By default, WordPress allows administrators to edit theme and plugin codes through the admin panel:

• WordPress Dashboard Screen > Appearance > Editor
• WordPress Dashboard Screen > Plugins > Editor

As fas as I’m concerned, I never use this feature because I find it quite dangerous as a single typo can end up locking you out of your site (unless you can access your site via FTP of course). When editing code, I definitely prefer the FTP way.

So, to prevent clients from screwing up their own website, I highly recommend that you disable both theme and plugin editors from the WordPress admin panel by adding the code below in your functions.php file.