WPBeginner

Beginner's Guide for WordPress

  • Blog
    • Beginners Guide
    • News
    • Opinion
    • Showcase
    • Themes
    • Tutorials
    • WordPress Plugins
  • Start Here
    • How to Start a Blog
    • Create a Website
    • Start an Online Store
    • Best Website Builder
    • Email Marketing
    • WordPress Hosting
    • Business Name Ideas
  • Deals
    • Bluehost Coupon
    • SiteGround Coupon
    • WP Engine Coupon
    • HostGator Coupon
    • Domain.com Coupon
    • Constant Contact
    • View All Deals »
  • Glossary
  • Videos
  • Products
X
☰
Beginner's Guide for WordPress / Start your WordPress Blog in minutes
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
Recommended
WordPress Plugins
View all Guides

WPBeginner» Blog» Tutorials» How to Disable Theme and Plugin Editors from WordPress Admin Panel

How to Disable Theme and Plugin Editors from WordPress Admin Panel

Last updated on April 18th, 2019 by Editorial Staff
249 Shares
Share
Tweet
Share
Pin
Free WordPress Video Tutorials on YouTube by WPBeginner
How to Disable Theme and Plugin Editors from WordPress Admin Panel

Did you know that WordPress comes with a built-in theme and plugin editor? This plain code editor allows you to edit your theme and plugin files directly from the WordPress dashboard.

Now, this may sound really helpful, but it can also lead to issues such as breaking your site and potential security issues when combined with other vulnerabilities.

In this article, we will explain why and how to disable theme and plugin editors from the WordPress admin area.

Disable theme and plugin editors in WordPress admin area

Why Disable Theme and Plugin Editors in WordPress?

WordPress comes with a built-in code editor which allows you to edit WordPress theme and plugin files directly from the admin area.

The theme editor is located at Appearance » Theme Editor page. By default, it will show your currently active theme’s files.

Theme editor in WordPress

Similarly, the plugin editor can be seen at Plugins » Plugin Editor page. By default, it will show you one of the installed plugins from your site that comes up first in the alphabatical order.

Plugin editor in WordPress

If you visit the theme or plugin editor page for the first time, WordPress will warn you that using the editor can break your website.

Theme editor warning in WordPress

In WordPress 4.9, theme and plugin editors were upgraded to protect users from accidentally breaking their website. In most cases, the editor will catch a fatal error and will revert back the changes.

However, this is not guaranteed and some code may still slip through and you would end up losing access to the WordPress admin area.

The biggest problem with the built-in file editor is that it gives full access to add any kind of code to your website.

If a hacker broke into your WordPress admin area, then they can use the built-in editor to gain access to all your WordPress data.

Hackers can also use it to distribute malware or launch DDOS attacks from your WordPress website.

To improve WordPress security, we recommend removing the built-in file editors completely.

That being said, let’s see how to easily disable theme and plugin editors in WordPress.

How to Disable Theme and Plugin Editors in WordPress

Disabling theme and plugin editors in WordPress is quite easy.

Simply edit your wp-config.php file and paste the following code just before the line that says ‘That’s all, stop editing! Happy publishing’ :

define( 'DISALLOW_FILE_EDIT', true );

You can now save your changes and upload the file back to your website.

That’s all, plugin and theme editors will now disappear from themes and plugins menus in the WordPress admin area.

You can also add this line of code to your theme’s functions.php file, a site-specific plugin, or by using the code snippets plugin.

If you don’t want to edit the files directly, then you can install the Sucuri WordPress plugin which offers 1-click hardening feature.

Proper Way to Edit WordPress Theme and Plugin Files

Many users actually use WordPress theme and plugin editors to look up the code, add custom CSS, or editing code in their child themes.

If you only want to add custom CSS to your theme, then you can do so by using the theme customizer located under Appearance » Customize.

Adding custom CSS via theme customizer

For more details, see our guide on how to add custom CSS in WordPress without breaking your site.

If you want to look up the code in a plugin, then you can do so by using an FTP client.

For better file management and syntax highlighting, you can use one of these code editors for editing WordPress files on your computer.

Last but not least, you can also create a custom WordPress theme without writing any code.

