The backend of WordPress provides by default an editor for your themes and plugins. This allows the user to edit the source-code of the theme and plugin files directly through the admin panel. As this can be a great feature to add quick changes to the code it also can be very dangerous.
You can find the Editors in the Submenu of “Appearance” and “Plugins”.
Hiding the Editors
There are two possibilities how to hide the editors. You can either disable it via the functions.php of your theme or globally via the config.php in your WordPress root folder.
Disable Editors Globally
Paste the following code to your config.php file:
define( 'DISALLOW_FILE_EDIT', true );
Disable Editors in your Theme
Paste the following code to your theme’s functions.php:
add_action('admin_init', 'my_remove_menu_elements', 102);
remove_submenu_page( 'themes.php', 'theme-editor.php' );
remove_submenu_page( 'plugins.php','plugin-editor.php' );