WordPress allows editing theme/plugin files
Description
Your WordPress installation is configured to allow editing of theme and plugin files. This is a security risk as an attacker with access to the WordPress dashboard to is able to inject and execute arbitrary PHP code by editing one of the theme or plugin files. It's recommended to disable editing of theme and plugin files.
Remediation
To disable editing add the following lines to the <strong>wp-config.php</strong> file: <pre> define( 'DISALLOW_FILE_EDIT', true ); //disables file editor define( 'DISALLOW_FILE_MODS', true ); //disables both file editor and installer </pre>