By default, WordPress lets administrators edit the code of their files directly with the code editor. This gives attackers an easy way to alter your files if they gain access to your account. If a plugin hasn’t already disabled this feature, you can do some light coding to disable it yourself.
Add the code below to the end of the file wp-config.php:
// Disallow file edits define( 'DISALLOW_FILE_EDIT', true );
If you find this answer too little, I will show you how to disable file editing in this short step-by-step tutorial.