How to disable Theme Editor and Plugin Editor from WordPress dashboard
As we know that WordPress comes with a built-in theme and plugin editor. and we can change the WordPress theme file using the theme editor directly from the WordPress dashboard. we can change the theme or we can enable disabled plugins and install the new plugin with a single click. However, this may really be very helpful, but this option may generate lots of issues such as breaking our site and may cause potential security issues. In this article, we will discuss about why and how we can disable these default options form the WordPress dashboard.
There are a few ways to disable the theme and plugin editors in the WordPress admin panel without using a plugin:
01. Using wp-config.php
wp-config.php is located inside the root directory of the WordPress website folder. just open the wp-config.php file and paste the bellow code.
define('DISALLOW_FILE_EDIT', true);
define('DISALLOW_FILE_MODS',true);
In WordPress, both DISALLOW_FILE_MODS and DISALLOW_FILE_EDIT are constants that can be used to prevent users from making changes to the core files of the website. However, they have different effects on the website:
- DISALLOW_FILE_MODS: This constant is used to prevent users from installing, updating, and deleting themes and plugins, as well as updating the core WordPress software. When this constant is set to true,
- the following functionality will be disabled:
- The theme and plugin editors in the WordPress admin area The ability to install,
- update and delete themes and plugins
- The ability to update the core WordPress software
- DISALLOW_FILE_EDIT: This constant is used to prevent users from editing the core files of the website, such as theme and plugin files, through the built-in file editor in the WordPress admin area. When this constant is set to true, the file editor will be disabled and users will not be able to make changes to the core files of the website.
Summary: DISALLOW_FILE_MODS is used to prevent changes to the installed themes, plugins, and core files, while DISALLOW_FILE_EDIT is used to prevent the editing of those files through the built-in file editor in the admin panel. Both constants can be added to the wp-config.php file, typically located in the root of the website's file structure, to prevent unwanted changes to the website.
02. Using a custom function in our functions.php file: we can add the following code to our theme's
functions.php file to remove the theme and plugin editors from the admin menu:
function remove_editors() {
remove_submenu_page('themes.php', 'theme-editor.php');
remove_submenu_page('plugins.php', 'plugin-editor.php');
}
add_action('admin_init', 'remove_editors');
03. Using the remove_menu_page() function in your functions.php file: You can also use the remove_menu_page() function to remove the theme and plugin editors from the admin menu.
function remove_editors() {
remove_menu_page('theme-editor.php');
remove_menu_page('plugin-editor.php');
}
add_action('admin_init', 'remove_editors');