How to clean up the site and increase its productivity

The hosting environment is very easy to fill with plugins, themes, test scripts and unused files. This can not only reduce the performance of the site, but also make it vulnerable to infection. In this article, we will tell you how to clean up the server environment to create order, optimize performance and protect the website.
- Create backups
A backup copy of the site serves as a safety net in case of an unforeseen situation. It is the most important site security measure and makes it easier to return your environment to the last correct configuration in case of a problem.
The backup must fulfill several requirements:
Securely stored off-site and in multiple locations;
Created automatically;
It has been thoroughly tested so that you can be sure of its reliability.
You should make sure that you have a reliable backup of all files, folders and database before making any major changes.
- Delete unused files
When you add a lot of files, components and other data to the environment, this can lead to an increase in the size of your site, and therefore to an increase in loading time and response time. Moreover, it can complicate the management of the site.
Therefore, it is necessary to periodically clean. This will not require much effort and will significantly increase the performance of the site.
The more files, test scripts, or plugins you have, the larger the attack surface for attackers will be. You need to get rid of everything that is not used and takes up unnecessary space on your server.
Delete unused files, themes and plugins
To find out what exactly needs to be deleted, you first need to understand what files are needed for your site.
If you are using WordPress, changes to the Core files can be found by checking the integrity of the core file — these core files make up the key functionality of the platform and consist of PHP and related source files.
If you have not made changes to the main files, the contents of the pages “/wp-admin/” and “/wp-includes/” should be identical to the original software with WordPress.org or from the official repository ” https://core . svn.wordpress.org /”.
To find out how important a file is, you need to add “test.” to the file name to find out the level of its impact on your website (for example, “test.wp-config.php “). This step can be easily performed via the cPanel file manager or via FTP (File Transfer Protocol).
As a result, you have to remove from your server environment everything that you don’t use, including:
Files and folders marked “dev”, “backup”, “old” and “temp”;
Deactivated themes or plugins;
Incorrectly or accidentally named folders;
Unfamiliar files with a size of 0 bytes *;
Old error logs;
Old cached files.
*Some files with a size of 0 bytes may be placed in certain directories for security purposes. For example, empty files “index.html ” protected from catalog enumeration. Since the file “index.html ” is the first file that is called by the server, this will prevent the enumeration of files for these folders.
- Update the software
Any software needs to be kept up to date with the latest fixes and security updates. This will ensure the smooth operation of the site and fix vulnerabilities that are one of the main causes of site hacks. Make sure that all themes, plugins and components on your site are updated, starting with the CMS itself.
If you use an outdated version of PHP, it gives more opportunities for cybercriminals. Since PHP is the basis of most hosting services, it should also be updated.
- Clean up your site’s database
Database cleanup is important because tables become less efficient as data is added. For example, when you save a new page in WordPress, a revision is created that enlarges the database tables, adding a significant amount of rarely used data.
In most cases, database cleanup can be performed using CMS. Here is a list of what needs to be removed first:
unused media files;
old drafts of messages and revisions;
unapproved comments;
outdated data.
Delete spam comments
Spam not only poses a security risk (for example, when a bot uses spam messages to add malicious links to your site), but it can also clog the site and reduce its performance. Some of the most common types of spam comments advertise:
Microloans;
Services for writing student papers;
Dating sites;
Online Casino;
Pirated Software;
Materials for adults.
If your site is infected with spam comments, you can run an SQL command to delete messages from your database containing keywords not related to your website. First you need to create a backup copy of the database.
For example, if your site is filled with spam dating sites, you can use the following SQL command to delete all messages containing the keyword “dating” in its header:
DELETE FR OM `wp_posts` WH ERE `post_title` LIKE ‘%dating%’;
Be sure to be careful when executing SQL commands and always make a backup before making any changes. You should make sure that legitimate comments do not have spam words in the headers, so as not to delete them by mistake.
Delete old users
Audit the users of your site and block access for those who no longer need it. This includes accounts of former developers, editors, or accounts of untrusted users.
Always observe the principle of least privilege . It is based on the fact that each user should have access only to the resources necessary to perform the required duties. For example, a sales manager should not have access to financial reports, and the account of an employee engaged in labeling should not have administrative privileges. It also reduces the attack surface, making it difficult for attackers to perform unauthorized actions.
Keeping this concept in mind, follow the access management guidelines:
Create new user accounts with the lowest level of permissions;
Grant temporary permissions and revoke access when they are no longer needed;
Delete accounts that are no longer in use;
Make sure that the default user account is configured with minimal permissions.
- Scan the site for malware and backdoors
Remote website scanners can help you detect malware, vulnerabilities, injections and other malicious code. However, they cannot scan at the server level, so results are not always guaranteed.
It is best to use a site scanner and a monitoring system together, which will help you scan and check all files on the server for signs of malware. These services will help identify backdoors, SEO spam, phishing pages, DDoS scripts and hacker kits.
- Use a firewall with CDN (Content Delivery Network)
If you want to prevent malicious traffic from reaching your site, use a firewall. It filters malicious traffic in real time to protect the site from malicious code and cyber attacks.
- Prevent cross-contamination
Even if the site owner takes all necessary security measures, the site can still be infected. This is most often due to the fact that an attacker exploits site vulnerabilities to move laterally in a compromised environment. This is observed during cross-site infection (Cross-Site infection, Cross-Site Contamination), when a hacked site infects others using the same server environment.
Poor isolation and weak account settings are the main causes of cross-infection. Therefore, it is important to be careful when hosting multiple sites on the same server. To avoid cross-site infection, isolate each site on a separate virtual machine or in a hosting environment or a firewall for each individual website.