When you have a live website, it’s important to stay on top of all the plugins and themes that you have installed. While most website owners will do this at least once a month or so, some don’t bother until something goes wrong. This blog post is for those people who want to keep their site safe from security breaches caused by old plugins and themes. We’ll share with you the steps we take when cleaning up our own WordPress websites, and then a tip on if you’re downloading a new plugin – what to take notice of.
Step 1: Create a Backup
Before making ANY changes to your website create a backup. Just in case you delete or deactivate something, you have a copy to revert back to if needed. Many host providers already offer this, or you can use plugins such as Manage WP, or All in One Backup.
Step 2: Evaluate Plugins
Go into your Plugins from your dashboard and examine the plugins that are currently on your website, and which ones are not currently active. If you know you are no longer using these plugins, just delete them. There’s no reason for them to be there. After getting rid of those, go through each plugin and (if you know) you’re not using it, go ahead and Deactivate it. The best practice would be to check your site after deactivating each individual plugin to ensure that the plugin wasn’t really being used. If all looks good – then go right ahead and delete the plugin. Do this with each plugin you feel no longer serves a purpose to your website.
Step 3: Cleaning Up Unneeded Themes
From your dashboard go to Appearance – Themes. Examine the themes that are currently within this folder. I’m sure you have some forms of twenty seventeen, twenty-twenty, twenty-sixteen, etc. (FYI: these are ALL default WordPress Themes) If you know you’re not using these (or if they don’t match up with what your site does), then delete them. Again, no need to store themes on your site you don’t use. You can also deactivate/delete any unused child theme(s) from this area too. Ultimately you want the theme that you currently have Active, and then possibly 1 default theme to revert back to IF you get in a place you need to troubleshoot a theme issue.
Downloading New Plugins?
As WordPress is open source and ANYONE can create a plugin for the CMS platform, this also means not all plugins out there are good for your website. A few stats that we check before downloading new plugins are the following:
- When was the last update?
- How many active downloads are there?
- What are the reviews like?
- Do they have support available – do they answer support questions in their forums?
Bottom line for website security, if you have outdated, or rarely publically used plugins you are potentially opening up a pathway for a security breach to happen. Start making a schedule for doing website updates, whether it be weekly or bi-weekly just to ensure everything is up to date and projected.