# Bedrock + Default themes = security exploit. How to remove them?

**URL:** https://discourse.roots.io/t/bedrock-default-themes-security-exploit-how-to-remove-them/18651
**Category:** bedrock
**Tags:** deploys
**Created:** 2020-07-13T08:44:18Z
**Posts:** 2

## Post 1 by @hejamartin — 2020-07-13T08:44:19Z

Hi.

I got ManageWP to track many of the Wordpress sites we build. And we do use Bedrock. And Sage as a starter theme.

But ManageWP also tells us - common for every site. That the default themes that are shipped, and is in every wordpress install - is outdated.

What I want to know:

1. How can we make this so that the default themes are removed every time we deploy it?

2. If not possible, how can they be updated easily?

---

## Post 2 by @strarsis — 2020-07-13T09:25:33Z

How are you deploying? Trellis? With Trellis you can use a deploy hook to either remove or update the default themes on deploy:

> **[Trellis: Deployments | Roots Documentation](https://roots.io/docs/trellis/master/deployments/#hooks)**
>
> Trellis offers zero-downtime WordPress deployment out of the box with little configuration needed. Hooks let you customize what happens at each step of the atomic deploy process.

  

> **[wp theme update | WP-CLI Command | WordPress Developer Resources](https://developer.wordpress.org/cli/commands/theme/update/)**
>
> OPTIONS [...] One or more themes to update. [--all] If set, all themes that have updates will be updated.…