Remove unwanted files

Daily cleanup process

A daily cleanup process cleans up unneeded files from your WordPress installation.

Access to certain types of files like .bak, .sql, and others are blocked via the firewall module. These files are not necessary for the functioning of your WordPress site but are sometimes created automatically. For example, a plugin might make a copy of your wp-config.php file before making changes.

Remove unwanted files

If backup files are not removed, they can be located and exploited by attackers. This could give them access to sensitive information like your database password, leading to complete control over your site. Although simple, the step of removing these files is often overlooked. Security Ninja assists in this by identifying and deleting common file names that pose a risk.

Files Tested for and Removed:

  • wp-config.php.old: Common name for config file backup – can contain critical information.
  • wp-config.php_bak: Common name for config file backup – can contain critical information.
  • wp-config.php~: Common name for config file backup – can contain critical information.
  • wp-config.php-: Common name for config file backup – can contain critical information.
  • wp-config.php–: Common name for config file backup – can contain critical information.
  • wp-config.php—: Common name for config file backup – can contain critical information.
  • wp-config.php.bkp: Common name for config file backup – can contain critical information.
  • wp-config.php_revision: Common name for config file backup – can contain critical information.
  • php_errorlog: Can contain server details or errors that can be exploited.
  • php_mail.log: Can contain user details or errors that can be exploited.
  • .htaccess.sg: .htaccess backup files on SiteGround – Can show server details or configurations that should not be public.
  • .htaccess_swift_backup: .htaccess backup file by Swift Performance – Can show server details or configurations that should not be public.
  • phpinfo.php: Displays all details about PHP on your website, should only exist briefly during development.
  • info.php: Should only exist briefly during development and not on a live site.
  • test.php: Should only exist briefly during development and not on a live site.
  • readme.html: Default readme.html file.
  • license.txt: Default license.txt file.
  • *.sql: .sql files should not be kept on your server – they may contain sensitive data.
  • *.bak: Copies of old files could contain important info about your server.

By removing these files, Security Ninja helps ensure that critical information is not inadvertently exposed, thereby bolstering the security of your WordPress site.

Was this helpful?