Disallow File Edit Setting In WordPress
Enabling DISALLOW_FILE_EDIT
is a good idea – it makes your site more secure since it prevents logged-in users from editing plugins and themes. Thus avoiding the insertion of malicious code in the event of an unauthorized user gaining access to the dashboard.
1. Make a backup of your wp-config.php
file.
If you’re using a WordPress backup plugin like UpdraftPlus, fire off a backup, wait until it’s completed, and continue.
2. Open up your wp-config.php
file for editing.
Download your wp-config.php
from your website and open it up in your favorite text editor.
3. Find the setting DISALLOW_FILE_EDIT in your wp-config.php
and change it to true.
By default, this setting isn’t specified in the WordPress wp-config.php
. If you’ve never set it before, it won’t be there, and you’ll have to add it yourself.
But it would be best if you were careful where you add new configuration settings – you cannot add them to the end of the file.
An excellent place to do it is to look for WP_DEBUG
and add it immediately after this line.
To enable this security setting, add the following line to your wp-config.php
:
define( 'DISALLOW_FILE_EDIT', true );