If you have a WordPress site you’ve already heard about WordPress plugins and how easy they make your life.
In this article: WordPress plugins: the definite guide, we’re going to look at the different ways to install WordPress plugins, both directly from the dashboard and manually. We’ll then focus on the impact of plugins on your site’s performance and, consequently, speed.
We’ll also go over the issues of vulnerability to attacks that can result from using certain plugins. But first, let’s start by figuring out what a WordPress plugin is and what it’s used for.
What are WordPress plugins
WordPress plugins are sections of code or in some cases even entire programs, but they only work in the WordPress environment.
Their purpose is, therefore, precisely to extend the functionality of your site by adding new ones. There are plugins to do anything from site-specific ones like WooCommerce, one of the most used WordPress plugins for ecommerce.
There are a number of must-have WordPress plugins from site to site, some specific, some applicable to almost every site. For example, there is no site that can’t have a contact form, which you can create with a plugin like Contact Form 7.
Other plugins can provide a solution to a temporary issue, for example, there are plugins you can use to speed up the process when transferring your site from Blogger to WordPress. Or plugins like Duplicator that allow you to transfer a WordPress site.
Do you want to reach more users with your content in different languages? You can create a multilingual WordPress site using one of the many plugins designed specifically for this purpose.
Is it time to clean up WordPress by cleaning up the media library? With a plugin, you can delete unused images without having to check them manually.
Also if you want to improve SEO, WordPress plugins will come to your aid. To understand this you just need to take a look at the results we get by searching ‘SEO’ on the WordPress plugins directory.
As you can see Rank Math has more than 600 thousand active installations and Yoast SEO exceeds 5 million, these figures show you how much such plugins are valued.
Basically, for whatever new feature you’re looking to add to your WordPress site, there is already a plugin out there. What’s left for you to do is to find the one that’s right for you. Let’s take a quick look at where you can find the plugins you’re looking for, in this WordPress plugins: the definitive guide.
Where to find WordPress plugins
The first place to look for the WordPress plugin you need is definitely the official WordPress.org directory.
You can connect to the site or even search for the plugin directly by accessing the bulletin board of your WordPress site, as we shall see in more detail later when we talk about installation.
In the directory you will find thousands of plugins, you can browse those present that are also divided into categories so you can understand which are the most used (popular) or possibly block enabled plugins.
Today there are more than 58 thousand plugins to choose from and which allow you to extend the functions of the CMS.
If we compare these numbers to the 300 applications provided by Wix we can get an idea of which platform can offer the best in terms of functionality. You can delve into the two options on our Wix vs WordPress comparison.
For each plugin note that there is also some interesting information that you need to keep an eye on. For example, the number of active installations, but also the compatibility with your WordPress version.
You can get more detailed information by clicking on each plugin. For each one, you will find a detailed tab that will give you information about its functions, but also about the date when the plugin was last updated.
It is important to know if a plugin is updated more or less frequently, as you will understand later in this guide when we will talk about vulnerability and security issues.
For each plugin, you can also read reviews from other users and check the overall rating. For example, here are the details about Contact Form 7 plugin and its ratings:
On Codecanyon, WordPress plugins are divided into categories so you can easily find the right plugin for you. You can search by function and find the ones that are useful to your site visitors such as contact forms, booking calendars and social sharing plugins for WordPress.
Remember that there are also plugins that perform more than one function. For example, Litespeed which in addition to being a cache plugin also allows you to optimize the images of your site. Alternatively, YoastSeo offers guidance on text optimization and even allows you to create a sitemap of your site.
There are also other plugins that you can use to improve the management of your blog such as calendars useful for planning the editorial plan or plugins for sending newsletters. If you still don’t know what to look for you can try to see the list of best sellers.
If you don’t find what you’re looking for among the premium resources, you might consider turning to a professional who knows how to create WordPress plugins and create one tailored to your website.
Plugin WordPress: paid or free?
Just as with other WordPress add-on resources, themes, as well as extensions and plugins, are also distributed some for free and some for a fee.
Many plugins, also, have two versions: a basic one, free and limited, and a premium version that gives you access to more features.
One example is Rank Math, a plugin that gives you hints and tips on how to improve your content and use keywords correctly to improve your SEO and rank better on search engines.
Rank Math is available for free, but it also has a Pro version that gives you access to new features that are not available in the free plan.
With the Pro version, for example, you can get an overview of the optimization of each individual page and each article directly from the WordPress bulletin board.
Of course, it’s up to you to figure out if the features of a premium plugin are useful to you or if you can do without them.
The tip is always to start from the analysis of what functions you consider indispensable or believe can help you improve the use of your site. Now let’s see how to go about installing WordPress plugins.
Install WordPress Plugins
There are several ways to install a plugin on WordPress. The most immediate one is to use the WordPress bulletin board directly, but it is not the only one.
For example, there are cases when you might need to install a plugin manually through the FTP protocol. Let’s see how to do this step by step in every way.
Install WordPress plugins from your dashboard
After logging in you just need to go to the Plugins section and click on Add New as you can see in the screenshot below.
This will open a new tab that will allow you to search for the plugin that you are looking for. You can see different sections that contain Plugins to be aware of, the Popular ones and the Recommended ones. Moreover, there is a category of Favorites, which will contain the ones marked by you.
From this section, you can also search for the plugin you are interested in by using the search bar. Once you’ve found it or simply chosen it from the list, just click on the ‘Install Now‘ button you see next to the plugin, as in this screenshot:
When the installation is complete, the button you clicked on will turn blue and will have ‘Activate‘ written on it. By clicking on it, you will be able to activate the plugin for all purposes and start using it.
You can click on the Installed Plugins item in the side menu at any time to check the plugins already installed and also their status. In this section, you can also activate, deactivate, check for updates and choose whether to set automatic updates.
