the admin panel. While it is a handy feature, it can be very dangerous as well. A simple typo can end up locking you out of your site unless ofcourse you have the FTP access. To prevent clients from screwing up the site, it is best to disable the theme and plugin editors from the WordPress admin panel. In this article, we will share with you a one line code that will disable theme and plugin editors functionality from WordPress.
All you have to do is open your wp-config.php file and paste the following code:
define( 'DISALLOW_FILE_EDIT', true );
And you are done.
One of our users pointed out that if you paste this code in the theme’s functions.php file, it also works.
Hello there! I have the opposite problem I need to add a CSS code in the editor BUT the editor disappeared.
Do you have any suggestions?
thanks a lot
cheers
Thank you for all the tips and helpful advice. This is the go to for me in case I get stuck. Thanks.
Unfortunately this isn’t working for me, I have updated the wp-config.php file but the editor option is still there in my wp dashboard, can you suggest me something?
Hi Raj,
I had the same issue, but was able to fix it. Not sure if this is your same issue, but I realized that when copy/pasting from an internet post, sometimes the single/double quotation marks (‘ ‘) or (” “) may be a curly quote vs. a straight quote. Try deleting the single quotes, and retyping them.
Hope this helps!
-Dave
Is it possible disable save option for all? I want show control panel for my clients, but I do not want that they save the changes.
A trillion thank you’s!!
This tiny piece of code has rocked my world!
How have I not come across you in the past??
Keep smiling – Bella
hi
I want to disable paste command ( through mouse and ctr+v)in my php file in theme editor. So that i can write code not copy any code from outside.I want to give access manual code writing . please help me
define(‘DISALLOW_FILE_EDIT’, true); this function will work on themes/functions.php if i paste the code in wordpress
It works, Thanks.
Hi there just wondering if anyone found a way to get around this without access as we have paid $1800 for some to set up a Website that is just a theme with out any changes made to it and wants to be paid more to unlock the editor for us
Please help!!
If you have FTP access, or access to the hosting control panel, then you can easily edit the wp-config.php file and remove the code:
Hi, well I was hacked yesterday by someone who installed MonsterInsights plugin to my web site, BUT, the line of code you suggest was already installed on wp-config.
So any suggestions for stopping these
Cheers
Hi Graham,
If you suspect that your website may be hacked, then please see our guide on recovering a hacked WordPress site. You may also want to follow our complete WordPress security guide to protect your website in the future.
define( ‘DISALLOW_FILE_EDIT’, true );
This one disable the editor for complete pages. I need to disable only for home page and for particular user(for Ex: Editor) . Coz I used page builder. My clients are not intrested to look over that..
Can any one help me ….
I can also confirm that this works when the line is added to a Site-Specific Plugin – which you’ll also find the recipe for here on WPBeginner…
… so Thanks to you folks for all of it!
Hey there! My cheeky developer has done this to me and I need access… is there a way to “undo” this clever trick without having FTP access?
I am also a developer and able to edit the files without any issues, but my contracted developer wants to charge me to access the code… so I am hoping I can jump in somehow!
Mel
Did you contract for ‘all deliverables’? If so, have him deliver the FTP password – it’s a deliverable. (It’s a contract, so it can be enforced by a court. You may not be able to sue for specific action, but you can sue for whatever it will cost to have another developer create a new site that’s exactly like the old one [which will probably bankrupt your existing developer – so it will make him prone to turn everything over to you].)
If you didn’t have ‘all deliverables’ included in the contract, or don’t have a signed contract, consider it a cheap legal lesson. (Law school costs a lot more.)
while reading this post I was wondering why would anyone need to hide the editor link in the WordPress Admin because it is only the administrators who gain access to those links and if they do not get permission to do the things the required, what’s the use? anywhere realize that is good with it helpful when you are setting up blogs for you clients. Thanks for the good tips.
This is an excellent tip – and it worked fine for me adding the line to the functions.php file in my twentytwelve-child-theme’s folder. I still see options for customizing the theme (header, background, etc.) – but the “editor” links are now gone. (I had to press CTRL-R to force a page reload to make them disappear.)
I always try to remove everything from the backend that a client really shouldn’t be messing with, and those plugin & theme editors are just inviting disaster! It’s wonderful to be able to remove them with a single line of code…
I really appreciate these tips that edit child-theme functions and files to accomplish something rather than just recommending another plugin – though I realize this departs a bit from the “beginner” stuff.
And if you haven’t had this request a thousand times already, I’d love to see you folks open a “WPAdvanced” site for us hard-core folks!
Thanks for the feedback Mark. Yes, we have gotten the request for WPAdvanced in the past. For now our focus is to continue to improve WPBeginner (we’re still not there yet).
-Syed
A problem encountered with this technique is that it also prevents anyone from upgrading the outdated plugins. Any ideas on that, besides disabling the addition to the wp-config file, upgrading, then restoring the hardened security?
That’s interesting. We have this code running on our site, and we can do 1-click upgrades.
Hi, thanks for the tip, yes, it works on functions.php file.
But this code turn me off my theme options page :(…, is there any other code that only hide editors or something to put in the options page for avoid hidding?
All you have to do is open your wp-config.php file and paste the code!
99% of my clients are non-technical