[wp-hackers] Removing edit theme files features

Andrew Nacin wp at andrewnacin.com
Thu Jan 17 19:53:43 UTC 2013


On Jan 17, 2013 2:48 PM, "Chris Williams" <chris at clwill.com> wrote:
> Seems you're sending mixed messages.  A five minute install but one,
> according to the Codex, requires shell or FTP, a text editor, an FTP
> client, and so on to install it (see:
> http://codex.wordpress.org/Installing_WordPress).  But you're saying they
> don't know how to do that?  How did they get it installed?

Yes, I am saying that. The vast majority — vast — of sites are now
installed one-click through hosts. The number of sites that come online
each day dwarf the clicks of the Download button on wordpress.org.

I would recommend DISALLOW_FILE_EDIT, which blocks only the editors.
DISALLOW_FILE_MODS also blocks installation and updates of core, plugins,
and themes, which unless you have a locked down environment handled by
version control, you likely don't want.

Nacin


More information about the wp-hackers mailing list