Core Files Update Cleanup


Whenever WordPress performs a core update, it automatically pulls down the following files onto the root:

  • license.txt
  • readme.html
  • wp-config-sample.php

These files aren’t an inherent security risk by themselves; however they are uneccessary clutter on the root of your site (why would you want a wp-config-sample.php file on your production website?!); and it’s just another easy-to-read vector confirming that you have a WordPress site for script-kiddies to scrape and attack.

Simply install this plugin and it will clean up those files every time you perform a core WordPress update.


Upload the Core Files Update Cleanup plugin to your website & activate it as normal. That’s it! The plugin will only fire whenever a core WordPress update is performed.

Make sure to back up your installation before making any significant changes, and always test a plugin’s performance before installing anything on a live production environment!


Should I back up my site first?

You should always make a backup of your site before any major updates as a matter of course. This plugin will only delete the files specified above; only after a core update; and only attempt to do so if these files actually exist. But you should always err on the side of safety. Always back up!


There are no reviews for this plugin.

Contributors & Developers

“Core Files Update Cleanup” is open source software. The following people have contributed to this plugin.




Release Date – 19 January 2024

  • Will now automatically check for license.txt, readme.html and wp-config-sample.php files when plugin is first activated (not just on the next update) and remove them if found.


Release Date – 14 January 2024

  • Initial release