Category Archives: WordPress Security

Installing WordPress Plugins

How To Add a (Free) Plugin to Your WordPress Site

Installing a WordPress Plugin

Let’s assume that you are familiar with the pros and cons of using a plugin, or that you have read the post: How Many WordPress Plugins Is Too Many?  Many plugins are free and some are premium plugins that must be purchased. As I write this post, there are 49,065 free plugins listed in the Plugin Directory.

So you have decided it’s a good idea to use a plugin and you have found a free one that meets your needs on the Plugin Directory.

Follow these steps to install the plugin:Add New WordPress Plugin

  1. Go to your website Dashboard and hover over “Plugins”.  Scroll to the right once the sub menu box expands and click on “Add New”.  (See Dashboard image.)

You can also click on “Plugins” on the dashboard and then once the plugin page opens, you can click on the “Add New” button – top left.Add New WordPress Plugin button


  1. Now you have a few options to search for a plugin. You can search using some suggestions as indicated by these links:

plugin suggestion links WordPress




3.  Or if you have something in mind, you can search for it specifically using the Key Word Search box:Keyword Search Box WordPress Plugin

However, this search box is limited.  It is not nearly as forgiving or helpful as a Google Search.  If you make a typo or you try to type the exact name of a plugin and you get it wrong, you are very likely to come up with no search results.  If you know you want a plugin that performs a common function, such as “security” or “anti-spam”, you could type in that word and your chances will improve. If you are really having a difficult time and you know of a plugin that is not showing in the results, go to your browser and try a Google search.  Then once you have the exact name, go back to the WordPress Plugins page and type it into the Keyword Search Box.

  1. One of the first plugins I install on every site is the free security plugin, WordFence.
  1. If you have found the plugin you want to install, click the “Install Now” button as in the WordFence example image. WordPress Plugin Install button
  1. Next the “Install Now” button will be replaced by a blue “Activate” button. Click the “Activate” button to activate your plugin. WordPress Plugin Activate button
  1. You will be taken back to the plugins page where you will see your plugin listed. WordPress Plugins list
  2. Setting up your plugin – Many plugins get to work doing what they are supposed to do WordPress Dashboard Menuwithout any further action from you. However, some plugins offer extra features or options that you can choose.

Sometimes you can access these easily from your dashboard menu. For example, you can see in the dashboard image that WordFence is now part of your dashboard menu.

If you click on that menu link, you will see a host of settings for WordFence that you can control if you wish.  If you are not sure what to do with these settings, do a Google search for the plugin page to get more information or look up a tutorial about it on YouTube.

However, some plugins have settings that you access under the main dashboard menu links such as “tools” or “settings”.  A few have a “settings” link under the plugin list on the plugins page, as in this example:

Plugin settings WordPress

  1. Once you have adjusted the settings on your plugin, you are done!

WordPress Security

WordPress Security

WordPress Security – Closing Those “Back Doors”

Some people consider the WordPress platform itself to be one big back door that provides access to hackers.  After all, it is Open Source with many people all over the world adding to it, improving it – and hacking it. The good news is that your WordPress website does not have to be added to the list of hacked sites, just because it’s a WordPress site.

While some hackers target WordPress, they do so for reasons that are important for all WordPress users to consider.

The very popularity of WordPress makes it attractive to hackers. Karol K, gathered the following information in his post, The Ultimate List of WordPress Statistics:

  • 50-60% is WordPress’ share of the global CMS market – making it the most popular CMS of them all. [8][2][15]
  • New York Observer, New York Post, TED, Thought Catalog, Williams, USA Today, CNN,,, National Post, Spotify, TechCrunch, CBS Local, NBC all use WordPress. [32]
  • Around 15,886,000 websites on the entire web use WordPress. [15]

If it is so popular and hackers like it, then why are people – and major companies, still using it?  Well, it is a secure platform (as secure as anything can be on the internet) when it is setup with security in mind and when it is maintained.

Many people, small companies included, decide to build a WordPress website because it is”free”.  And so it is – if you know what you are doing or if you have someone who can help you. When “free” is the motivator, these websites are not often set up properly; the infamous “admin” username is an example (see below).  Once they are set up, the “backend” of the website is often not maintained and so out-of-date WordPress versions and plugins invite hackers.

Another consequence of trying to set up an almost free website is choosing a Web Host that has the cheapest hosting plan.  There are several things to consider when choosing a web host and although price is important, it should not be the determining factor.

So let’s talk about the many strategies used to slam that “back door” shut.

  1. Start with your Web Host
  2. Consider your Hosting Plan and your business needs
  3. Install WordPress manually (or if you have already installed it, update the security of your WordPress installation.  For example, use secure usernames and passwords – not easy to guess like:  “admin” or “administrator”.)
  4. Use Security Plugins
  5. Update Plugins and WordPress version vigilantly
  6. Maintain your site – including deleting themes and plugins that you no longer need
  7. Backup your site (files & database) regularly to restore it if it does get hacked.
  8. Keep an “ear to the ground” in the world of WordPress and WordPress Security

If these things are out of your level of expertise, maybe someone could help you apply these strategies to your website. If not, you may need to roll up your sleeves and learn about it yourself.  WordPress is an Open Source software and the international online community is very supportive.  There are very likely local meetups and organizations in your area dedicated to supporting WordPress users including those just starting.

If that just seems too daunting either on a technological level or time commitment, you may need to pay someone to maintain your site and keep it safe.  Although WordPress is free for some, it will not be free for all to maintain.  You might get lucky, and never be hacked.  However, you can decrease your chances of being hacked by using sound security strategies.

For more details on the strategies listed above, search the internet, join a WordPress group, or follow this topic thread in our  newsletter as we go through those strategies in more detail.