Should we ditch the WordPress file editor?

Ryan Sullivan makes a pretty compelling argument to ditch the file editors built into the WordPress admin. Anyone that's been working with WordPress for a while has either heard horror stories or has some of their own, of either being hacked or borking their site with the editors enabled.

I had some long discussions / debate with Otto about this once at a wordcamp. I agree with Ryanย that itโ€™s better off just not being there, but Ottoย had some decent reasons about why Ryan and I are wrong.

However, we can probably allย agree on something: there is room for some built in syntax checking and perhaps some safety precautions that would prevent, say, someone from completely borking their site.

I think the struggle is that this is a) an easy thing to take out b) a difficult thing to do well and leave in c) even easier to just ignore.

Most people hyper-alert to the WordPress world know not to screw with this editor. Out of sight, out of mind. However, that probably doesnโ€™t reflect the true state of how this editor plays in day to day users: a big source for hacks and fails.

Similar Posts

One Comment

  1. I agree the file editor is horrible, but in the case of security, what’s to stop some hacker dude from uploading a malicious plugin or theme even with the editors disabled?

Comments are closed.