(Apologies in progress if this is not the correct location to ask)
An aunt of mine owns a modest organization and has a web page (WordPress) for it. Very little as well fancy, fundamentally an About us, pricing chart, description of solutions, yada yada, site that was finished by an exterior wordpress developer
They have been having difficulties having hacked (second time now) and the male they are dealing with has charged them an further couple of thousand $s to recuperate their website final time it occurred. Soon just after, they acquired hacked once again, and their male explained to them that they have to up grade to a quality malware cleaner like Wordfence to safe their web page. My aunt is certainly not happy to be paying all these more fees, but at the exact same time I instructed her it really is the cost of running a small business.
Anyhow, she asked me to look into it as I have a dev history (not with wordpress even so, but I guess that can make me the de-facto spouse and children member who helps with this stuff) and the initial thing I detect is that there is about 20+ plugins mounted, some of them which havent been current in the past several years. I are unable to update them possibly due to the fact they feel like bootleg versions that were being uploaded via zip information that I dont have accessibility to. A brief read on wordpress security shows me that theres a lot of items completely wrong with the internet site, and paying for WordFence high quality possibly wont help save them
I dont have admin entry to host/domain, so I dont want to mess all over way too much with the recent setup, but I’m questioning if I ought to just take out these sketchy plugins and use ‘updated’ cost-free ones that are a lot more legit, even if it eliminates some of the flashy outcomes that they have? I would backup everything prior to I alter it (backups havent been finished in the past a long time either so I can see why they ended up billed a good deal for bringing it back up)
My only problem is that given that I only have accessibility to the wordpress admin account, I lock myself out of it or mess up the entire matter and then have to offer with an indignant dev who just isn’t delighted that I messed up with his stuff, which I would fully grasp his disappointment.
Edit : Just one of these plugins is WPBakery Page Builder, which I dont know if I can just delete it without breaking the integrity of their web-site
TLDR : Web-site has bunch of plugins that I cant update, should really I just delete and put in much more legit variations without having breaking way too a great deal stuff?