Security Question related to Plugin Files, please help!

I have noticed that either a person, bot, or software is scanning my site for readme.txt files of hundreds of different plugins.
To avoid any hijacking of my side or code inserting should they actually find a plugin I have, can I delete the readme.txt files from all plugins? Or do I need them for anything?

What about the license.txt files?

Please help asap.
Thank you

  • Gabe
    • The Bug Hunter

    WordPress security has improved significantly over the years, but there are still weaknesses as their are with any platform. The weakness could be with your host, allowing SQL injection with poorly coded themes/plugins, keeping backups in the wrong location on your server or other permissions issues that expose your wp-config, etc.

    If you're really interested, you could read up on hardening WordPress, for example, this and this. There are also firms that manage website security like Securi. It's a no-brainer to do the free stuff mentioned in the articles as well as .htaccess hardening, but I'd avoid sinking too much money into it unless your site actually generates decent revenue. If it does, you're protecting an asset, which makes sense. Some specialty WordPress sites completely manage security for their customers (i.e. WP Engine, which I use). Others may do the same, but I haven't worked with them. Hope this helps.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.