Protecting WordPress from Dangerous Clients
One of the scariest things a developer can hear from a new client is the infamous claim: “I know just enough to be dangerous.” Translation: I don’t really know much but I sure love to tinker with things! This always puts up a little red flag in my mind. However, a seemingly harmless bit of tinkering can have disastrous consequences on a live website.
Unfortunately, there are some clients out there who feel more confident about tinkering after they’ve hired a developer to assist with their site. Something gets broken and then the burden of fixing the website is on you. Want to prevent this scenario from happening? Here’s a quick fix:
Disable the Plugin and Theme Editor
Access to plugin and theme code is readily available in the WordPress dashboard. One thing you can do to protect the site from tinkering is to disable the both of these editors. You can do this in under a minute. Open your wp-config.php file and add the following constant:
Now, when you’re in the dashboard it is impossible to access the theme or plugin editor, even with the admin account.
Want to take it one step further? The WordPress codex has another gem for your wp-config.php file:
Disable Plugin and Theme Update and Installation
If you really want to lock things down, you can block users from installing/updating themes and plugins through the dashboard. Add this quick snippet to your wp-config.php file:
Not only will it prevent users from installing and updating themes and plugins, but it will also automatically disable theme and plugin editing in the dashboard. This constant essentially kills two birds with one stone and saves you from having to mop up a mess later on after your client decides to tinker around with this and that.
One note of caution – You should only use these particular constants if you are your client’s sole developer with an agreement to maintain that site. Otherwise, you could be locking your client out of the freedoms that he needs to maintain his own site, should he choose a new developer. In most cases these healthy boundaries will help to keep your client safe from his predisposition to ill-advised and uninformed tinkering.