Can’t access PHP editing of themes or plugins

Hi vupdraft,

Thank you for answering.

I deactivated all plugins except All In One Security.
I unchecked and saved the Disable Ability To Edit PHP option a few times, but it still remains checked.

How I can manually undo this setting in the Files Manager in CPanel?

Hi,

I’m actually using CyberPanel. The options are a little different. That tutorial can’t be applied in that way.
Which file exactly do I need to edit?
Which line of code should I change and how?

Hi. Thank you for answering.

I can remove the plugin from the WordPress backend.
Although, disabling it doesn’t allow me to edit the PHP of themes and plugins from WP again.
The rule definitely needs to be removed manually.
I need to know where and what code was added, and what to replace it with.

Hi vupdraft,

Thank you, but this is the html for how the tab should look in the plugin settings.
I did disable all of it, just to check, but it didn’t remove the setting.
I was still unable to edit the PHP from WP backend.

The code:

function render_tab2()
    {
        ?>
        <div class="aio_blue_box">
            <?php
            echo '<h2>'.__('What is Malware?', 'all-in-one-wp-security-and-firewall').'</h2>';
            echo '<p>'.__('The word Malware stands for Malicious Software. It can consist of things like trojan horses, adware, worms, spyware and any other undesirable code which a hacker will try to inject into your website.', 'all-in-one-wp-security-and-firewall').'</p>'.
            '<p>'.__('Often when malware code has been inserted into your site you will normally not notice anything out of the ordinary based on appearances, but it can have a dramatic effect on your site\'s search ranking.', 'all-in-one-wp-security-and-firewall').'</p>'.
            '<p>'.__('This is because the bots and spiders from search engines such as Google have the capability to detect malware when they are indexing the pages on your site, and consequently they can blacklist your website which will in turn affect your search rankings.', 'all-in-one-wp-security-and-firewall').'</p>';

            $site_scanners_link = '<a href="http://www.site-scanners.com" target="_blank">'.__('CLICK HERE', 'all-in-one-wp-security-and-firewall').'</a>';

            echo '<h2>'.__('Scanning For Malware', 'all-in-one-wp-security-and-firewall').'</h2>';
            echo '<p>'.__('Due to the constantly changing and complex nature of Malware, scanning for such things using a standalone plugin will not work reliably. This is something best done via an external scan of your site regularly.', 'all-in-one-wp-security-and-firewall').'</p>'.
            '<p>'.__('This is why we have created an easy-to-use scanning service which is hosted off our own server which will scan your site for malware once every day and notify you if it finds anything.', 'all-in-one-wp-security-and-firewall').'</p>';
            echo '<p>'.__('When you sign up for this service you will get the following:', 'all-in-one-wp-security-and-firewall').'</p>';
            echo '<ul class="aiowps_admin_ul_grp1">
                <li>'.__('Automatic Daily Scan of 1 Website','all-in-one-wp-security-and-firewall').'</li>
                <li>'.__('Automatic Malware & Blacklist Monitoring','all-in-one-wp-security-and-firewall').'</li>
                <li>'.__('Automatic Email Alerting','all-in-one-wp-security-and-firewall').'</li>
                <li>'.__('Site uptime monitoring','all-in-one-wp-security-and-firewall').'</li>
                <li>'.__('Site response time monitoring','all-in-one-wp-security-and-firewall').'</li>
                <li>'.__('We provide advice for malware cleanup','all-in-one-wp-security-and-firewall').'</li>
                <li>'.__('Blacklist Removal','all-in-one-wp-security-and-firewall').'</li>
                <li>'.__('No Contract (Cancel Anytime)','all-in-one-wp-security-and-firewall').'</li>
            </ul>';
            echo '<p>'.sprintf(__('To learn more please %s.', 'all-in-one-wp-security-and-firewall'), $site_scanners_link).'</p>';
            ?>
        </div>

        <?php
    }

Hi vupdraft,
Thank you for helping me.

I found the php file and removed all of the code related to ”static function disable_file_edits()”.
I didn’t edit ”function enable_file_edits()” or anything else.

Nothing changed. The checkbox for ”Check this if you want to remove the ability for people to edit PHP files via the WP dashboard” remains checked when I uncheck, save and reload the page. The problem was still there.

Since above the code it says:
* Modifies the wp-config.php file to disable PHP file editing from the admin panel
* This function will add the following code:
* define(‘DISALLOW_FILE_EDIT’, false);

I went to the wp-config.php file and found:

// BEGIN iThemes Security – Do not modify or remove this line
// iThemes Security Config Details: 2
define( ‘DISALLOW_FILE_EDIT’, true ); // Disable File Editor – Security > Settings >
WordPress Tweaks > File Editor
// END iThemes Security – Do not modify or remove this line

And also this at the bottom of the file:

//Disable File Edits
define(‘DISALLOW_FILE_EDIT’, false);

After removing both, I can now disable or enable PHP editing from the All In One Security plugin.
The only odd thing now, is that it works backwards. When the checkbox is selected, I can edit the PHP. When it is unselected, I can’t edit the PHP.

So, the problem was the damn iThemes Security plugin!
And I am having this issue with other plugins. They don’t remove their code after being disabled and deleted!
Same thing with WPS Hide Login and Flying Scripts and probably many other plugins that I haven’t yet noticed.

Again, thank you for helping me.