Issue
The last week all my sites on last version of WordPress were cracked. I think, if I prevent editing of functions.php on hosting, it would be harder for viruses to distribute.
How to prevent file editing on hosting? What CHMOD I need to set?
The problem is that all files edited by the virus directly on server (system, the owner, do it itself).
Solution
You can prevent editing of functions.php (and all other theme files) by adding the following to your wp-config.php.
define('DISALLOW_FILE_EDIT', true);
More details: https://codex.wordpress.org/Hardening_WordPress#Disable_File_Editing
Messing around with the file permissions could break parts of your site, and I wouldn't recommend it. But if you really want to; run
chmod -R -w your/theme/path, that will take write permissions away from everyone recursively.
If that breaks things; run chmod -R u+w your/theme/path to give write permissions back to the file owner.
Answered By - jay_aye_see_kay Answer Checked By - Robin (WPSolving Admin)