[wp-hackers] Removing edit theme files features

[Helen Hou-Sandi]

On Thu, Jan 17, 2013 at 2:57 PM, Chris Williams <chris at clwill.com> wrote:

>
> Perhaps we should try to convince those hosts to enable
> DISALLOW_FILE_EDITS by default :)
>
>
I think it'd be a bit of a disservice not to recognize that different
people have different routes to learning. I personally learned about
tweaking themes/plugins, and then lightly developing, on WordPress through
a one-click install and then editing files in the admin. If you had told me
that the *only* way I could edit something was to use FTP (oh, and not FTP
because it's not secure, and Vim is better, and you should be doing a child
theme anyway, etc., which we have to admit happens) or hire a developer, I
would have dropped it immediately and gone somewhere else. And then the
things I would have missed!

Somebody who isn't adventurous probably won't randomly go editing things
until specifically told to do so. People who are adventurous are used to
things going wrong sometimes and having to figure out how to fix it, and
usually come out all the better on the other end. If you're talking about a
site for a client, then yes, you probably want to DISALLOW_FILE_EDITS or
not make them an admin in the first place. But, I also agree that we need
to put aside developer-level discussion about the existence of file editing
in the admin and make it a non-developer-user-level thing. A user with
their own installation does not typically have a developer on retainer. So,
how can we make it a better and safer experience for that user who might
get directed to or go wandering into that area? Syntax highlighting is
nice, although we should probably remember that a non-developer probably
has no idea what the colors mean, so we're still talking about a
developer-level enhancement for something we're saying we shouldn't be
using. Revisions and user-friendly linting, however, definitely sound super
cool.