By default, WordPress lets users edit theme and plugin files directly from the admin dashboard. While convenient for developers, this feature poses serious security risks—a single typo can break your site and lock you out without FTP access. As WordPress experts with years of hands-on experience managing client sites, we recommend disabling these editors to prevent accidental damage.
To implement this safeguard, simply open your wp-config.php file and add the following line:
define('DISALLOW_FILE_EDIT', true);Save the file, and theme and plugin editors are instantly disabled across your site. This change takes effect immediately without needing plugins or complex configurations.
Bonus insight from our community: One user confirmed it also works when added to your active theme's functions.php file, offering flexibility for theme-specific needs.