Disable WP File Editing
Prevent Editing Of Any WordPress File From Within WordPress Itself
By default WordPress allows admins to edit plugin and theme files directly from within the WordPress admin. This feature blocks all access to this WordPress functionality.
While this is convenient, it is a security risk where if someone gains unauthorized access to the WordPress dashboard, they can edit your plugin / theme files and add arbitrary code. Restrict access to file editing and block access to file editing capabilities.