File modification and security in WordPress

June 6, 2017 - Categories: Security, WordPress tutorials

Written by: MagicPress

On MagicPress we value security more than anything. We have taken a series of measures to ensure that WordPress installations hosted on our platform are as secure as they can be.

One way to keep WordPress installations secure is to prevent file modification within the WordPress Dashboard.

Enhancement of security by disallowing file modification

In every WordPress installation hosted on MagicPress, we have added the following line of code in wp-config.php:

define('DISALLOW_FILE_MODS', true);

DISALLOW_FILE_MODS is a constant defined in wp-config.php, which disables plugin and theme updates and installation through the Dashboard. It also disables all file modifications within the Dashboard, thus removing the Theme Editor and Plugin Editor.

MagicPress handles plugins through its panel. We make sure plugins are installed and updated properly, using the appropriate permissions.

As for editing template or plugin files, you can connect to your MagicPress site via FTP and edit those files in a text editor. If the default WordPress editors were used instead, there would be no way to fix errors if you were locked out of the WordPress Dashboard.

But what about plugins that require file modification as part of their functionality?

In a previous tutorial, we described how to translate a WordPress website using Loco Translate. Loco Translate is an example of plugins that need to create and modify files, specifically the .mo and .po translation files in the languages directory. Therefore, it cannot function properly if file modification is disabled.

Other plugins, such as ones that enable child theme configuration, for instance, may require file modification as well. If some plugin features are missing, or a notice like the following is displayed upon plugin activation:

you will most likely need to enable file modification in your WordPress configuration to take advantage of all plugin features.

How do I enable file modification on my MagicPress site?

Simply connect to your site via FTP and edit wp-config.php. Make sure you have the required permissions to edit the file, then change the value of DISALLOW_FILE_MODS like this:

define('DISALLOW_FILE_MODS', false);

Managed WordPress Hosting

Never depend on a single server again. Trust a cloud of servers specifically configured to serve WordPress. Minimum response time, top level security and 100% uptime for your website guaranteed.


Build your WordPress site in no time

You do not need any coding skills. In 3 easy steps your website is up and running. All that's missing is your content.