Option to disable theme/plugin editor
|Reported by:||kchrist||Owned by:|
Allowing editing of executable code via a web interface is a potential security risk.
In a suexec/suphp environment where the code runs as the user who owns it, if a site's admin password has been compromised, an attacker can modify theme/plugin files to execute arbitrary code. This can range from things like adding spam links up to performing attacks on the server, modifying/deleting other files owned by the same user, and so on.
This risk can be prevented by using mod_php instead of CGI, but that's becoming rare in shared hosting environments. It can also be mitigated by using strong passwords and following taking security precautions but let's be honest, the vast majority of people don't.
I'd like to see a config option one could add to wp-config.php, something like WP_DISABLE_CODE_EDITOR or whatever. Disabling the editor via a plugin is useless because if an attacker has access to the WP admin, they can disable plugins at will.