[Defender] Disabled file editor

How come I get a warning regarding the file editor When it is disabled?

  • Patrick Freitas
    • Staff

    Hi Ove

    How are you?

    The File editor that the Defender warns is from the theme/plugin, for security reason is recommended that disable those editors.

    WordPress comes with a file editor built into the system. This means that anyone with access to your login information can edit your plugin and theme files. We recommend disabling the editor.

    Also, we do not suggest edit WordPress or Plugin files from WordPress dashboard, once one PHP Function can break the Plugin or Theme / Site and the Dashboard becomes inaccessible to fix. Those edits should be done from FTP and on a staging environment.

    Defender will disable the file editor adding on your wp-config.php file the line:

    define( 'DISALLOW_FILE_EDIT', true );

    If you keep receiving the warning after disabling the editor, please, check the wp-config.php file and see if the code was right defined on that file. If it doesn't, you can add the line just above of /* That's all, stop editing! Happy blogging. *

    However, if you need to access the editor for any reason, you can revert the feature on Defender > Resolved > Disable the file editor > Revert

    Let us know if you need any further help on this.
    Best Regards,
    Patrick Freitas

  • Ove
    • WPMU DEV Initiate

    That did the trick, Patrick. The fix in Defender disabled the editor so that was not the problem, but that Defender still reported the disabled editor as a problem. :slight_smile:
    And thanks for the extra info, Donna.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.