Your WordPress installation is configured to allow editing of theme and plugin files. This is a security risk as an attacker with access to the WordPress dashboard to is able to inject and execute arbitrary PHP code by editing one of the theme or plugin files. It's recommended to disable editing of theme and plugin files.


To disable editing add the following lines to the wp-config.php file:

define( 'DISALLOW_FILE_EDIT', true ); //disables file editor
define( 'DISALLOW_FILE_MODS', true ); //disables both file editor and installer


Related Vulnerabilities