WordPress is known for, that several constants lie dormant in the core and often provide quick solutions. In this context I have recently come across two little strings in the core of the backend editor of WordPress and in the core for updating the system as well. As far as I know, all constants mentioned here are in the system since version 3.0.
The first constant takes off the editors of the backend and does not allow access to it. This makes the editing of Theme and Plugin files of the backend with standard solutions not possible.
// for enabling/disabling theme/plugin editor define( 'DISALLOW_FILE_EDIT', TRUE );
The second constant presented here prohibits editing, modifying or changing the core files, Plugins or Themes. In this context the menu entries in the backend are not visible or usable. Thus the update is not so easy to do and clients and unauthenticated users are blocked quickly.
// Disallow anything that creates, deletes, or edits core, plugin, or theme files. // Files in uploads are excepted. define( 'DISALLOW_FILE_MODS', TRUE );
In this context there are two constants that are useful now and then.
In various contexts it is very useful that all users have the option of: to write unfiltered HTML, in all aspects and this can also be easily implemented via constants:
// Disallow unfiltered_html for all users, even admins and super admins DISALLOW_UNFILTERED_HTML
Similar existing for uploads:
// Allow uploads of filtered file types to users with administrator role ALLOW_UNFILTERED_UPLOADS
The constants belong in the
wp-config.php of the installation.