Disallow File Edit Setting In WordPress

Disallow File Edit Wordpress

Enabling DISALLOW_FILE_EDIT is a good idea – it makes your site more secure since it prevents logged-in users from editing plugins and themes. Thus avoiding the insertion of malicious code in the event of an unauthorized user gaining access to the dashboard.

1. Make a backup of your wp-config.php file.

If you’re using a WordPress backup plugin like UpdraftPlus, fire off a backup, wait until it’s completed, and continue.

2. Open up your wp-config.php file for editing.

Download your wp-config.php from your website and open it up in your favorite text editor.

3. Find the setting DISALLOW_FILE_EDIT in your wp-config.php and change it to true.

By default, this setting isn’t specified in the WordPress wp-config.php. If you’ve never set it before, it won’t be there, and you’ll have to add it yourself.

But it would be best if you were careful where you add new configuration settings – you cannot add them to the end of the file.

An excellent place to do it is to look for WP_DEBUG and add it immediately after this line.

To enable this security setting, add the following line to your wp-config.php:

define( 'DISALLOW_FILE_EDIT', true );