We hope this article helped you learn how to easily disable theme and plugin editors from WordPress admin panel. You may also want to see our ultimate guide to improving WordPress performance and speed.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

249 Shares
Share
Tweet
Share
Pin
Popular on WPBeginner Right Now!
  • How to Start Your Own Podcast (Step by Step)

    How to Start Your Own Podcast (Step by Step)

  • Google Analytics in WordPress

    How to Install Google Analytics in WordPress for Beginners

  • How to Fix the Error Establishing a Database Connection in WordPress

    How to Fix the Error Establishing a Database Connection in WordPress

  • Checklist

    Checklist: 15 Things You MUST DO Before Changing WordPress Themes

About the Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Trusted by over 1.3 million readers worldwide.

The Ultimate WordPress Toolkit

28 Comments

Leave a Reply
  1. Robin Hood says:
    Apr 22, 2019 at 4:48 am

    Thanks for sharing this post. Helpful and Informative.

    Reply
    • WPBeginner Support says:
      Apr 22, 2019 at 2:30 pm

      You’re welcome, glad our content could be helpful :)

      Reply
  2. isabella says:
    Jul 6, 2018 at 11:11 am

    Hello there! I have the opposite problem I need to add a CSS code in the editor BUT the editor disappeared.
    Do you have any suggestions?
    thanks a lot
    cheers

    Reply
  3. Mike Sawyer says:
    May 29, 2018 at 10:36 am

    Thank you for all the tips and helpful advice. This is the go to for me in case I get stuck. Thanks.

    Reply
  4. Raj says:
    Nov 18, 2017 at 4:48 am

    Unfortunately this isn’t working for me, I have updated the wp-config.php file but the editor option is still there in my wp dashboard, can you suggest me something?

    Reply
    • Dave says:
      Jan 22, 2018 at 2:13 pm

      Hi Raj,

      I had the same issue, but was able to fix it. Not sure if this is your same issue, but I realized that when copy/pasting from an internet post, sometimes the single/double quotation marks (‘ ‘) or (” “) may be a curly quote vs. a straight quote. Try deleting the single quotes, and retyping them.

      Hope this helps!

      -Dave

      Reply
  5. William Marques says:
    Mar 1, 2017 at 11:34 am

    Is it possible disable save option for all? I want show control panel for my clients, but I do not want that they save the changes.

    Reply
  6. Bella says:
    Nov 10, 2016 at 10:38 pm

    A trillion thank you’s!!

    This tiny piece of code has rocked my world!

    How have I not come across you in the past??

    Keep smiling – Bella

    Reply
  7. Jimit Shah says:
    Aug 28, 2016 at 5:54 am

    hi
    I want to disable paste command ( through mouse and ctr+v)in my php file in theme editor. So that i can write code not copy any code from outside.I want to give access manual code writing . please help me

    Reply
  8. Raja Dileep Kumar says:
    Jun 24, 2016 at 2:56 am

    define(‘DISALLOW_FILE_EDIT’, true); this function will work on themes/functions.php if i paste the code in wordpress

    Reply
  9. Pramod Kumar says:
    Apr 16, 2016 at 12:30 pm

    It works, Thanks.

    Reply
  10. John McNamara says:
    Jan 27, 2016 at 5:46 am

    Hi there just wondering if anyone found a way to get around this without access as we have paid $1800 for some to set up a Website that is just a theme with out any changes made to it and wants to be paid more to unlock the editor for us
    Please help!!

    Reply
    • WPBeginner Support says:
      Jan 28, 2016 at 9:45 am

      If you have FTP access, or access to the hosting control panel, then you can easily edit the wp-config.php file and remove the code:

      define( 'DISALLOW_FILE_EDIT', true );
      Reply
      • Graham Peckham says:
        Jun 13, 2018 at 7:29 am

        Hi, well I was hacked yesterday by someone who installed MonsterInsights plugin to my web site, BUT, the line of code you suggest was already installed on wp-config.
        So any suggestions for stopping these
        Cheers

        Reply
        • WPBeginner Support says:
          Jun 13, 2018 at 12:27 pm

          Hi Graham,

          If you suspect that your website may be hacked, then please see our guide on recovering a hacked WordPress site. You may also want to follow our complete WordPress security guide to protect your website in the future.

