Disable the theme and plugin editor in WordPress with the Sucuri Security plugin
For ease of use, you can edit plugin and theme files directly from your WordPress dashboard – but this can also make your site vulnerable to malicious visitors. Here’s how to use the Sucuri Security plugin to protect your site by disabling the file editor when it’s not needed.
Required: You must install the Sucuri Security plugin before you follow these steps.
- Sign in to WordPress.
- In the left-side menu, select Sucuri Security > Settings.
- Select the Hardening tab.
- Find the section labled Disable Plugin and Theme Editor.
- If the section is red, select Apply Hardening. If it’s green, the hardening is already applied.
Note: If you can't apply or revert hardening for this feature, it may already be handled by your hosting platform.
Related steps
Protect your website further by activating the other Sucuri Security options:
- Make your WordPress version private with the Sucuri Security plugin
- Block PHP files with the Sucuri Security plugin
- Remove the WordPress readme file with the Sucuri Security plugin
More info
- If you want to edit plugin and theme files from your WordPress admin dashboard, select Revert Hardening in the Disable Plugin and Theme Editor section. After you’re done making changes, select Apply Hardening to disable the file editor again.
- Use the Sucuri Security plugin to protect my WordPress website
- Secure my WordPress site
- If you don't want to deal with website security yourself, we have a GoDaddy paid website security service that can take care of that for you. The service also includes a site cleanup.
