As an open source software, WordPress is regularly maintained and looked after by a global community. It releases new versions and security releases on a very regular basis. With each new WordPress version, some funtions become obselete and some files become unnecessary. However, an update does not automatically delete those old core files. These files can be targeted by hackers to hide backdoor code. In this article, we will show you how to delete old WordPress core files.
First, you need to install and activate Old Core Files plugin. After activating the plugin, go to plugin settings page located under Tools » Old Core Files. The plugin will list all old core files that are no longer needed with latest WordPress version.
Currently this plugin does not have a delete button. However, plugin authors intend to include a delete button in future versions of the plugin. However, now that you have the list of files that are just sitting on your server doing nothing and are executable, you can delete them manually using FTP.
While you are deleting unwanted core files, you may also want to delete all inactive themes and plugins that are just sitting there on your server. Don’t forget to back them up just in case, if you want to add it back. Lastly, we highly recommend that you harden your WordPress install by disabling PHP execution in certain WordPress directories. If you want to stay on an even safer side, then start using Sucuri (Here are 5 reasons why we use Sucuri).
We hope that this article helps you improve security of your WordPress website. We would like to ask, how often do you delete unwanted core files, inactive themes, and inactive plugins from your server? Let us know by commenting below.