Support » Everything else WordPress » If the Theme Editor is as bad as some people say..

  • Re: changing your theme files in WP-Admin > Presentation > Theme Editor

    Some people on the forum, I’ve noticed regularly and strongly say that the Theme Editor in WP-Admin is “dangerous” and “you can’t use it”. They seem to insist the only way to edit any template of your theme, is with a Text Editor (Notepad+++, PSPad, etc) and FTP’ing your changes.

    I understand there are 2 potential risks that carry some degree of risk with the Theme Editor:
    (1) There isn’t a back-up, unless you make a back-up. Your change could break the theme. [However with text files the same is true, you still have to maintain your backup in incremental saves and not continually overwrite it].

    (2) There is some known security risk with leaving your theme files “writeable” as a permissions on your server; and it must be “writeable” for the Theme Editor to work.


    If the Theme Editor is truly unusable and dangerous, when will WP remove it from the WP-Admin?

    If not, why not? Anyone else consider Theme Editor to be a Feature more than a Risk?

Viewing 8 replies - 1 through 8 (of 8 total)
  • whooami



    If the Theme Editor is truly unusable and dangerous, when will WP remove it from the WP-Admin?

    Software developers dont develop for the least common denominator

    Therefore, they wont — because its a case of “buyer beware” and honestly, you, personally, per do a disservice to newbs by encouraging them to use it. Especially when you ONLY couple that ‘advice’ with vague allusions to security issues.

    Your advice, in that respect, is as harmful as any that can be offered here.

    Theyre newbs — they dont know what security issues your alluding to. And they wont know what hit them when this happens to them either:

    As for a feature over a risk.. thats like asking someone whether or not you “err on the side of life” .. Lets see, Im going to forgoe all common sense with my file permissions JUST do I can have some assbackards ability to edit a file in my browser?

    I dont think so. But then, I also dont have a 1.5.x blog sitting on the web either.

    The fact is that nearly EVERY ftp client these days has the ability to make edits to files inside the client, and upload the changed file seemlessly when you are done. Its NOT even a matter of

    1. download
    2. edit
    3. upload

    I never ‘leave’ my ftp client when Im editing files. Its right click, edit, send, done..

    Ultimately, people ought to be encouraged to do things the more secure way — even if that takes more time explaining why and how. Its not just for them, its for all of us.

    And the same functionality is now available in CPanel. Dangerous or not the inline editor is very awkward to use. When I am demonstrating the beast to other folk I find even after chmod I frequently get the insulting *If this was was writeable*. Who wouldnt rather use a text editor in color with all errors highlighted in red immediately, and multipane file opening.? And it isn’t true that you can lose data in a text editor. Good computers store all previous saves as hidden files.

    I always edit any files with Notepad++

    you can configure it for whatever type of programming language you are using and it will highlight mistakes in syntax.

    It also has an easy tab format to handle multiple files.

    and its free




    and another:

    When building a new door in your house — if you leave it unlocked, then people can (and probably will!)
    walk into it and steal your possessions. So you want to lock it, and make sure you use a good lock.

    Its insane to not afford a web ‘home’ the same security mindedness.

    @dgold: And one more thing. You should be glad that although this is the WP forum folk are fearless in criticising the program when they feel justified in doing so. And to WordPress’ credit that is allowed. There is a lot of good advice to be found in here on the best way to proceed on many subjects by some very experienced folk. It is true that some people do not like the answers. But that is life. 🙂

    Interesting replies. Thank you for sharing your thoughts, folks. Cheers. Take it easy.

    I was thinking it would be kind of nifty if they added that Code Highlighting to the theme-editor, and improved the security in a future version of WP.

    If anyone else has thoughts on the subject, I welcome additional responses. I think more clarity is needed in the advice given in this area, in the WP documentation and directly in the GUI as well as here on the Forum.

    Hello, speaking about the theme editor, I have the 2.5.1 version and in the Design panel, I only have this subpanels:

    Why I don’t have Theme editor and Header image and color?

    Please anyone can help me?

    I’ve never used the theme editor. Nor NotePad. I used FrontPage and now Expression web which is a buggy bitch. It does allow me to save a file under a different name work on it, then if all is well, dump the original and replace it with the new one. I would think that the theme editor is for those who think they have no other means of access and as such it serves a purpose. I think I looked at the editor once and shrugged. One thing I have learned is to back up. When you make a change in the theme editor, Copy/paste that page into “Word” or any program for that matter. That way if things go south, you have a copy of the original that you can just paste back in or use as a reference. Take notes. Write down the changes you make until you are confident that everything will work.
    One basic rule I’ve adapted is when unsure, work on a copy.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘If the Theme Editor is as bad as some people say..’ is closed to new replies.