🎉 Website, Domain, Hosting & More for just $79!
Logo
Published on 4/18/2025

Protect Your WordPress Site from Hackers with These 2 Lines of Code

Back to the blog
By MD Pabel

If you’re running a WordPress site, security is one of your top priorities. You’ve probably heard about hackers trying to inject malicious code into your website, or worse—taking full control. Well, here’s a secret weapon that most site owners don’t know about, and it only takes seconds to activate!

We’re talking about the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants, two simple lines of code that can dramatically strengthen your WordPress website’s security. Ready to find out how? Keep reading!

What Are DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS?

By default, WordPress allows users (even administrators) to edit theme and plugin files directly through the admin dashboard. While this might be convenient for developers, it also opens up a massive vulnerability. Hackers can exploit this feature to modify the code on your site without ever having to log into your server.

That’s where DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS come in. When you add these two lines of code to your wp-config.php file, you lock down the ability to edit theme and plugin files directly from the WordPress admin area.

Here’s what each line does:

  • DISALLOW_FILE_EDIT: This stops anyone (including admins) from editing theme and plugin files from the WordPress dashboard.
  • DISALLOW_FILE_MODS: This goes a step further by preventing any file modifications, including updates or installs of plugins and themes, directly from WordPress.

Why You Should Act NOW!

1. Block Hacker Access

If a hacker gains access to your WordPress dashboard, they could quickly inject harmful code or alter your theme or plugin files. By disabling file editing, you prevent them from using the WordPress backend to carry out their attacks.

2. Prevent Accidental Changes

Even if you’re not worried about hackers, preventing file editing can help avoid accidental changes. It’s easy to make a mistake while editing theme or plugin files from the WordPress admin. A small error could break your site, causing headaches for you and your visitors.

3. Improve Site Security

One of the best things about DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS is that they work seamlessly with other security measures. By disabling file modifications, you’re making it much harder for hackers to gain control of your site.

How to Add These Lines to Your Site

Adding these lines to your WordPress site is incredibly simple and takes less than a minute! Just follow these steps:

    1. Access Your wp-config.php File:
      Use an FTP client like FileZilla or access your file manager through your hosting control panel. Locate the wp-config.php file in the root directory of your WordPress installation.
    2. Add the Code:
      Open the wp-config.php file in a text editor. Just before the line that says /* That's all, stop editing! Happy blogging. */, add the following lines:
define('DISALLOW_FILE_EDIT', true);
define('DISALLOW_FILE_MODS', true);
  1. Save and Upload:
    Save the changes and re-upload the file to your server if necessary.

That’s it! Now, your WordPress site is locked down, and file modifications are a thing of the past.

BONUS TIP: What to Do If You Need to Make Changes

If you ever need to edit your theme or plugin files again, you can simply go back into wp-config.php and set both constants to false or remove them entirely. But remember, this should only be done when absolutely necessary and after taking the proper security precautions.

Final Thoughts

It’s never too early to start securing your WordPress website, and adding DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS is a fast and effective way to do it. Whether you’re worried about hackers or just want to prevent accidental mistakes, this simple tweak can make a huge difference in the overall security of your site.

So, don’t wait! Implement these changes today and sleep better knowing that your site is protected from unauthorized file modifications.