We have disabled the file editors from the WordPress dashboard for a few different reasons and are requiring users to make file modifications via sFTP.
- Security precaution. We have seen a high volume of brute force attacks lately where a bot guesses the weak password of a WordPress account and then logs in. It uses the theme editor functionality to modify your plugin/themes files adding malware or SEO spam. We block millions of these bad requests, however some do get through. Be sure to use strong passwords on all WordPress accounts.
- Although it is handy it can be very dangerous, the lack of syntax highlighting and easy accessibility makes it very easy for mistakes, one typo in the wrong place and you can crash/get locked out of your site.
- We cannot track changes made through the WP editor as effectively, though we can track changes made via sFTP in our logs if mistakes are made.