WordPress plugins are written in PHP, which is a general purpose programming language used for server side scripting in web design and development.

Plugin either enhances the existing features of your blog OR they simply add new features to it. For example, WP Smush.it plugin compresses all the images that you upload to your blog using the default media uploader of WordPress, while W3TC plugin helps you to use a Content Delivery Network with your blog.

Important things to keep in mind before installing Plugins

Due to security reasons it is always recommended that you should only install plugins which are:

  • Hosted and maintained on the official plugin repository of WordPress i.e. https://wordpress.org/plugins/ OR on a third party website of a trusted developer. These plugins are thoroughly tested and are generally considered to be safe.
  • Regularly updated by its creator.
  • Compatible with the latest version of the CMS (Content Management System).

WordPress is a very popular CMS and you can download its plugins (as well as themes) from various sources on the internet. Although it is highly recommended that you should not download plugins (and themes) from a torrent or warez website, as they might contain eval(base64_decode()) OR some other type of malware!

The malware may compromise your computer as well as your whole installation. Once your installation has been infested, it may compromise the computer of your blog visitors too! After this almost all web browsers will start showing something like following error to everyone (including you), whenever someone tries to access your blog:


Because of the infestation your search engine rankings may also get affected, so it is highly suggested that you should download free as well as paid plugins from trusted and official sources only.

Also when you are going to install a plugin, it is necessary that you should check its release date. If you try to download an outdated plugin from the repository, then you will see following error there:


This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

If you see above error for a particular plugin then either you may want to look for its alternative OR install it at your own risk! The outdated plugin may either work absolutely fine for your blog OR it may not work as expected. The plugin may also contain some security vulnerability, as you are going to use a code which is older than 2 years!

Also, if you’re going to purchase or download a plugin from a third-party website and you do not see any release date OR change log for it, then you may want to contact the developer directly and ask him these details.

How to install Plugins?

Login to your dashboard and then click on Add New under Plugins in the left sidebar:

add new

You will now be taken to a new page where you will see following options for plugin installation:

install plugins


The search page allows you to search for a specific plugin in the official plugin repository of WordPress. Suppose you want to install WP Super Cache for your self hosted installation, then all you need to do is to type super cache in the search field and click on search plugins button:


The immediate next page will show you a list of plugins that matches your search keywords. Popular plugins are generally present at the top of the list because of their high ratings and total number of downloads:

search results

If you see the plugin of your choice in the list, then click on Install now link under the name of the plugin and the CMS will start downloading plugin files onto your server and will install it almost instantly after extracting/unpacking the whole package:


Once the plugin has been successfully installed, you will see an activate link under the name of the plugin on the Plugins page:

activate plugin


The Upload option allows you to install a plugin by uploading a compressed .zip file to your server. This feature can be considered very useful when you are going to install a plugin that is available only on a third party website and not on the official plugin repository.

Suppose you want to install Post Layout plugin for your blog, so that you can easily insert HTML as well as JavaScript code at the top, middle and bottom of your posts and pages. For this go to the official plugin page using this link and click on the red download button:

post layout

Your browser will ask you where do you want to save the compressed file onto your computer’s hard drive? Select your preferred location and click on Save button.

Once the file has been downloaded successfully, go to Upload page under Install Plugins and click on choose file button. Now browse to the location where you have saved the compressed file earlier, select it and click on Install now button. The CMS will start uploading the file to your installation’s plugins directory (/wp-content/plugins/) in the background.

Note: Before uploading the plugin, WordPress may ask you to enter your FTP username and password for your domain.

Once the file has been successfully uploaded, it will now be unpacked by the CMS. If the installation is successful, then you will start seeing an Activate plugin link.


The featured plugin page under Install plugins shows you a list of random but useful WordPress plugins short listed by the official WordPress team.


A list of plugins with very high ratings and total number of downloads in the official repository are shown on this page.


A list of recently submitted plugins to the official repository are shown on this page. Keep in mind that you should be very cautious when installing plugins from this page, as many of them may not work as expected.


This page allows you to populate a list of plugins that you have favorited in your WordPress.org account. All you need to do is to enter your WordPress.org’s username and click on get favourites button:


Feel free to check out my list of some favourite plugins on this page.

Install a plugin using SFTP or FTP

You can also install a plugin by directly uploading all its files to your account’s plugin directory (/wp-content/plugins/) either by using FTP (File Transfer Protocol) OR SFTP (SSH File Transfer Protocol). Both protocols allows you to upload and download files to/from your server using certain applications.

When you transfer your data over a plain FTP connection, the connection between your computer and the server is not encrypted. But when you transfer data over SFTP, the connection is always encrypted. Let’s see how to upload plugin files to your server using popular FTP clients viz. FileZilla and WinSCP?


FileZilla is a free application for Windows, Linux and Mac OS X using which you can upload and download files over FTP, SFTP and FTPS (FTP Secure OR FTP-SSL). The application can be downloaded from here.

Once you install and run the application, it will ask you to enter following details in order to establish a connection with your server:


Host name: Enter the web address of your server in this field. If you do not know the web address of your server, then either check the welcome email that you received when you first signed up with your hosting provider OR open a support ticket with your host.

Instead of using your server’s address, you can also enter your domain name in this field. If the connection is successful between your computer and the server, then the client will directly start showing the the root directory of the domain that you have entered in the host name field.

