Set the files to permissions of 444 and then they can’t be edited, period. WordPress will detect this and tell you that it can’t edit the file when you try to do so.
Any files you want to be available for editing, you can set these to 666 and they’ll be editable.
Thread Starter
Bobcat
(@bobcat)
That’s one approach. I think I’d prefer to remove the capability from WordPress so I don’t need to mess with file permissions all the time.
Can I simply delete templates.php, plugin-editor.php, and theme-editor.php? Or do I also have to comment-out the appropriate lines in menu.php?
You would need to edit the menu system itself to remove the menu items.
Thread Starter
Bobcat
(@bobcat)
OK, I removed the lines from menu.php and deleted the three files I listed. WordPress can no longer edit the PHP files.
For the lurkers, here’s why I did this… The WordPress admin password is sent as clear text. If someone were to sniff the password, not only would they be able to mess with the WordPress database, they could edit the PHP files and run whatever code they wanted. By removing the ability of editing the files, the damage will be contained to the WordPress database.
Thread Starter
Bobcat
(@bobcat)
Here’s an update: I created a plug-in to remove the three menu items automatically. It hooks into the admin_menu action and removes the items from the menu. Also, upon plugin activation, it renames the three .php files so they cannot be executed.
Activating a simple plugin is much easier than editing the PHP source after every WordPress update.
I’m not sure if the WordPress password processing is as unsecure as I thought, but I do consider it to be a security problem for someone to be able to enter arbitrary PHP code from an admin account.