- This topic has 15 replies, 3 voices, and was last updated 4 years, 3 months ago by
.
-
Posts
-
Customer Support
You can read WP’s take on disabling it here:
https://wordpress.org/support/article/hardening-wordpress/#disable-file-editing
So yes, allowing file edits in the Theme editor or limited to the Hook Element does impose a security risk to anyone with the ability to log-in to your site with Administrator rights. Disallowing it will not stop them from loading malicious code …
If this is a concern to you then you won’t be able to execute PHP in the Hook Element.
Instead you will need to write your own functions in your child themes functions.php – this article explains how to use hooks:
- You must be logged in to reply to this topic.