Disable File Editing on WordPress


(Ananova News) January 04, 2023.

WordPress code editor enables editing theme and plugin files directly from wp-admin. Precautionary it is recommended to turn it off, as it is a potential security hazard. Version after 4.9 can catch fatal errors and does not parse the code till they are resolved. Furthermore, it stops the hacker with administrator access by changing themes or plugins and inserting malicious code.

How to Disable file editing in WordPress admin?

  • Log into the control panel.
  • Open File Manager under Files & Security.
  • Locate the file wp-config.
  • Click Edit in the menu bar at the top of your screen.
  • Search wp-config for ‘DISALLOW_FILE_EDIT’, and DISALLOW_FILE_MODS’ and set it to “true”
define('DISALLOW_FILE_EDIT', true);
define( 'DISALLOW_FILE_MODS', true );

Recently, a security alert revealed that WordPress websites on Linux were targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. The targeted websites were injected with malicious JavaScript retrieved from a remote server. As a result, when visitors click on any area of an infected page, they are redirected to another arbitrary website of the attacker’s choice.

The disclosure comes weeks after Fortinet FortiGuard Labs detailed another botnet called GoTrim that’s designed to brute-force self-hosted websites using the WordPress content management system (CMS) to seize control of targeted systems. In June 2022, the GoDaddy-owned website security company shared information about a traffic direction system (TDS) known as Parrot that has been observed targeting WordPress sites with rogue JavaScript that drops additional malware onto hacked systems. Last month, Sucuri noted that more than 15,000 WordPress sites had been breached as part of a malicious campaign to redirect visitors to bogus Q&A portals. The number of active infections currently stands at 9,314. January 03, 2023, BleepingComputer reports thirty security vulnerabilities in numerous outdated WordPress plugins and themes are being leveraged by a novel Linux malware to facilitate malicious JavaScript injections. Dr. Web reported that malware compromised both 32- and 64-bit Linux systems, and uses a set of successively running hardcoded exploits to compromise WordPress sites.

You can look to the Ananova selected top hosting providers at: https://ananova.com/best-hosting-providers

The key players listed in the list include Liquidweb, WordPress.com, A2Hosting, GreenGeeks, Namecheap, Inmotionhosting, Resellerspanel, Hostgator, Interserver, Sitevalley, Webhostingpad, Bluehost, Hostmonster, Fatcow, IPower, Weebly, Shopify, Accuwebhosting, WPEngine, Cloudways, Hostens and many more.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.