WordPress is a fantastic tool to get your website up and running within a few hours. And it has its own vulnerabilities. For example, you (or anyone with access) can edit the core WordPress files and alter the functionality of the theme, plugins, and overall functionalities. Hackers often use this method to inject harmful codes. So you should make every possible effort to stop direct access to the core files.
In this article, learn how you can prevent access to core WordPress files from admin section.
How to Prevent File Editing from Admin Area
Just to show you how easy it is to edit a file once you’re in the admin section, log in to your admin area. Then go to Appearances>Editor. Here you’ll get access to the codes. For plugins, you can go into Plugins>Editor. You can prevent this access by making changes to the wp-config.php file. That’s what you’re going to see in the later sections.
Here are the steps you need to take:
Open cPanel
Navigate into the File Manager under Files section
If you’re hosting multiple websites on that account, select the website for which you want to restrict the access
Then, from the left-hand side menu, click on the public_html folder
Inside that folder, you can locate the wp-config.php file. Right-click on it and select Edit to start editing
Again click on Edit option on the popup message. This authenticates and confirms your access
You’ll see lines of codes in the wp-config.php files. Copy and paste the following code at the bottom:
define( 'DISALLOW_FILE_EDIT', true );
Save the changes by clicking on the Save Changes button on the top-right corner.
Now no one can access the file editing option from the admin panel. To check this you can navigate into the Appearance menu and see Editor option missing. Similarly, there will be no Editor option in Plugins.
It’s best to limit the editing capabilities to cPanel. Admin panel should be for administrative and maintenance purposes.
In this article, learn how you can prevent access to core WordPress files from admin section.
How to Prevent File Editing from Admin Area
Just to show you how easy it is to edit a file once you’re in the admin section, log in to your admin area. Then go to Appearances>Editor. Here you’ll get access to the codes. For plugins, you can go into Plugins>Editor. You can prevent this access by making changes to the wp-config.php file. That’s what you’re going to see in the later sections.
Here are the steps you need to take:
Open cPanel
Navigate into the File Manager under Files section
If you’re hosting multiple websites on that account, select the website for which you want to restrict the access
Then, from the left-hand side menu, click on the public_html folder
Inside that folder, you can locate the wp-config.php file. Right-click on it and select Edit to start editing
Again click on Edit option on the popup message. This authenticates and confirms your access
You’ll see lines of codes in the wp-config.php files. Copy and paste the following code at the bottom:
define( 'DISALLOW_FILE_EDIT', true );
Save the changes by clicking on the Save Changes button on the top-right corner.
Now no one can access the file editing option from the admin panel. To check this you can navigate into the Appearance menu and see Editor option missing. Similarly, there will be no Editor option in Plugins.
It’s best to limit the editing capabilities to cPanel. Admin panel should be for administrative and maintenance purposes.
