Keep Your Website Clean For Security
I have taken over a few websites lately that are a bit of a security mess. One thing they all have in common is they have unused plugins and themes installed.
In many cases, these plugins and themes were not even active.
This is a terrible idea. Plugins and themes are code modulas. Even you deactivate the module the code still resides in the WordPress install.
This means a virus, malware or a hack can still exploit the code. Leaving any unused code in place is a big security risk. Not to mention that these plugins and code could slow down the website.
The best practice is to delete any plugins and themes that you are not using from any WordPress install. This will keep your site more secure.