STEP 1:
Login to the site.

STEP 2:
Check all settings related to the plugins. (Plug-in in use, active, setup, enable auto-updates, scheduled for update)

STEP 3:
If the plugin is not in use or old, delete the plugin.

STEP 4:
If a certain plugin has vulnerabilities and issues, make a judgment call. If the plugin has no use, deactivate the plugin and delete it. If the plugin is needed, work around the vulnerabilities and repair it or get a new plugin with similarities.

STEP 5:
Inform the client of changes if needed. Check if ‘plugin is vulnerability’ is being exploited.

Note: changes to PHP can be done through FileZilla using credentials from either Kinsta or WP-Engine.