Remember that you can temporarily deactivate a plugin by clicking on Deactivate or completely uninstall it by clicking on Delete. In any case, in order to delete it, you have to deactivate it first.
Remember to always keep your plugins up to date, but we’ll come back to this topic later when we talk about WordPress vulnerability issues.
There might be cases when you need to disable plugins, but you can’t access your dashboard. In these situations, it can be useful to use phpMyAdmin to disable all plugins directly by changing a value in the database. You can find all the necessary steps in our guide to phpMyAdmin for WordPress.
Install WordPress plugins from zip file
There are cases when you might need to install a WordPress plugin that you downloaded as a zip file. In this case, you can install your plugin again by accessing the WordPress bulletin board.
This time, however, after clicking on Plugins → Add New you’ll have to click on the Upload Plugin button and then on Choose File. At this point, you can search for the plugin using the file manager or alternatively you can simply drag the file onto the screen.
After that just click on Install Now and wait for the installation to complete.
Again, remember to activate the plugin in order to use it.
Install WordPress plugins manually via FTP
Another way to install plugins on WordPress is to use an FTP client. In this case, you must always have the zip file of the plugin you want to install. You can also use FTP protocol to install WordPress manually.
The installation can be done with a program like FileZilla, one of the most popular clients that use the FTP protocol.
The first thing to do is to unzip the zip file with the plugin. The extracted folder will have a name like for example this contact-form-220.127.116.11 but the folder you have to upload will be the one inside, that is the one with the same name of the plugin (in our case contact-form-7).
After starting FileZilla or any other FTP client you have to upload your plugin inside public/wp-content/plugin. At the end of the upload, you will see a notification saying that the transfer has been successfully completed.
Installing WordPress plugins with WP-CLI
Another way to install the plugins you want to use on your site is to use WP-CLI, the command line interface that allows you to manage your WordPress installations. In this case, with a simple command you can install plugins on your site:
wp plugin install contact-form-7 --activate
In this example, we have installed and activated Contact Form 7.
Do plugins affect the performance of your WordPress site?
The most asked question by WordPress users is, how do plugins affect the performance of their site? People often think that the number of plugins they use makes a difference.
In reality, it’s not the number of plugins you use that affects performance, but rather their quality.
If you want to improve your site’s performance and speed up WordPress, the real question you need to ask yourself is whether the plugins you’re using are really necessary.
The truth is that there are no plugins to avoid, but you need to make a broader point. Each plugin performs one or more functions and it is, therefore, necessary to consider whether those functions are more or less necessary.
From these considerations, you can then decide if the function performed by the plugin is indispensable and therefore worth keeping. Or whether, if it does not, if it can be replaced for example with a site-specific plugin. These are plugins created specifically to provide a specific function.
What if you want to evaluate the effect of each plugin on performance? Assuming that you can’t have precise feedback, you can still analyze some parameters to understand how many resources each plugin requires.
Moreover, when the request for resources by a plugin is excessive and exceeds the time limit you may encounter the 504 gateway time-out error.
To get an idea of the queries created by a given plugin you can do an analysis using a tool like GTmetrix.
You should repeat the test by activating one plugin at a time and marking the results as you go. Besides the loading time, you should also look at the resources used and the page size in GTmetrix.
With such an analysis you should have an idea, or at least an estimate, of the impact of each individual plugin on the performance of your site and identify any plugins that slow down WordPress.
WordPress security depends on a variety of factors, however, increasing the variation is mainly the fact that third-party software is used on WordPress.
And that’s where, therefore, WordPress themes and also plugins come into play. Basically, plugins, as well as other third-party software are safe.
However, the problem arises with the use of outdated plugins ( the same goes for themes) and with the use of cracked plugins and themes.
Outdated themes and plugins
Each of these software is vulnerable, that’s why developers release updates. These small patches are meant to address these very issues and fix any flaws that can jeopardize the security of your site.
That’s why the best advice you can follow is to always update all the plugins and themes you have installed on WordPress.
Remember that even deactivated plugins can pose a threat. That’s why, even then, it would be best to keep updating them or delete them permanently if you don’t need them.
Nulled themes and plugins
Using nulled (i.e. cracked) themes or plugins to avoid paying for premium software can backfire. Besides the ethical (and legal) reasons why you shouldn’t do it, such pirated software can be a real security risk for WordPress.
One of the reasons is the presence of backdoors that allow hackers to easily bypass security and gain full access to your site.
So, let’s summarize the steps you can take to avoid vulnerability issues arising from plugins and themes:
- Double-check the plugins and themes you’re about to install and the ones you’ve already installed: if they’re outdated, look for others with similar functions to replace them and, most importantly, that they’re updated.
- Keep your WordPress site up-to-date, especially when it comes to plugins, themes and other third-party software.
- Don’t use nulled themes and plugins: use reliable plugins (such as those from the official directory, but not exclusively).
Remember that WordPress vulnerability also depends on the hosting itself. That’s why in order to ensure security for customers using our hosting services we use CXS on our servers.
This ensures that all files that are uploaded to the server are scanned and, in case of viruses or malware, the files are quarantined before they can be executed. Also, we run ClamAV as an antivirus on all of our shared, semi-dedicated and reseller hosting plans.
In this WordPress plugins: the definitive guide, we’ve seen what WordPress plugins are and how they can help you add new features to your site. With plugins, you can do everything from making your site more usable for visitors to improving your search engine rankings.
We’ve seen where to find reliable plugins and the different ways you can install them. In the second part of this guide, we focused on how plugins affect the performance of your site and the possible security issues they can generate.
What about you? Which factors influence your choice of plugins to use for your site? Let me know in the comments below.