WordPress administrators can modify Theme & Plugin files in build-in editor. The editor provides a convenient approach for site administrator to change something on the fly without going through FTP client. It also makes it possible for novice site owner to crash the site. As a security measure, it is recommended to disable the editor to improve security.
// Disable the Theme and Plugin Editor define('DISALLOW_FILE_EDIT',true);
Why does this has impact on security? Because hackers want to inject malicious codes into your website. To do so, they must gain access to the hosting server via FTP. While for WordPress website, it has a second door which is the Theme & Plugin editor. In case the administrative user’s login credentials were hacked, the second door is open.