Roots Discourse

Security risks in adding disallow file mods to production websites

I need to define DISALLOW_FILE_MODS and set it to false for production in the config to allow admins to be able to install plugins from the wp-admin.

Are there any security risks or any risk at all in doing this to a production website? Is it no advised to do so?

2 posts were merged into an existing topic: Allow adding plugins in Wordpress when WP_ENV is set to production. Is this possible?