Remove unused plugins and themes
WordPress can be readily extended through the vast library of software add-ons ; in the main themes and plugins. Some are only needed once or are replaced by more suitable code and become in effect redundant. Unless you wrote the code yourself the quality and security integrity can vary from one extreme to the other. Each third party theme or plugin increases your risk of being hacked or experiencing unexpected performance issues.
With each plugin installed on your WordPress site, the more likely the site is to be hacked, as new vectors are opened with each installation. It is not enough to simply deactivate plugins that you aren’t using. You actually have to delete them in order to remove the vulnerable code from the server.
If in doubt, throw it out
Delete any unused third party code as part of your WordPress Security checks. This would include deactivated plugins.