Enabling the WordPress Theme and Plugin Editor

wp-editor-on-vi

When you use Click&Build to set up your WordPress installation, we set configurations and add functionalities to make it easier and safer for you to build your own website.

This is why we sometimes limit functionality – for example, we disable the theme and plugin editors in WordPress for Free Mode installations.

Enabling the Theme and Plugin Editors in wp-config.php

If you use a 1&1 WordPress default installation, you can enable the editors by changing your wp-config.php file. From here it’s a few steps to enable the editors again:

  1. Use SFTP and go to the location of your WordPress site. Learn how
  2. Open wp-config.php on your computer.
  3. Search for:
     define('DISALLOW_FILE_EDIT', true);
  4. Change true to false:
     define('DISALLOW_FILE_EDIT', false);
  5. Save the file and upload it back again.

The theme editor is now available in the Appearance tab:

wordpress-theme-editor-active

Security Risks When Enabling the Editors

security-vi2-cropThe first risk is that someone could have gained admin access to your site. When that happens and you have your editor enabled, they could use that to add any code they want. At that point they don’t need SFTP access or anything like that, WordPress already provides all the access they need to modify your site and misuse it.

Theme or Plugin Updates Might Break Changes Made Using the Editors

The second risk is that it makes it really easy to change something in a way that most likely will break when there is an update for that theme or plugin.

  • In most cases it’s the theme you want to adjust and there are multiple ways in doing that. If it’s only CSS then you should use a plugin (for example: Simple Custom CSS) that has a CSS editor which allows you to change the styling independently of the theme. So when the theme gets updated or you switch themes, your custom CSS is still loaded.
  • Another way is to build a Child theme. This is a more advanced way of overwriting parts of a theme which is not always that easy. But when you understand how it works, you can do great things with it.

Learn more about Child Themes (WordPress Codex).

Note: This Post was initially published by Marko Heijnen on January 22, 2015.

You might also like:

Please rate this post :

3 thoughts on “Enabling the WordPress Theme and Plugin Editor

  1. Jawad Ahmad says:

    Your post is quite useful, thanks for sharing it.

  2. Mike M says:

    This is exactly what I needed, thank you.

  3. Mike says:

    How come after setting up wordpress through 1and1 and making the wordpress account I cant login to wordpress using wordpress.org or wordpress.com? If I need custom work don’t to my site I don’t want to give 3rd party access to my 1and1 control panel. how would I go about doing this? Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *