By default, WordPress allows administrators to edit theme and plugin codes through the admin panel:
- WordPress Dashboard Screen > Appearance > Editor
- WordPress Dashboard Screen > Plugins > Editor
As fas as I’m concerned, I never use this feature because I find it quite dangerous as a single typo can end up locking you out of your site (unless you can access your site via FTP of course). When editing code, I definitely prefer the FTP way.
So, to prevent clients from screwing up their own website, I highly recommend that you disable both theme and plugin editors from the WordPress admin panel by adding the code below in your functions.php file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
|//* Disable both theme and plugin editors from WordPress admin panel|
|define( 'DISALLOW_FILE_EDIT', true );|