WordPress is the most preferred tool to make a website with no coding knowledge. Thanks to the amazing user friendly backend / admin panel they have.
There is almost no need to do any coding to make a workable website.
But if in case you wish to explore more possibilities in your theme and wish to add some functionality via coding. WordPress allows you to edit the theme and plugin files using the inbuilt editor in it.
Its located under, ‘Appearance‘ — ‘Editor‘.
You can make changes in any file as required and just click on ‘update file‘.
Easy Right !!
But here is the flip side of the coin.
Being a developer myself I never use this theme or plugin editor to make any changes in files. I rather use a FTP client like Filezilla.
The Biggest issue with this theme / plugin editor is once you make any change there is no easy way to bring the code back.
Also If you are building this website your client who got no knowledge about coding, he can mess up with the code and website accidentally.
And this could cause some serious problems in the website and in worst case it may lock down your website as well.
Also Its a lottery for hackers, if somehow they managed to enter your WordPress admin panel then first thing they will do is add malicious code in your website using this theme or plugin editor.
So, Its better to be safe instead of looking for solutions once hacked.
The best way is to disable the theme and plugin editor from WordPress admin panel is by adding the following code in your wordpress wp-config.php file, located in the root of your WordPress installation.
define( ‘DISALLOW_FILE_EDIT’, true );
and this will hide the editor for all the users.
Hope you will find this helpful. If it is, don’t forget to share it.