Questions about disabling plugin and theme editor

  • Resolved Robert Eichhorn

    (@robert-eichhorn)


    3 years, 2 months ago

    Under the heading ‘Disable Editing in /wp-admin’, I’ve read that “Too often we’re seeing wp-admin credentials compromised and by allowing someone to edit within your admin panel you give the attack full access to all your files. The easiest way to avoid this is to disable the editor via your wp-config file:” Here is the code given:

    #Disable Plugin / Theme Editor
    Define(‘DISALLOW_FILE_EDIT’,true);

    I’ve also read that inserting code to disable plugin and theme update and installation will also disable the plugin and theme editor. Here is the code given:

    define(‘DISALLOW_FILE_MODS’,true);

    My questions are:
    1. Will these codes prevent all file editing including .htaccess files?
    2. If these codes prevent all file editing, then how will WordPress be able to write to files to automatically update them?

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Questions about disabling plugin and theme editor’ is closed to new replies.