#14736 closed enhancement (invalid)
Ability to disable theme and plugin editor
Reported by: | intoxination | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.0.1 |
Component: | Security | Keywords: | |
Focuses: | Cc: |
Description
A good security measure would be to add the ability to disable the plugin and theme editor in wp-config. Something like:
define("DISABLE_FILE_EDITORS",1);
That way if a site is compromised via a brute force, there is the added security of the attacker not being able to run arbitrary PHP code through one of these files, like an exec() call.
Of course this isn't a replacement for good server security practices, such as ensuring proper permissions and users, but it will add the ability to give another layer of security for those who wish for it and should be very simple to work in.
Change History (3)
Note: See
TracTickets for help on using
tickets.
The constant already exists:
DISALLOW_FILE_EDIT
It was introduced in WP 3.0. :-)