At XRF Digital we use WordPress as a platform to build many of our client’s websites.
WordPress is very user friendly in the backend, meaning that our clients, along with tutorial videos provided by us, they can easily administer and maintain their own websites. However a high percentage do subscribe to our hosting and maintenance packages so they do not need to give their websites another thought, and we look after them on their behalf. But for those of you who are looking after their own sites, we often get asked on our support desk… How do I install a Plugin? So in this blog, we explain how and also highlight some things to consider before you go ahead.
Website Back up
Before you make any changes such as installing a plugin we strongly advise that you make sure you have an up to date backup of your site.
In most cases installing a plugin will not have a negative impact on your site, however, it is always better to be safe, if your site goes down it affects your business, your clients and it can affect your ranking.
What are plugins?
The best way to think about a plugin is as you would an app on your mobile. Your mobile takes photos, but there is an app that you can add to edit the photo with more functionalities than your mobile comes with.
Your WordPress website is your working platform, where you can add plugins for extra functionalities, from small plugins which will add a cool feature in the footer, to a large plugin such as Woo Commerce to create an e-commerce section on your website.
Simply type in what you require and see the list…
WordPress Plugins are safe?
Plugins are great for adding new functionalities to your website HOWEVER be warned that these can also leave your website vulnerable and open to hackers.
If you are running a WordPress website I strongly recommend signing up to WordFence they constantly monitor the security of WordPress and will send out notifications of any vulnerabilities picked up and make you aware of any plugins which have been detected as having a problem.
This year (2021) WordFence report taken from the WordFence website:
Wordfence has collaborated with WPScan to conduct a 2021 mid-year review on the state of WordPress security
According to WordFence in their 2021 report the top 10 vulnerabilities were-
- W1. Cross-Site Scripting (XSS)
- W2. Cross-Site Request Forgery (CSRF)
- W3. SQL Injection
- W4. Access Controls
- W5. File Uploads
- W6. Remote Code/Command Execution
- W7. Object Injection
- W8. Insecure Direct Object Reference (IDOR)
- W9. Sensitive Data Disclosure
- W10. Insecure Redirects
Here is a link to the WordFence full report
Whilst we are on the subject of security you may want to check out this blog https://nordpass.com/blog/top-worst-passwords-2019/ the top worst passwords of 2019! If you are redfaced because one of your passwords was in the list, then you may want to keep this website handy for creating new passwords https://passwordsgenerator.net/
Which plugin to choose?
Once you have decided that you need new functionality on your website to help your business grow, you can do one of two things. Contact a development company such as us, to write secure coding for your new functionality. This is a good option as the functionality will be bespoke to your exact requirements, created by a reputable company regularly monitoring and updating to keep everything on your site secure.
Or you can find a plugin off the shelf within the WordPress community.
If you decide to take a plugin off the shelf then you need to consider a few things before installing the plugin, to help keep your website secure.
Things to consider when choosing a WordPress plugin.
Check how often the plugins are updated, you should be looking for plugins that have regular updates and are running on the latest version of WordPress – Why? Because those updates are fixes to any vulnerabilities which have been picked up, without the latest updates you are making your website insecure. So a plugin that has regular updates on the latest WordPress version is going to be secure where are as a plugin that you may feel better suits your requirements have not been updated will be putting your site at risk to hackers.
You can check the regularity of the plugin updates by clicking on the plugin and going over to the development tab, here you will see the changelog stipulating all the various changes which have been made, alongside the version number.
In many cases, the plugins allow you a basic free version, with the option of a payable upgrade which will unlock more features. Most free versions will allow access to forums for support.
The added bonus of paid versions of plugins is they are more likely to be kept up to date and will offer some level of support should you need it.
Who is the developer? Take a look at the developer by checking how many people are currently using the plugin and check out the reviews.
It is worth doing your research into the plugins that you feel will deliver the functionality you require, it takes a bit of time, but less time than trying to get your website back after it has been hacked, and building back your business reputation once it has been damaged.
So now you have read the above and still want to go ahead and install a plugin here is how…
How To Install A WordPress Plugin
Once you have done your research and taken a backup of your website…
- Log into your WordPress website
- On the left, you will see Plugins, click on plugins
- Then click on add new
- At the top on the right, you will see a search bar, it defaults to keyword, but this is a drop-down that will also give you the option of searching for Author and Tag.
- Type in the name of your chosen plugin
- The plugin will appear, perhaps alongside some alternatives.
- Click on the button ‘Install Now’ and follow the screen instructions and the plugin will be installed.