Use Constants for deactivate the Editor in WordPress Backend

WordPress is known for, that several constants lie dormant in the core and often provide quick solutions. In this context I have recently come across two little strings in the core of the backend editor of WordPress and in the core for updating the system as well. As far as I know, all constants mentioned here are in the system since version 3.0.

The first constant takes off the editors of the backend and does not allow access to it. This makes the editing of Theme and Plugin files of the backend with standard solutions not possible.

// for enabling/disabling theme/plugin editor
define( 'DISALLOW_FILE_EDIT', TRUE );

The second constant presented here prohibits editing, modifying or changing the core files, Plugins or Themes. In this context the menu entries in the backend are not visible or usable. Thus the update is not so easy to do and clients and unauthenticated users are blocked quickly.

// Disallow anything that creates, deletes, or edits core, plugin, or theme files.
// Files in uploads are excepted.
define( 'DISALLOW_FILE_MODS', TRUE );

In this context there are two constants that are useful now and then.

In various contexts it is very useful that all users have the option of: to write unfiltered HTML, in all aspects and this can also be easily implemented via constants:

// Disallow unfiltered_html for all users, even admins and super admins
DISALLOW_UNFILTERED_HTML

Similar existing for uploads:

// Allow uploads of filtered file types to users with administrator role
ALLOW_UNFILTERED_UPLOADS

The constants belong in the wp-config.php of the installation.


Posted

in

by