Keep in mind that you are also required to enter the protocol before the web address using which you want to connect. For example, if you want to connect using SFTP, then you should enter sftp:// in the host name field (sftp://xyz.net). In case you do not enter any protocol, then the client will assume that you want to connect using plain FTP (ftp://xyz.net) only.

Username and password: Enter the username and password of either your Control Panel or FTP account.

Port number: Port 21 is generally used to connect over plain FTP, while port 22 is used to make a connection over SFTP.

But many popular hosting providers do not use above mentioned port numbers because they are prone to Distributed Denial of Service Attacks. To know the exact port number of above protocols set by your provider, either browse their knowledgebase OR you may want to contact their support directly.

If all the entered details are correct, click on Quickconnect button and the the client will try to connect with your server. While connecting you may see an Unknown Host Key error which says:


The server’s host key is unknown. You have no guarantee that the server is the computer you think it is.

Double check the web address of your server/domain name in the Host field and if it is correct then check the box in front of Always trust this host, add this key to the cache and click on OK button.

If the connection with your server is successful, then you will start seeing directory listing on the Local Site (your computer) and on the Remote Site (your server) in the client’s user interface.

Suppose you want to install WP Super Cache plugin for your blog using SFTP, then all you need to do is to download the compressed file of the plugin from this page and extract its content somewhere on your hard drive.

Now within FileZilla’s user interface, browse to the directory under local site where you have extracted the content of the compressed file and drag and drop the whole plugin folder to /wp-content/plugins/ directory of your domain under remote site:

drag drop

The client will now start uploading all the files that are present in the extracted folder. Once all the files have been successfully uploaded to the server, go to Plugins page in your blog’s dashboard and click on activate link present under the name of the plugin whose files you have just uploaded:

activate plugin


WinSCP, also known as Windows Secure CoPy, is an open source application for Windows operating system. Just like FileZilla, WinSCP is also used to transfer data between a local and remote computer using SFTP, SCP (Secure CoPy) and FTP.

You can download the application from here and install it on your computer. When you run the application, it will ask you to enter following details:

winscp login

  • File protocol: Select from SFTP, FTP (No encryption, TLS/SSL implicit encryption, TLS explicit encryption and SSL explicit encryption) and SCP.
  • Host name: Web address of your server/domain name.
  • Port number.
  • Username and Password of your control panel OR FTP account.

Once you have entered above mentioned details accurately, click on Login button and the client will try to connect with your server. When connecting, the client may show you a warning which says:


Continue connecting to an unknown server and add its host key to a cache?

The server’s host key was not found in the cache. You have no guarantee that the server is the computer you think it is.

The server’s rsa2 key fingerprint is: ssh-rsa 2048 ab:cd:a1:b2:c3:xyz

If you trust this host, press YES. To connect without adding host key to the cache, press NO. To abandon the connection press CANCEL.

If you are sure that you have entered your server’s web address/your domain name correctly, then click on YES button and the client will get connected to your server. It will also add the host key to its cache, so that you don’t see above error next time.

Just like FileZilla, you can now drag and drop files/folders from your computer to remote server’s directory within WinSCP’s user interface.

How to Update Plugins?

Once you have installed a particular plugin for your blog from the official repository, the CMS will notify you whenever an update for it is available:


For adding new features, improving currently available features and fixing security issues, updates are generally released for a plugin. If you see an update for a particular plugin, then click on Details of the currently available version and you will be able to see its change log:



Change log may give you an idea regarding what changes have been made in the current version of the plugin by the developer? Keep in mind that sometimes the developer do not maintain a change log in the official plugin repository, instead he maintains it on a third party website of his own. In such a case you are required to visit the website of the developer to see a full list of changes that has been made.

update now

Click on Install update now button and the CMS will download the current version of the plugin from the official repository in the background. Once downloaded the plugin should get updated to the latest version.

Note: If you have downloaded and installed a particular plugin from a third-party website, then WordPress won’t notify you about its updates. In such a case you have to manually check for updates on the third-party website OR you may want to signup for their newsletter using which they notify their users about an update.

How to Uninstall a plugin?

WordPress plugins can be easily uninstalled by going to Plugins (/wp-admin/plugins.php) page in your dashboard and then clicking on delete link present under the name of a particular plugin:


Keep in mind that you can only delete an INACTIVE plugin. If you try to use the delete option present under Bulk Actions menu to delete an ACTIVE plugin, then the CMS will show you following error:


You cannot delete a plugin while it is active on the main site.

You are required to first deactivate the plugin and then click on the delete link. The CMS will ask you whether you are sure that you want to delete the plugin files? Click on Yes, delete these files button and the plugin will be instantly removed from your installation:

delete plugin

Before uninstalling a plugin if you click on Click to view entire list of files which will be deleted, then you will be able to see a list of all PHP files which will be removed from your account’s plugins directory.

Important Notes:

  • When you uninstall a plugin, all its saved settings will be deleted from your database permanently. These settings cannot be recovered even if you try to install the same plugin once again for your blog.
  • After you uninstall a plugin, many things in your site may stop working. For example, if you uninstall RePress plugin from your installation, then you won’t be able to use your WordPress blog as a proxy site any more. If possible try to make a list of features that will stop working immediately after uninstalling a plugin.
  • You can also uninstall a plugin by directly deleting its folder from your server using a FTP/SFTP client.
  • Certain plugins may ask you to enter/remove a code in/from your theme file before/after uninstalling it. In such a case you are required to manually edit your theme files by going to Appearance >> Editor in your dashboard.
  • If available, you may want to refer to the read me file of a particular plugin to know how to properly uninstall it?