  11. Prasath says:
    Apr 26, 2015 at 11:23 pm

    define( ‘DISALLOW_FILE_EDIT’, true );

    This one disable the editor for complete pages. I need to disable only for home page and for particular user(for Ex: Editor) . Coz I used page builder. My clients are not intrested to look over that..

    Can any one help me ….

    Reply
  12. Mark Corder says:
    Apr 26, 2015 at 1:03 pm

    I can also confirm that this works when the line is added to a Site-Specific Plugin – which you’ll also find the recipe for here on WPBeginner…

    … so Thanks to you folks for all of it!

    Reply
  13. Melissa says:
    Oct 20, 2014 at 9:02 pm

    Hey there! My cheeky developer has done this to me and I need access… is there a way to “undo” this clever trick without having FTP access?

    I am also a developer and able to edit the files without any issues, but my contracted developer wants to charge me to access the code… so I am hoping I can jump in somehow!

    Mel

    Reply
    • Al Klein says:
      Jul 27, 2017 at 3:48 pm

      Did you contract for ‘all deliverables’? If so, have him deliver the FTP password – it’s a deliverable. (It’s a contract, so it can be enforced by a court. You may not be able to sue for specific action, but you can sue for whatever it will cost to have another developer create a new site that’s exactly like the old one [which will probably bankrupt your existing developer – so it will make him prone to turn everything over to you].)

      If you didn’t have ‘all deliverables’ included in the contract, or don’t have a signed contract, consider it a cheap legal lesson. (Law school costs a lot more.)

      Reply
      • Bill says:
        Oct 14, 2018 at 11:51 pm

        Great tip.
        Is there a way to disable a specific editor (for example Elementor) for a specific post (page) type while still allowing access to the classic editor?
        I hope this can be done in the child functions file.

        Reply
  14. Suresh Khanal says:
    Sep 24, 2014 at 11:22 pm

    while reading this post I was wondering why would anyone need to hide the editor link in the WordPress Admin because it is only the administrators who gain access to those links and if they do not get permission to do the things the required, what’s the use? anywhere realize that is good with it helpful when you are setting up blogs for you clients. Thanks for the good tips.

    Reply
  15. Mark Corder says:
    Sep 3, 2013 at 1:43 pm

    This is an excellent tip – and it worked fine for me adding the line to the functions.php file in my twentytwelve-child-theme’s folder. I still see options for customizing the theme (header, background, etc.) – but the “editor” links are now gone. (I had to press CTRL-R to force a page reload to make them disappear.)

    I always try to remove everything from the backend that a client really shouldn’t be messing with, and those plugin & theme editors are just inviting disaster! It’s wonderful to be able to remove them with a single line of code…

    I really appreciate these tips that edit child-theme functions and files to accomplish something rather than just recommending another plugin – though I realize this departs a bit from the “beginner” stuff.

    And if you haven’t had this request a thousand times already, I’d love to see you folks open a “WPAdvanced” site for us hard-core folks!

    Reply
    • Editorial Staff says:
      Sep 3, 2013 at 3:04 pm

      Thanks for the feedback Mark. Yes, we have gotten the request for WPAdvanced in the past. For now our focus is to continue to improve WPBeginner (we’re still not there yet).

      -Syed

      Reply
  16. Gray Ayer says:
    Nov 5, 2012 at 12:36 pm

    A problem encountered with this technique is that it also prevents anyone from upgrading the outdated plugins. Any ideas on that, besides disabling the addition to the wp-config file, upgrading, then restoring the hardened security?

    Reply
    • Editorial Staff says:
      Nov 5, 2012 at 1:02 pm

      That’s interesting. We have this code running on our site, and we can do 1-click upgrades.

      Reply
  17. joanpique says:
    Nov 3, 2011 at 12:11 pm

    Hi, thanks for the tip, yes, it works on functions.php file.

    But this code turn me off my theme options page :(…, is there any other code that only hide editors or something to put in the options page for avoid hidding?

    Reply
    • Renan Santos says:
      Aug 28, 2014 at 9:24 am

      All you have to do is open your wp-config.php file and paste the code!

