Are you searching for an easy way to disable file editing in WordPress?
In this tutorial, we have shared 2 methods to do this.
WordPress is a CMS that gives you, the administrator, complete control over your website, including access to website-related files.
Some of these files can be viewed and edited directly from your WordPress admin and this privilege has its own set of pros and cons.
On one side, this feature allows you to make changes or in other words lets you add or edit code without leaving your WordPress admin which is a huge plus.
And on the other, if you are new to WordPress then a small mistake can lead to you losing control of your WordPress admin.
In worst-case scenarios, hackers can use this feature to execute malicious code resulting in data loss.
Keeping this in mind, it is recommended that you turn off file editing in WordPress, and below are 2 simple ways to do this.
Disable File Editing Using Plugin
If you are looking for a no-hassle way to disable file editing in WordPress then this method is for you.
We will be using the Solid Security plugin for this.
This method requires you to install the Solid Security plugin and select the option that disables file editors in WordPress admin.
Now, coming to the process
Once you have set up the Solid Security plugin in your WordPress website, you need to click Settings under Security in your WordPress dashboard.

Doing this will take you to the Solid Security Global settings and you will see a settings menu on the left.

In this menu, you need to click Advanced and it will show you the WordPress Tweaks settings below System Tweaks.

Here you need to click the WordPress Tweaks dropdown and the first option that you will come across lets you disable both the Theme and Plugin file editors in WordPress.

You have to select the Disable File Editor option, scroll down to the bottom, and click Save.

And that’s it you have successfully disabled file editing in WordPress using a plugin.
Before we move forward, it is important to know, that if you are using the Solid Security plugin to disable file editors in WordPress then below it you will see the XML-RPC dropdown.
We recommend selecting the disable XML-RPC option in this dropdown and Saving changes.
This will further improve the security of your website.
Disable File Editing Using Code
When it comes to disabling theme and plugin editors in WordPress using code, there are 2 ways you can do this
Now, the code snippet is the same for both and you can copy it from below
define( 'DISALLOW_FILE_EDIT', true );
Keep in mind, that this is an advanced way to disable file editing in WordPress and it requires you to edit one of the files and add code snippet.
If you are new to WordPress then we do not recommend that you use this method as a small error here can lead to your site going down.
With that said, below we have shared the process
Through wp-config.php file
If you want to use the wp-config.php file to disable theme and plugin editors in WordPress then you will have to go to the root folder of your WordPress installation.
There are multiple ways to visit the root folder and these are
- Using FTP
- Through cPanel or web hosting dashboard
Once you have found the file you need to edit and add the code snippet we have shared above at the bottom.
See the below screenshot for reference

Make sure to save the changes you have made.
And this is how you can disable file editing in WordPress admin using the wp-config file.
Via functions.php
functions.php is a file that you can access directly from your WordPress admin via the theme file editor.
If you want to disable the file editors using this method then it will give you a warning at the end confirming that the code works.
Now, coming to the process.
If you are using a customizer-based theme such as Kadence, Astra, Hello, and more then you will find the Theme File Editor option under Appearance in your WordPress dashboard.

For block theme users, you will find it under Tools in your WordPress admin.

Once you are in the Theme File Editor, it will show you all the theme-related files and here you need to search for functions.php.

On finding, you need to open it, add the above-mentioned code snippet at the bottom, and click Update File.

Clicking Update File will give you a warning stating you do not have access to this part of the website.

This shows you have successfully disabled file editing in WordPress dashboard using the functions.php file.
Before we move forward, there are a few things you need to know
- There are alternate ways to access and edit the functions.php file and that is by using FTP or through cPanel or your web hosting dashboard.
- You will find the functions.php file using the following path wp-content >> themes >> your theme. For example, if you are using Kadence then the name of your theme folder will be Kadence and it will be found inside the themes folder.
- When adding any code snippet to the functions.php, make sure to use a child theme so that you do not lose the changes on updating.
Just a heads up If you are new to WordPress then we recommend you use the Solid Security plugin for this. It is a free plugin and with only a few clicks you can disable file editing.
Check if File Editors are disabled in your WordPress admin
Once you are done disabling file editors in the WordPress dashboard, the next step is to check if the theme and plugin editors are visible.
For customizer-based theme users, you need to click Appearance in your WordPress admin and see if the Theme File Editor is visible.

Similarly, under Plugins, you need to look for the Plugin File Editor.

Block Theme users will find both the Editors under Tools in the WordPress admin.

If both the editors are missing then you have successfully disabled File Editing in WordPress.
FAQ
What are file editors in WordPress
As the name suggests, file editors allow you to edit certain website-related files directly from your WordPress admin panel.
There are 2 file editors in the WordPress dashboard
- Theme File Editor- Lets you edit theme files
- Plugin File Editor- Allows you to edit plugin files
Where can I find file editors in the WordPress dashboard
For customizer-based themes
If you are using a customizer-based theme then you will find the Theme File Editor under Appearance in your WordPress dashboard

And Plugin File Editor under Plugins in your WordPress admin.

For Block Themes
If you are using a block theme then you will find both Theme and Plugin File Editor under Tools in your WordPress dashboard

Why disable file editing in WordPress
As mentioned above, file editing is a privileged feature that simplifies the process of making changes to your website.
With the help of this feature, you or anyone with access can add and edit code making it a security concern.
If you are unfamiliar with the technicalities then a small mistake here can crash your site or you can lose access to your WordPress admin.
Also, hackers can use this access to execute malicious code which can be even more disastrous.
Hence, it is recommended that you disable file editing from Day 1.
Which is the recommended method to disallow file editing in WordPress
We recommend using the Solid Security plugin to disallow file editing in WordPress.
This feature is available in the free version and can be activated with just one click.
Having said that,
I hope you will find this tutorial helpful and are able to disable WordPress file editors.
In case you have any queries feel free to get in touch.