Categories
How To

Mailbag: Finding A Rogue WordPress Setting

Don’t make settings changes without reading what they do!

After helping someone track down a weird WordPress setting, he asked the logical question:

How did you even find that!?

The issue was that a person was missing the menu option to edit their themes. I asked if they were also missing the menu option for editing plugins. As soon as he said yes, I knew it had to be the define to disable the plugin and theme editor:

define( 'DISALLOW_FILE_EDIT', true );

That literally says “No editing files!” So we looked first in the wp-config.php file for it and came up empty. Now as much as we yell at people for editing functions.php or at themes for creating a mess of settings that aren’t needed, I knew the fastest way to find it was this:

$ grep -R 'DISALLOW_FILE_EDIT' ./wp-content/

And as expected, that gave me a file: ./wp-content/plugins/ninjafirewall/lib/firewall.php

Since we had wp-cli, I opened that file and looked for the term:

// Disable the plugin and theme editor ?
if (! empty($nfw_['nfw_options']['disallow_edit']) ) {
       define('DISALLOW_FILE_EDIT', true);
}

Then I ran this: wp option get nfw_options

If you don’t have wp-cli, just pop into the database and look at the option value for nfw_options — either way you’ll see this:

array (
  'logo' => 'https://www.example.com/wp-content/plugins/ninjafirewall/images/ninjafirewall_75.png',
  'enabled' => 1,
  [...]
  'disallow_edit' => 1,
  [...]
)

I’ve snipped out a lot of the data, but you can see that disallow_edit is set to 1.

We had the user change that setting. Imagine that. It worked!

The moral of the story? Don’t make settings changes without reading what they do!