      Reply
  18. Devin Walker says:
    Oct 28, 2011 at 3:37 pm

    99% of my clients are non-technical

    Reply

Leave a Reply Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

Over 1,320,000+ Readers

Get fresh content from WPBeginner

Featured WordPress Plugin
OptinMonster
OptinMonster
Convert website visitors into email subscribers. Learn More »
How to Start a Blog How to Start a Blog
I need help with ...
Starting a
Blog
WordPress
Performance
WordPress
Security
WordPress
SEO
WordPress
Errors
Building an
Online Store
Useful WordPress Guides
    • 7 Best WordPress Backup Plugins Compared (Pros and Cons)
    • How to Fix the Error Establishing a Database Connection in WordPress
    • Why You Need a CDN for your WordPress Blog? [Infographic]
    • 30 Legit Ways to Make Money Online Blogging with WordPress
    • Self Hosted WordPress.org vs. Free WordPress.com [Infograph]
    • Free Recording: WordPress Workshop for Beginners
    • 24 Must Have WordPress Plugins for Business Websites
    • How to Properly Move Your Blog from WordPress.com to WordPress.org
    • 5 Best Contact Form Plugins for WordPress Compared
    • Which is the Best WordPress Popup Plugin? (Comparison)
    • Best WooCommerce Hosting in 2021 (Comparison)
    • How to Fix the Internal Server Error in WordPress
    • How to Install WordPress - Complete WordPress Installation Tutorial
    • Why You Should Start Building an Email List Right Away
    • How to Properly Move WordPress to a New Domain Without Losing SEO
    • How to Choose the Best WordPress Hosting for Your Website
    • How to Choose the Best Blogging Platform (Comparison)
    • WordPress Tutorials - 200+ Step by Step WordPress Tutorials
    • 5 Best WordPress Ecommerce Plugins Compared
    • 5 Best WordPress Membership Plugins (Compared)
    • 7 Best Email Marketing Services for Small Business (2021)
    • How to Choose the Best Domain Registrar (Compared)
    • The Truth About Shared WordPress Web Hosting
    • When Do You Really Need Managed WordPress Hosting?
    • 5 Best Drag and Drop WordPress Page Builders Compared
    • How to Switch from Blogger to WordPress without Losing Google Rankings
    • How to Properly Switch From Wix to WordPress (Step by Step)
    • How to Properly Move from Weebly to WordPress (Step by Step)
    • Do You Really Need a VPS? Best WordPress VPS Hosting Compared
    • How to Properly Move from Squarespace to WordPress
    • How to Register a Domain Name (+ tip to get it for FREE)
    • HostGator Review - An Honest Look at Speed & Uptime (2021)
    • SiteGround Reviews from 4464 Users & Our Experts (2021)
    • Bluehost Review from Real Users + Performance Stats (2021)
    • How Much Does It Really Cost to Build a WordPress Website?
    • How to Create an Email Newsletter the RIGHT WAY (Step by Step)
    • Free Business Name Generator (A.I Powered)
    • How to Create a Free Business Email Address in 5 Minutes (Step by Step)
    • How to Install Google Analytics in WordPress for Beginners
    • How to Move WordPress to a New Host or Server With No Downtime
    • Why is WordPress Free? What are the Costs? What is the Catch?
    • How to Make a Website in 2021 – Step by Step Guide
Deals & Coupons (view all)
MemberPress
MemberPress Coupon
Get up to 50% OFF on MemberPress WordPress premium membership plugin.
Pixelemu
Pixelemu Coupon
Get 15% OFF on Pixelemu WordPress themes and plugins.
Featured In
About WPBeginner®

WPBeginner is a free WordPress resource site for Beginners. WPBeginner was founded in July 2009 by Syed Balkhi. The main goal of this site is to provide quality tips, tricks, hacks, and other WordPress resources that allows WordPress beginners to improve their site(s).

Join our team: We are Hiring!

Site Links
  • About Us
  • Contact Us
  • FTC Disclosure
  • Privacy Policy
  • Terms of Service
  • Free Blog Setup
  • Free Business Tools
  • Growth Fund
Our Sites
  • OptinMonster
  • MonsterInsights
  • WPForms
  • SeedProd
  • Nameboy
  • RafflePress
  • Smash Balloon
  • AIOSEO

Copyright © 2009 - 2021 WPBeginner LLC. All Rights Reserved. WPBeginner® is a registered trademark.

Managed by Awesome Motive | WordPress hosting by SiteGround | WordPress Security by Sucuri.