Secure WordPress plugin installation Guide for Beginners


Hi, in this post you can learn how to install WordPress plugins securely and effectively. So that you can run and manage your website without compromising speed and security.

WordPress plugins make your website dynamic and rich. WordPress plugins are pre-created (programmed) features or functions or extensions. You can browse and install plugins on your website as per their importance and value.

There are more than 59,904+ free plugins on the repository for self-hosted WordPress Websites to install. Many of them are free with basic features. But for premium features, you have to buy a paid subscription or need to buy the paid plugin. Here you can learn about WordPress.Org or Which would be best for you?

Why I have written this post?

scan results

Please see the picture above. This was the malware in the hosting server website folder that created so many fake PHP and js files. I just download it for testing and investigation. And when I test the same folder after downloading it to the computer, then I found the name above.

I found recently on one of my client’s websites that were not been updated for many months. It was on shared hosting.

The hosting company suspended the account or stopped the server website. And when clients have seen the suspended message on the browser screen in the morning they contacted the hosting company. Then they got the information about malware after a scan run by the hosting company. The hosting company asked them to clean and delete the malware.

Learn more: How to harness the power of WordPress-optimized hosting

The strange thing for me here is that “Why hosting company was not able to delete or prevented the malware to enter the server?” Even if a client has a shared hosting plan?

screen shot of malware files in the website server folder

Then I remove the files manually. There were 30 to 40 files in the website folder. And after scanning 2 to 3 times by the hosting company for confirmation then they activate the website again. The thing I notice was incorrect file permissions and lots of inactive or active plugins without updates.

Now, how did that happen? There is no clear cause. There are hundreds of reasons behind it. So the point is, whatever you run or do on the internet it’s always good to be aware of it. And that motivated me to write this post on the plugin installation.

What is Malware? What Malware can do on WordPress websites? Who injected it? 

what is malware

Malware is software that is mainly created or injected or spreads for the purpose of gain, unauthorized access or damage to the system. In WordPress, it can go through any input source such as plugins, themes, login, comments, internal links, API, and thousands of others.

It can be created to disrupt the competition, scrap the website, downgrade the rank of another business, and many other evils reasons.

Mainly there are two aspects of WordPress plugins: 

The 1st is the internal aspect of (the backend) website. You need to install those plugins that are important for your website’s internal functionality, content, management, and security such as SEO plugins, security plugins, broken link check plugins, redirection plugins, and page builder plugins.

The 2nd is the external or public aspect (Front end) of the website. You have to install those plugins that are useful and helpful for your website visitors and your business such as the contact form plugin, social media sharing plugin, and popular posts plugin.

Many hosting companies provide 1 click installation of WordPress and WordPress management through third-party applications such as soft clues.

You will get many basic plugins by default installed during WordPress installation. Especially when installing through WordPress installer.

Ways to Install WordPress Plugins:

  • Plugin installation through “Plugin -> searches or upload option – best for beginners.
  • The 2nd is through an FTP connection and by using FileZilla – Best when you want to add a custom plugin or give access to the web design company for plugin installation.
  • The 3rd is through cPanel, file manager, and upload option – For admin only. Also, consider the folder permission option.
  • The 4th is through the cPanel WordPress Installer app such as Softaculous – Best for beginners

You can choose anyone based on your preferences. Here you can read the step-by-step guide to installing WordPress plugins.

Plugin installation without compromising the security and speed of your WordPress website:

I learned these things while working on my own and clients’ WordPress websites. And I am sharing that with you in a guiding manner. This is very important for WordPress Beginners as well as for WordPress freelancers managing clients’ websites.

Why it’s important to install WordPress plugins securely?

Internet security is important not just for people but also for digital assets. It’s important to have a virus and spam-free website. It’s important to have the WordPress database optimized, clean and free from the plugin files and tables that you no longer used or are inactive. So that plugin installation or while adding new features through plugins you will not compromise the website speed, domain authority, SEO, and security.

How to install the WordPress plugin securely?

Spam, malware, and fake traffic reduce the speed and decrease the authenticity, ranking, and revenue. WordPress software is secure on its own. But as you know the guarantee is not used in technological products and services. Especially when you’re using a self-hosted website or hosting on a shared server.

