How to hide template files from WordPress Appearance File Editor

Often when developing a WordPress theme, you will add template files to allow certain functionality on the site. If these files are listed in the themes main folder, wp-content/themes/theme-name/template-file.php for example, they will show in the WordPress File Editor in the WordPress Admin Panel under Appearance > Editor. Also, if these files are listed inside a folder at the theme directory file level, wp-content/themes/theme-name/templates/template-file.php for example, they will show in the Editor as well. This means that these template files will be editable through the WordPress Admin Panel and can be easily changed there without having to use a Host File Manager or by using FTP.

As you may know, if you make a small mistake in a php file, even something as small as an extra semicolon, it can possibly break the entire WordPress site and display a php error code when visitors try to visit the site instead of the regular site itself. It can also break the site to where you cannot even access the WordPress Admin Panel to fix the problem. If there will be people managing the site that are not experienced with PHP coding, you may not want to have certain php files accessible through the WordPress File Appearance Editor. In order to hide certain php files from the WordPress Appearance File Editor, you will need to put those files at least 2 folders deep from the theme directory file level. An example of this would be: wp-content/themes/theme-name/templates/hidden/template-file.php.

I hope this WordPress Tip helps you with securing certain template files from easy editing. Enjoy!

How to secure Plugin files to prevent direct access

A lot of WordPress Plugins allow direct access by typing in the url in your browser. Depending on the situation, this could be a potential security threat that could allow your site to be hacked. Today’s snack will show you how to stop people from being able to access your Plugin files directly.
[Read more…]