Disable theme/plugin file editor

PostedMay 26, 2026

UpdatedMay 26, 2026

Byadmin

WARNING: Enabling this setting removes access to the built-in plugin and theme editor in WordPress admin. Confirm that administrators do not rely on the editor for emergency changes before enabling it.

Description of the control

This control appears in the Core File Permissions section as Disable theme/plugin file editor. Its enforcement option is the checkbox labeled Enforce DISALLOW_FILE_EDIT via a must-use plugin.

Use this control when the built-in WordPress file editor should be disabled on the site. The help text states that this is recommended on production sites.

Procedure

In WordPress admin, open Posture Management.
Select Core Hardening.
In the Core File Permissions section, locate Disable theme/plugin file editor.
Select Enforce DISALLOW_FILE_EDIT via a must-use plugin.
Click Save changes.

Validation

After saving, reload Posture Management -> Core Hardening and confirm the checkbox remains selected.

Then verify that the built-in plugin and theme editor is no longer available in WordPress admin.

Getting Started

Installation

Dashboard

Core Security

Account Security

Browser Security

Email Security

File Security

Settings

Troubleshooting

Disable theme/plugin file editor

Description of the control

Procedure

Validation