By default, WordPress allows administrators to edit theme and plugin codes through the admin panel:
- WordPress Dashboard Screen > Appearance > Editor
- WordPress Dashboard Screen > Plugins > Editor
As fas as I’m concerned, I never use this feature because I find it quite dangerous as a single typo can end up locking you out of your site (unless you can access your site via FTP of course). When editing code, I definitely prefer the FTP way.
So, to prevent clients from screwing up their own website, I highly recommend that you disable both theme and plugin editors from the WordPress admin panel by adding the code below in your functions.php file.
|//* Disable both theme and plugin editors from WordPress admin panel
|define( 'DISALLOW_FILE_EDIT', true );