By default, WordPress offers administrators the option to directly edit the PHP files for plugins and themes.


While this is convenient, it is a security risk where if someone gains unauthorized access to the WordPress dashboard, they can edit your plugin / theme files and add arbitrary code.


It is generally unnecessary to allow access to file editing and we recommend turning on this restriction which blocks access to file editing capabilities.


For more information about the WordPress file editing, read the blog article here