Make WordPress Core

Opened 14 years ago

Closed 14 years ago

Last modified 14 years ago

#14736 closed enhancement (invalid)

Ability to disable theme and plugin editor

Reported by: intoxination's profile intoxination Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.0.1
Component: Security Keywords:
Focuses: Cc:

Description

A good security measure would be to add the ability to disable the plugin and theme editor in wp-config. Something like:

define("DISABLE_FILE_EDITORS",1);

That way if a site is compromised via a brute force, there is the added security of the attacker not being able to run arbitrary PHP code through one of these files, like an exec() call.

Of course this isn't a replacement for good server security practices, such as ensuring proper permissions and users, but it will add the ability to give another layer of security for those who wish for it and should be very simple to work in.

Change History (3)

#1 @demetris
14 years ago

  • Resolution set to invalid
  • Status changed from new to closed

The constant already exists:

DISALLOW_FILE_EDIT

It was introduced in WP 3.0. :-)

#3 @scribu
14 years ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.