When you use Click&Build to set up your WordPress installation, we set configurations and add functionalities to make it easier and safer for you to build your own website.
This is why we sometimes limit functionality – for example, we disable the theme and plugin editors in WordPress for Free Mode installations.
Enabling the Theme and Plugin Editors in wp-config.php
If you use a 1&1 WordPress default installation, you can enable the editors by changing your wp-config.php file. From here it’s a few steps to enable the editors again:
- Use SFTP and go to the location of your WordPress site. Learn how
- Open wp-config.php on your computer.
- Search for:
- Change true to false:
- Save the file and upload it back again.
The theme editor is now available in the Appearance tab:
Security Risks When Enabling the Editors
The first risk is that someone could have gained admin access to your site. When that happens and you have your editor enabled, they could use that to add any code they want. At that point they don’t need SFTP access or anything like that, WordPress already provides all the access they need to modify your site and misuse it.
Theme or Plugin Updates Might Break Changes Made Using the Editors
The second risk is that it makes it really easy to change something in a way that most likely will break when there is an update for that theme or plugin.
- In most cases it’s the theme you want to adjust and there are multiple ways in doing that. If it’s only CSS then you should use a plugin (for example: Simple Custom CSS) that has a CSS editor which allows you to change the styling independently of the theme. So when the theme gets updated or you switch themes, your custom CSS is still loaded.
- Another way is to build a Child theme. This is a more advanced way of overwriting parts of a theme which is not always that easy. But when you understand how it works, you can do great things with it.
Learn more about Child Themes (WordPress Codex).
Note: This Post was initially published by Marko Heijnen on January 22, 2015.
You might also like:
- Getting started with WordPress
This is how you get started with your new website: basics, content, themes, security and more.