WordPress.org

Ready to get started?Download WordPress

Forums

Error in theme's functions.php brings down entire WordPress (5 posts)

  1. prathikraj
    Member
    Posted 1 year ago #

    In WordPress, one of the major flaws that I found are that a theme's functions.php is able to bring down the entire WordPress site. The theme file should affect the frontend of the website but should never bring down the wp-admin area. Reason for this is that the theme can be built by anyone and can be edited by anyone, this file can also be changed from the web editor and if error occurs here then the editor itself gets blocked.

    I think that we should either block functions.php from being edited in the online editor or that it should be designed in a way that it doesn't interfere with the file editor in wordpress.

  2. esmi
    Forum Moderator
    Posted 1 year ago #

    Reason for this is that the theme can be built by anyone

    This why we recommend that you only download themes from a reputable source such as http://wordpress.org/themes/

  3. cubecolour
    ɹoʇɐɹǝpoɯ
    Posted 1 year ago #

    Also, the theme cannot be edited by anyone - only users with an appropriate role have access to the editor.

    you can remove the theme editor (& plugin editor) by adding the following line to your wp-config.php

    define( 'DISALLOW_FILE_EDIT', true );
  4. prathikraj
    Member
    Posted 1 year ago #

    @esmi

    This why we recommend that you only download themes from a reputable source such as http://wordpress.org/themes/

    Even then functions.php can be edited and if there is an error in that it can bring down the editor itself.

    @cubecolour
    ɹoʇɐɹǝpoɯ

    That is fine. There should be a way to protect just the functions.php file. I can do a sudo chmod a-w functions.php and block edits to it but I don't think a layman would be aware of this.

    I personally feel that if editing a theme's functions.php file can bring down the entire admin section then its a design flaw. The admin section should be robust enough to remain intact when there are minor errors in the theme files.

  5. esmi
    Forum Moderator
    Posted 1 year ago #

    Even then functions.php can be edited and if there is an error in that it can bring down the editor itself.

    The same goes for editing almost any file in WordPress. There are a number of ways to stop anyone using the inbuilt editor on a per-site basis but that's really a decision that should be left to individual site owners.

Topic Closed

This topic has been closed to new replies.

About this Topic