The file editor that ships with WordPress is a security risk. If an attacker gains admin access to your WordPress website they will be easily able to insert malicious code into theme and plugin files. It is also a risk with clients who don't know what they're doing. Once misplaced colon in the file editor can break a site and make it inaccessible from the browser.
In your WordPress
wp-config.php file, disable the file editor by adding the following line of code.
define( 'DISALLOW_FILE_EDIT', true );
That line will have the desired effect when added to your theme's
functions.php file too but it is better to add to
If you are using WordPress CLI to install WordPress you can use the following command to create a
wp-config.php file with file editing disabled.
/* declare variables beforehand or substitute strings in */ wp core config --dbname="$MYSQL_DBNAME" --dbuser="$MYSQL_USERNAME" --dbpass="$MYSQL_PASS" --dbprefix="$WP_DBPREFIX"_ --locale=en_AU --extra-php <<PHP define( 'DISALLOW_FILE_EDIT', true ); PHP
This method is useful if you install WordPress with a script.