AGB | Datenschutz | Impressum

Created: January 19th 2016
Last updated: May 1st 2020
Categories: Wordpress
Author: Marcus Fleuti

How to disable file editing in Wordpress

Tags: Security, wordpress

Donation Section: Background

Monero Badge: QR-Code

Donate with

82uymVXLkvVbB4c4JpTd1tYm1yj1cKPKR2wqmw3XF8YXKTmY7JrTriP4pVwp2EJYBnCFdXhLq4zfFA6ic7VAWCFX5wfQbCC

The WordPress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files. This is often the first tool an attacker will use if able to login, since it allows code execution. WordPress has a constant to disable editing from Dashboard. Placing this line in wp-config.php is equivalent to removing the 'edit_themes', 'edit_plugins' and 'edit_files' capabilities of all users:

define('DISALLOW_FILE_EDIT', true);

This will not prevent an attacker from uploading malicious files to your site, but might stop some attacks.

Related Articles

March 5th 2024

WordPress: How to get URL of theme file relative from current file

February 28th 2024

WordPress: How to generate HTML class attribute with array of strings

February 16th 2024

WordPress: How to send alert on post create, delete, or permalink change

February 5th 2024

WordPress: How to preload fonts

January 24th 2024

WordPress: CSS/JavaScript Changes not Showing/Loading

January 19th 2024

WordPress: How to disable admin theme- and plugin editors

January 10th 2024

WordPress: How to hide admin pages for unprivileged users

December 18th 2023

WordPress: How to redirect to first child page

November 29th 2023

WordPress: How to generate breadcrumbs

November 21st 2023

PHP: How to find out client browser language

May 1st 2023

WordPress: An Inside Look at a Simple WebP Converter Plugin

April 17th 2023

A simple WordPress Website Image Scraper written in PHP to download all original images from a WordPress website

April 6th 2023

PHP: Sanitizing User Input

February 28th 2023

Linux IPTables :: Create a basic secure iptables ruleset for your server which is automatically applied upon system boot (systemd)

February 24th 2023

WordPress: Streamlined Database Export Plugin

September 25th 2022

WordPress: Plugin updater for external (self-hosted) resources

September 16th 2021

WordPress: Disable Posts in Post Table by Condition

September 9th 2021

WordPress: Function for Easily Adding Custom Roles

August 2nd 2021

Changing comment notification Email recipient and customize content

July 6th 2021

Custom marker icon and popup content in ACF OpenStreetMap Field

April 30th 2021

WordPress: Custom Column

April 23rd 2021

WordPress: Change Post Type via Database, Quick and Easy

March 23rd 2021

WordPress: Enqueuing Scripts and Styles

March 22nd 2021

WordPress: Get a Post

March 12th 2021

Wordpress template hierarchy explained

March 10th 2021

WordPress: Create a basic Template

March 9th 2021

WordPress: Create a basic Theme

March 3rd 2021

WordPress Plugin: Advanced Custom Fields Custom Metabox for Custom Taxonomies

March 2nd 2021

WordPress: Make a Custom Taxonomy

February 26th 2021

WordPress: Add your own Shortcode

February 25th 2021

[SOLVED] Visual Editor hidden on old wordpress page

February 25th 2021

WordPress: jQuery is not working

February 18th 2021

WordPress: Declare a Custom Post Type

February 16th 2021

WordPress and PhpMyAdmin: Migrate a Database

February 12th 2021

WordPress Plugin: Advanced Custom Fields short introduction

February 5th 2021

WordPress: Basic installation with XAMPP

February 4th 2021

[SOLVED] Wordpress multisite to single theme

January 20th 2021

[HOW TO] Zammad Chat: How to embed zammad chat into webpage

January 20th 2021

Wordpress Plugin: ACF-Plugin for custom OpenStreetMap selection and easy embedding

January 6th 2021

Wordpress - Register new post-types for multiple languages

January 6th 2021

[solved] Wordpress-Backend is not saving / JQuery $().live is not a function

January 6th 2021

ACF - Advanced Custom Fields - Metaboxes getting emptied after ACF-Export

December 9th 2020

Wordpress: Create password-protected page

December 3rd 2020

Wordpress: Images are getting scaled automatically

May 1st 2020

Basic use of the ACF Wordpress plugin - Advanced Custom Fields

December 6th 2019

Ask for htaccess Auth except for listed IP address

November 15th 2018

The solution for a bug where autocomplete="off" doesn't apply

July 24th 2018

[SOLVED] SPF setting does not apply to Return-Path causing more spam and phishing e-mails | Spamassassin | Postfix

December 6th 2017

up_auto_log=true requests - What's that? ATTENTION! Hackers! UserPro Plugin security issues.

April 22nd 2016

Delete Posts Revisions from Your Database(Wordpress)

April 17th 2016

How to Change the Default Gravatar Button in Wordpress

April 16th 2016

How to use a Custom Page as a Home Page in WordPress

January 29th 2016

How to change the admin url or wp-admin to secure login in Wordpress

December 3rd 2015

Wordpress :: create a new admin user manually directly in the database with PHPMyAdmin

June 18th 2015

WordPress Multisite Guide

May 29th 2015

How to use Ajax in Wordpress

December 27th 2013

Wordpress 3.8 - Anzahl Spalten im Dashboard bestimmen (set amount of columns within the dashboard

October 18th 2013

Wordpress :: Reset Administrator (root) Password directly on the MySQL Database using PHPMyAdmin

August 26th 2013

Wordpress :: Highlight menu item when a single custom post or a post from a category is shown

August 17th 2013

Wordpress (custom) Posts :: Find out the post_type of the current editing (custom) post