Ability to disable theme and plugin editor
|Reported by:||intoxination||Owned by:|
A good security measure would be to add the ability to disable the plugin and theme editor in wp-config. Something like:
That way if a site is compromised via a brute force, there is the added security of the attacker not being able to run arbitrary PHP code through one of these files, like an exec() call.
Of course this isn't a replacement for good server security practices, such as ensuring proper permissions and users, but it will add the ability to give another layer of security for those who wish for it and should be very simple to work in.