WordPress website owners can easily modify PHP files, such as plugin and theme files through the Dashboard under Appearance > Editor. However, this convenient and powerful tool is also often the first place attackers will use. One of the ways to harden your WordPress website is by disabling file editing within the dashboard.
WordPress Disabling File Editing
This can be done rather easily by adding the following to wp-config.php file:
If you wish to use Dashboard to edit the files again, you can always comment out the line above in wp-config.php file.
Some plugins allow you to disable file editing as well. Judging from just the 1-line code to be added to wp-config.php, why not get it done without relying on 3rd party plugins? After all, installing more plugins do mean that you have to ensure more plugins are up-to-date from time to time, to avoid introducing more security vulnerabilities to your WordPress website.
WPAuto as an Easier Alternative
Alternatively, a simpler way of disabling file editing is by using WPAuto for cPanel. Simply proceed to WPAuto within cPanel and enable the feature here:
Let WPAuto protect your WordPress!
Find out more about WPAuto for cPanel®. If your web hosting package does not include WPAuto as part of its features, we encourage you to introduce WPAuto to your hosting provider so you can enjoy using WPAuto as part of the hosting service!