Skip to main content

Can I Edit Files from the WordPress Admin Panel?

Malicious parties can easily abuse enabled file editor. Be careful if you plan to use it.

Updated today

The WordPress built-in file editor is disabled by default for security reasons. If the file editor is active, it allows an easy route for a malicious party that may have stolen your login information, to change files on the server. From the file editor you could make changes to the theme and plugins used on the website.

The file editor is disabled by default but can easily be re-enabled from wp-config.php.

define('DISALLOW_FILE_EDIT', false);

You can edit the wp-config.php file yourself using secure connections such as SSH or SFTP. It's also possible to contact our support and ask the editor to be enabled if you have the need for it.

The File Editor and Seravo's Security Guarantee

Warning!

Seravo's Security Guarantee is not valid while the editor is enabled and actively in use.

If an attacker manages to inject malicious code into the site while the file editor is enabled, we will charge for the cleanup and removal of the malicious code according to our separate hourly rate (€150/hour + VAT).

We recommend using SSH or SFTP connections for editing site files, as this keeps your site better protected and allows Seravo's Security Guarantee to remain fully in effect.

Need Help?

Contact our customer support by sending an email to [email protected].

Did this answer your question?