The problem with the WordPress file editor is that it allows users to run PHP code on your site. Anytime a user is able to run their own code, this presents a security risk. If an insecure admin account is hacked, the WordPress file editor is the gateway through which a full-fledged attack can be carried out.
On its own, WordPress is a very secure platform. However, when you start introducing third party software and people into the system, this can change. Today we are going to go over some good policies that every site administrator should put into place.