WordPress Secure your installation Disable File Editor
Example
The file editor that ships with WordPress is a security risk. If an attacker gains admin access to your WordPress website they will be easily able to insert malicious code into theme and plugin files. It is also a risk with clients who don't know what they're doing. Once misplaced colon in the file editor can break a site and make it inaccessible from the browser.
In your WordPress wp-config.php file, disable the file editor by adding the following line of code.
define( 'DISALLOW_FILE_EDIT', true );
That line will have the desired effect when added to your theme's functions.php file too but it is better to add to wp-config.php.
If you are using WordPress CLI to install WordPress you can use the following command to create a wp-config.php file with file editing disabled.
/* declare variables beforehand or substitute strings in */
wp core config --dbname="$MYSQL_DBNAME" --dbuser="$MYSQL_USERNAME" --dbpass="$MYSQL_PASS" --dbprefix="$WP_DBPREFIX"_ --locale=en_AU --extra-php <<PHP
define( 'DISALLOW_FILE_EDIT', true );
PHP
This method is useful if you install WordPress with a script.
