I’ll never understand why the WordPress dashboard editor was created. Having it enabled is a significant security risk, and even WordPress recommends disabling it. If they recommend disabling it because it’s a security risk, then why is it part of WordPress in the first place?
The Dashboard Editor is a Security Risk
The dashboard file editor is literally a gateway for hackers. WordPress is a secure platform. But as with anything, it’s only as secure as its weakest link. If a hacker is able to gain access to your dashboard, the file editor will allow them to pretty much do anything they want:
Run scripts to upload destructive and devastating files? Check. Email viruses and spyware to all of your users? Check. Access sensitive information in your database? Check. You name it. With the file editor enabled they can do it.
The Quick Fix
The fix for this rather large security hole is very simple. All it takes is copying and pasting one line of code into your
wp-config.php file and poof! It’s disabled.
Go ahead and open your
wp-config.php file and find this line of code:
/* That's all, stop editing! Happy blogging. */
Now copy and paste (and save) this line of code just before it:
define( 'DISALLOW_FILE_EDIT', true );
Great job! That’s it! Your website is now a bit more secure than when you got here!