To disable file editing in the WordPress administrator area, add the following line of code to the wp-config.php file.

define( 'DISALLOW_FILE_EDIT', true );

If you find too few answers, I’ll show you how to turn off file editing in this short step-by-step tutorial.

What is file editing in WordPress?

The WordPress Dashboard has a theme and an extension code editor.

In the left navigation panel, you will find Themes and expansion options. They consist of a standard code editor that lets you edit theme and extension files directly from the WordPress dashboard.

If you click Plugin Editor, you will see a warning box.

Disable WArning Box file editing

The warning box only appears to first-time visitors. The box displays warnings about editing the code in WordPress files. If not done correctly, it can break the website or you will lose access to it.

Once you are logged in, you will see a standard code editor.

Plugin Editor WordPress Cloudflare

In the upper right corner you will see that I have selected the Cloudflare plugin to edit. You can find all the extensions installed on your website in a list and directly edit their functionality.

The same goes for the theme editor (Appearance >> Theme Editor).

Theme Editor for WordPress Twenty Nineteen

You can select any theme and edit any theme file here.

Why disable file editing in the WordPress Admin area?

Editing files directly from the WordPress Admin Control Panel may seem useful, but it is a potential security risk.

Recipient WordPress version 4.8, you could have entered any line of code; it would have structured it. Thus, break the website if the code is wrong. Although WordPress version 4.9 updated the theme and plug-in editor. The reporter can now grasp fatal mistakes and not parse until you have resolved them.

But once again, it’s just a precautionary method, and things can slip and damage a WordPress website.

Another problem with file editors is that if someone somehow accesses the admin area, they can add a code file with a file editor to gain full access to the website.

Even if a person is already an administrator, accessing the code is something different. He can use extension accounts, theme accounts, create vulnerabilities for future exploitation, launch DDoS attacks, and transfer malware to visitors ’devices to scale attacks on your company’s website.

As a WordPress host, we recommend that you uninstall the built-in file editors. People who need to make changes can do it using FTP, which is safer and faster.

How do I turn off file editing?

Like I said, you can turn off file editing in the WordPress administrator area by adding the following line of code to the wp-config.php file.

define( 'DISALLOW_FILE_EDIT', true );

But let’s look step by step.

Step 1: Log in to Hosting to open the File Manager

All popular hosting services offer panels for managing web hosting services. It can be a custom-made panel, cPanel, Plesk, or whatever open source hosting panel.

You need to log in to the panel and find the File Manager.

File Manager Web Services Panel

Step 2:

File manager contains many folders. You need to open public_html or often the root directory. Public_html contains WordPress website files.

public html file Web Hosting Panel

Step 3: Locate the wp-config.php file

You can find the wp-config.php file in the public_html file.

If the wp-config.php file does not exist, go to the setting and select ‘Show hidden files. Some hosting providers keep it hidden to protect it from accidents.

Wp-Config PHP Hosting panel

Click edit and it will load the built-in code editor.

You can also download the file and edit it locally. Then you need to reload it and delete the old wp-config.php.

Whichever you go, you have to add a line of code to it.

Step 4: Add a line of code to wp-config.php

The wp-config.php file would not be empty. The coding would be a bunch, but don’t worry. You only need to add the next line to the end of the code.

define( 'DISALLOW_FILE_EDIT', true );

Click save changes to save the file.

That’s it.

Log in to the website so you can’t find the theme and plug-in editor in the WordPress Admin Dashboard.


Dashboard security is critical to WordPress security. You can protect your login page by creating hard passwords, adding security issues, by restricting login attemptsor using login security extensions.

Clean up hacked website code can be time consuming and difficult.

By deleting the files, you prevent the code from being injected into the site, even if the hacker accesses the website.

In this quick guide, I showed you how to remove files from the WordPress Administrator area.

Do you have any questions? Leave them in the comments section.


Please enter your comment!
Please enter your name here