Normally using WordPress’s editor, we can easily edit the theme and plugin’s files. Here’s the screenshot of the editor.
It’s best to disable the theme and plugin editors. To keep secure our website we need to disable this tool.
How to Disable
First, login to your CPanel. Open file manager. Or, you can use FTP client. You can use FileZilla – The free FTP solution.
Once you connected with FTP, go to the root of your website’s directory. If there is a wp-config.php file, edit the file.
Now write the following code:
define( 'DISALLOW_FILE_EDIT', true );
Before closing, don’t forget to save the wp-config.php file.Read all security tips and tricks about WordPress: The Powerful WordPress Security Guideline – Simple Tricks