1. Jeff Chandler

    Are you suggesting that like Hello Dolly, users remove any theme that comes with WordPress out of the box that is not being used? I hope we don’t get to the point where WordPress comes with 10 themes and users have to spend time deleting all the unnecessary crud. Reminds me, should probably figure out what the plan is for TwentyEleven, TwentyTwelve, and TwentyThirteen. When will they stop being part of WordPress and live in the Theme Repository as seperate entities.


    • Miroslav Glavic

      When is WP going to remove 2012? from the package?

      Are we going to have 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 & 2020 all bundled up? eventually the size of the themes will be bigger than core files.

      I think WP should come with ONE theme. People can download themes. I don’t think we need 3 themes in the package.

      What if WP lasts until 2050? are we going to have 30+ themes on the download package?


  2. Miroslav Glavic

    I check daily on all my sites.

    My home page is http://www.whateverdomain.com/wp-login.php x 8

    If there is an update for lets say Akismet, in site #1, then 2-8 will need update.

    I check out updates, then comments.

    Is there a plugin that will e-mail me whenever there is an update for theme/plugin?

    Hello Miroslav

    You have updates on your http://www.wptaverntshirtswouldbeawesome.com

    Following plugins need to be updated:

    La Cucaracha dances on the header

    Following theme needs to be updated

    Mountain Dew

    Please update immediately.

    Thank You

    I don’t mean those e-mails Matt sends whnever there is a new core upgrade.

    This would be my own server/installation sending me an e-mail.


  3. Keith Davis

    Hi Sarah

    “Any theme not in use has got to go – with one important exception: a default theme for fallback.”

    That’s the way I usually go, just in case I have any problems with the theme I’m using.
    Deleting themes is no big deal only takes a minute or so.

    I check my own sites when I add posts and if any plugins need updating I update them and then update them on client sites.

    I use a few security plugins plus the Sucuri paid plugin, which is pretty cheap once you are using it on ten or more sites and setup is nice and easy.


  4. Vanessa Anne Blaylock

    Thanks Sarah! I’ve been deleting excess themes from time to time, but I’ve always wondered if I needed to keep 1 or more default themes around. Someone once told me that if you were having database problems switching to a default theme could help – perhaps that was a myth. Does it matter which default theme you have? If 2014 is bigger, it is better to delete it and keep 2013? Or better to keep 2014 since it’s the most updated? TY!


  5. pooriast

    Hello to all, and Thanks to Sarah for bringing this issue up,
    I’ve always been following this practice in which I do not keep any extra theme except the default theme and the child-themes that I’ve created, Yet technically I’m not convinced how an unused but updated theme can cause a vulnerability? Appreciate if someone can explain the point.


    • Jeff Chandler

      If you keep the unused themes updated, you’ll be ok. The problem is that most people don’t update themes they’re not using. If one of those updates contained a security fix, it won’t be applied to the theme. You should read the historic TimThumb attack and how years later, people were still being affected by it because they forgot about the themes that had on their site that contained the TimThumb script. This post by Joost illustrates the importance of updating everything.


      • pooriast

        Thanks Jeff, maybe I’m obsessed but even if I’m middle of writing a post and at the same time an update notification appears on the admin-bar, I can’t finish my post unless I update the site first :) I remember TimThumb tsunami, by the time I was a very fresh WP learner, Though I’m not sure if I was using either a Woo or Elegant theme but I received an urgent newsletter from the theme vendor urging for an immediate update. I had no idea what’s this all about anyhow I followed the instruction and luckily faced no issue.


  6. Tweet Parade (no.06 Feb 2014) - Best Articles of Last Week | gonzoblog

    […] Why You Should Clean Out Your WordPress Themes Directory – Because WordPress is now powering more than 1 in 5 websites on the internet, WordPress sites are a prime target for hackers and spammers. If your site isn’t secure, hackers can use your themes as entry points. […]


  7. Vinny O'Hare

    I went into one of my sites a few weeks ago and saw I had 7 themes and quickly cleared them all out except one to fall back on. Great article.


  8. supreeth bharadwaj

    hey sarah i am new to wordpress can i delete twenty twelve default theme if yes then how?
    thanks in advance


    • Sarah Gooding

      Supreeth – Sure, go to Appearance > Themes. You might leave Twenty Fourteen in there for something to fall back on in case there’s a problem with your active theme.


Comments are closed.

%d bloggers like this: