Tag: wordpress security

Posted on by Leave a comment

How To Disable WordPress Theme, Plugin File Editing In One Minute

How To Disable WordPress Theme, Plugin File Editing In One Minute 1

Being able to edit plugins and theme file is a real convenience, especially for people who know how to code. However, for people who don’t know how to code or don’t understand much about WordPress development, this is a possible risk.

By default, admin users in WordPress have file editing right. You can check if you have the edit right by hovering your cursor over Plugins or Appearance menu item in your dashboard (if you don’t see such options, chances are you don’t have the file editing right). If you see the last item in the sub menus say “plugin editor” or “theme editor”, you have the file editing right.

How To Disable WordPress Theme, Plugin File Editing In One Minute 2

How To Disable WordPress Theme, Plugin File Editing In One Minute 3

The need for disabling file editing right for admin users is even more urgent when you have other people working on the site. One missing semicolon may bring the whole site down.

So, how can you disable file editing completely on your site?

It’s easier than you might think.

How to disable file editing in the admin area

To accomplish this, you need to have access to your web server. Being an administrator on your site is not enough. You can either perform this task via FTP or ssh or cPanel. Please choose what suit you.

The only thing you need to do to disable file editing in the admin area is to put this line of code:

define('DISALLOW_FILE_EDIT', true);

right above the line:

/* That's all, stop editing! Happy publishing. */

in the file named wp-config.php

by default, this file is located at the root of  your website. It is at the same level with wp-content, wp-include, wp-admin.

Here is where the file on my site:

locate wp-config.php on server

After inserting the code, the content of my wp-config.php file would look like this:

inserting code to disable file editing in wordpress admin

Now, make sure you save the file and go back to your admin area. You should see the option to edit plugins and themes disappeared:

theme editor disabled

plugin edit disabled

Now, no one, even admins can accidentally edit plugins or themes files. This action alone has significantly improve your site’s security.

What if you want to insert code to your site?

Adding functionalities to your site by modifying the plugins’ or themes directly (except the case of child theme) is not recommended. If you want to insert Javascript or CSS code, you can easily achieve this task by using plugins like WP Coder. In case of editing .php file, the best method is via FTP or SSH. In the occasion that you make a mistake, you can quickly fix it and bring the site back online without suffering a white screen of death.

Conclusion

As a solo admin of my site and a developer, I’m quite confident editing files in my site’s dashboard. However, if your site is managed by other people (and they have admin rights), it’s best to disable the file editing ability in the admin area. It will prevent accidental edit of files that may bring your site down.

 

Posted on by Leave a comment

How Get Notified About Available Updates In WordPress For Free

How Get Notified About Available Updates In WordPress For Free 4

At the time of this writing, WordPress is the most popular blog platform on Earth and WooCommerce is the most popular e-commerce platform. That’s why they are the target of many malicious attacks. Keeping your WordPress (including themes and plugins) up to date is one of the most effective way to keep your site secure.

If you are like me, you’d probably have more than one website and there are sites that we visit more frequently than other. For sites that we visit the dashboard usually, we can update WordPress (including themes and plugins) very often. However, for sites that don’t get much attention, we may miss some updates, including important ones.

How to get notified when updates are available

You may wonder, since keeping WordPress up to date is vital, is there any way to keep us informed with the available updates? Fortunately, the answer is yes. Better yet, there is a plugin that does that job for free. Let’s learn how to install the plugin and configure it so you don’t miss any updates, especially critical ones.

Here is the step by step tutorial

Step 1. Install  and activate WP Update Notifier

First of all, you need to install a plugin called WP Update Notifier .

You can either download the .zip file following the link above or search for it in your site’s dashboard.

There is one small issue with the plugin is it hasn’t been updated for 3 years. While the main functionalities are working properly, there is a minor issue with deprecated function (function that no longer supported by WordPress). I’ve removed the line of code that caused the deprecated  notice and pack the plugin again here. You can download and install my version instead.

Download new version of the plugin

 

install update notifier from site dashboard

Step 2: Configure the plugin

After the plugin is activated, you can find its admin page under Settings->Update notifier

How Get Notified About Available Updates In WordPress For Free 5

You’ll see this page appears:

How Get Notified About Available Updates In WordPress For Free 6

The settings are straightforward and easy to understand. You can leave most of the settings to default. Here are the settings in details:

  1. Frequency to check: How often do you want the plugin to check for update? I usually set it Daily for my site but you can set it to Hourly or Monthly…
  2. Notify email to: by default, this is your admin email. This is the email you want to receive the update notification
  3. Notify email from: The email that appears in the from field of the notification email
  4. 4 and 5, check if you want to receive notifications about plugins and themes updates. I’d recommend you leave this enabled (yes)
  5. Hide core WP update nag… If you want to hide the WordPress core update notice from non-admin users (in case your site has other users with different roles) then select yes

Now, you can click on Save settings to save the options. If this is the first time you use the plugin, I’d recommend you click on the white button: Save settings with test email.

Troubleshooting

If your email setting is correct, you should have no problem getting update notifications to the email you specified above. However, some servers may not have the correct email sending function configured properly. If your site is hosted on such server, you may not get any email.

In that case, please check this guide here to fix the email sending function on your site.

Conclusion

Now you don’t need to worry about your site is not at risk because your WordPress core or themes or plugins are not up to date. With WP Update Notifier, you can act instantly once updates are available.