[wp-hackers] Removing edit theme files features

Steve Taylor steve at sltaylor.co.uk
Wed Jan 16 12:54:34 UTC 2013

> How about disabling it by default and then enabling through a constant set
> in wp-config.php? Then most users won't have access to the editor, but
> people who need it can enable it through FTP + text editor.

This wouldn't really work. If the editor is aimed at people who don't
know or care how to FTP, it doesn't make sense to require an FTP
operation to enable it! :-/

That said, I agree that there's an issue with the risk of 500 errors.
I've disabled it by default in all my installations since I
accidentally took a client site down one weekend. I didn't have FTP
access to their production server, and there was one tiny tweak I
wanted to make while their tech support wasn't around to get the files
transferred from staging :-D

Plugins seem to refuse to activate when they throw an error. Not sure
if this happens with the plugin editor - but some kind of sandboxing
would be the #1 improvement to make on WP file editing.

More information about the wp-hackers mailing list