When you first build your WordPress site it'll certainly grow over time, acquiring new content, media files, users, themes, plugins, and more. These are all good things, but they can make your site vulnerable - it can become a good target for the attackers. For example, you may find intrusions in your plugin or theme files, or your WordPress core files can be infected...
So, you may want to go through your site and perform some basic clean-up tasks. It shouldn’t take you very long, and the result will be a site that’s more secure.
In this guide, we’ll walk you through a few steps to start cleaning up your site manually.
Step 1: Clean up your plugins and themes files
To perform this task, you may go to your WordPress dashboard and replace 1 plugin or theme at a time with the originals.
For example, to replace a plugin, please follow these steps:
- Download the plugin zip file from the respective sites
- Delete the plugin
Important: Please do not delete a plugin/theme until you're sure you can get the originals. This is especially important for premium plugins/themes.
- Install plugin from the original zip file
Step 2: Enable Shield's Plugins/Themes Guard scanner
To enable this scanner, please go to Shield => Hack Guard module => and click the slider to enable Plugins/Themes Guard scanner.
Please note that you can also enable this scanner and then run the scan manually by using wizard (you'll see a button on the upper-righthand side next to the "Options"). Please see here.
Hint: This scanner is designed to detect and alert you about any changes made to your plugins/themes files after someone has gained access to them. We highly recommend you to always keep it on.
Step 3: Clean up your WordPress Core files and folders
To perform this easy task, you can use the Shield scanners to replace core files, and remove files in your core directories that aren't WordPress files.
To do this, go to Shield => Hack Guard module and:
- Enable Core File scanner and "Auto Repair" option
- Enable Unrecognised Files scanner
Please note that you can also enable these scanners and then run the scans manually by using wizard (you'll see a button on the upper-righthand side next to the "Options"). Please see here.
Hint: These scanners are designed to detect and alert you about any changes made to your WordPress core files. We highly recommend you to always keep them on.
Additionally, clean out your site hosting of files not needed by the site. You may want to contact your web host for this.
We also recommend you to read:
- What is the Hack Guard module?
- What is the Core File Scanner and how does it work?
- What is the Unrecognised Files Scanner and how does it work?
- What is the Plugin and Theme Guard scanner and how does it work?