If you have unused or abandoned WordPress sites on your server, we recommend that you delete them. We will explain the reasons for this and how to delete an abandoned site.
Do you have an abandoned WordPress site or movable-enabled site on your server that you are not using?
Many servers allow multiple sites (domains or subdomains) on the server.
This means that a server contract can contain a large number of sites, and malware can spread to all sites on the server via sites that are no longer in use and are left unattended.
We recommend that you delete any unattended sites on your server as soon as possible.
Why are abandoned sites dangerous?
Abandoned sites may have known vulnerabilities because they are no longer in use, have not been logged into the admin panel for a long time, and therefore have not been updated with WordPress or plugins.
Hackers can find such sites through Google searches, etc., which are high performance and pick up any small site, and hack them.
(Even sites with low traffic can benefit from hacking because they can be used as a springboard for spamming, hacking other sites, or installing virus programs and having them downloaded via other sites.)
Once the vulnerability is breached and the WordPress site is tampered with, hackers can spread the infection via a backdoor to folders on all domains that share a root folder within a single server subscription.
(This type of malware is more common these days, and there are more and more cases where many sites in a server are affected by defacement at once.)
Delete abandoned sites
Hackers exploit vulnerabilities in the programs of abandoned sites to tamper with the server and install programs that perform various illegal activities.
For this reason, all files in the folder for the domain of the abandoned site on the server should be backed up and emptied as necessary to prevent vulnerabilities from being exploited.
Connect to the server with FTP software such as FileZilla, select (Ctrl+A) all the contents of the folder published on the web, right-click and delete.
The stored contents of the databases used by the site are not a direct cause of hacking, but there is little point in keeping them, so there is no problem in backing them up and then deleting them.
All sites on the server are regularly scanned for malware.
If one site on a server is infected with malware, it can spread to other sites.
If a site infected with malware appears on the server, we recommend that all other sites be scanned for malware and removed, and that all sites on the server be periodically scanned for malware and vulnerabilities, even if there are no malware symptoms at this time.
Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].