Turn off file editing
WordPress allows editing of themes and plugins via the administration panel. Hackers or unauthorised users can subvert the intended use of your website or change the displayed content unless this vulnerability is mitigated.
As part of a wordpress site security review file editing should be turned off and its status checked during subsequent maintenance checks.