Here is Why The Risk is Real
The PHP files that make up those plugins and themes are still available for exploit even though they are no longer activated through WordPress. An outdated, deactivated plugin, or theme’s files can be used to run malicious code or serve unwanted ads.
Here is an example of a WordPress Plugins page with several plugins installed. You can see that there are updates pending on both active and inactive plugins. If your plugins page looks like this, it needs attention and is at risk for security breaches.
Keeping those disabled plugins up to date and removing old themes is an easy WordPress security fix that you can do yourself. However, if you find this all to be a bit overwhelming… I can help!
Here is an example of a WordPress “Appearance” page with unused themes and themes that need to be updated.
A Good Rule of Thumb
A good idea for optimum WordPress security is, if you think you’ll use a plugin or a theme in the future, simply keep it updated regularly. If you can’t foresee needing it in the future, send it to the trash. Wordpress security is as easy as one click per plugin!
Here’s How: Log into your WordPress website, click on “plugins”, choose “Update Available” from the top menu and the list will include all plugins that need updating, even the deactivated plugins. To update multiple plugins at once, check the box for each one and choose ‘Update’ from the ‘Bulk Actions’ drop down menu.
Securing your WordPress Website Today & Down The Road
Keeping those disabled plugins up to date and removing old themes is an easy WordPress security fix that you can do yourself. However, if you find this all to be a bit overwhelming, don’t have the time, or are worried you’ll forget to keep those updates rolling, I can help.
Easy Monthly Security Check-Ups
Let me do your WordPress Core updates and Plugin updates every month, plus I’ll deliver you a personalized website performance report. Get it done today and down the road with one of my WordPress Mechanic Maintenance plans.