If you're not allowing Security to write to the wp-config.php file, or aren't able to, these rules will need to be manually added. Just copy and paste the rules at the top of the file, below the first line (<?php).
You can see how to edit the wp-config.php file in this article.
// BEGIN iThemes Security - Do not modify or remove this line
// iThemes Security Config Details: 2
define( 'DISALLOW_FILE_EDIT', true ); // Disable File Editor - Security >
Settings > WordPress Tweaks > File Editor
// END iThemes Security - Do not modify or remove this line