It’s very important to follow the best security practices during plugin installation and editing/customization operations.

1. Scan the plugin folder before uploading:

plugin scan

You can install popular and recognized services and plugins such as Yoast SEO, Elementor, and Contact Form 7 directly through the “Add New Plugin, Search, Install and activate the option” inside your WordPress dashboard.

But when you’re not sure about the WordPress Plugins and company. And when there are fewer ratings and reviews then it’s important to scan the plugin folder for malware and virus.

To do this in Microsoft Windows, 1st you can unzip the folder. Right-click on the unzipped folder then scan it through Antivirus or Microsoft defender. You can do a full scan or a custom scan for the specific folder. Also, test or scan the custom plugin files that you get from web development companies.

If there is no error or virus then zip this folder again. And then upload it to your WordPress website through add a new plugin option Or through an FTP connection.

Do this practice for both paid and free plugins mainly or most importantly when downloaded from outside WordPress.Org. Once you’re sure then install WordPress plugins.

2. Check the plugin authenticity:

check the plugin publisher or developers authenticity

check plugin ratings before installation

  • Check the plugin contributors: It’s important to see who has created and contributed the plugin that you want to install on your WordPress website. You can visit the contributor profile and if you found it authentic then you can test and install the plugin.
  • Check the plugin publisher company/website.
  • Check when it’s last updated. If it’s updated more than 1 year ago and also has an older version from the latest PHP version then do not install it. Whether it’s active on 1000 users and reviewed by hundreds of people.
  • Check not only 5 Stars reviews, but also see how many have given 1-star reviews.

3. Optimize and Clean the database:

When you’re a WordPress beginner you install, test, and delete plugins many times a month. Each time when you install the plugin it uses and consumes database tables. And on delete or deactivation, many plugins do not have this option to delete their files and changes on uninstallation.

Later after a year or two on a website, you will start getting slow speed or database errors. Like you do Disk clean-up in Microsoft Windows remove temporary and inactive files to make your pc clean and fast. You have to do similar to the WordPress website database.

Similarly, we need this practice in WordPress websites or any web application database. We call this database optimization. The optimized and cleaned database responds to server queries faster. And this increase the website loading speed.

That’s why as a beginner, only install the plugins that are important and delete those that are inactive. And also clean the database tables from old plugin files that you no longer use.

But when you optimize your database make sure you take the backup or have the basic MySQL and MariaDB database knowledge. You can also take the help of the database optimization plugins or hire a WordPress database optimization expert if you find any difficulty.

4. WordPress plugins installation best practices for website speed:

Often to give an extra look, function and so many dynamic and animated features to your WordPress website, you get used to yourself using various plugins.

The problem with this is that it will slow down your website and add lots of code that you actually do not need to use. Indirectly this will impact the website speed.

You do not have to have to build habits of installing lots of plugins to add a small functionality to your website. If something you can add through Custom CSS, child theme, and customization of a few settings in header/footer/function files that are best.

When you need any functionality in your website, try to find the code or manual method to do that instead of using the plugin. If there is no other way to add that functionality then you can use the plugins.

Also whenever you use plugins or add any fancy feature to your website, always consider your website visitors. Websites are created for users and if something is not contributing to your customer/visitors and your business then do not use that.

5. Make sure your plugins are updated:

Not only it’s important to install updated WordPress plugins but it’s also important to update them frequently or enable auto updates.

But before updating the plugins it’s also important that you take backup o to have an auto backup for when something new is installed or updated. Backup is more important if you’re using any custom settings in WordPress plugins and pages.

Along with such practices you also have to monitor your website manually. You can install WordPress security plugins, antivirus, and spam blockers plugins. So that your new or high-traffic website remains safe to use. Any broken plugin or malware can spread into many of your website folders.

That’s why it’s important to constantly check your website’s technicalities, audit technical SEO, and monitor user or visitor activities. Also do not ignore Google, Bing search console, hosting server errors, suggestions, and warnings.

Stay updated with the latest WordPress updates and security practices. It’s very important for those running the entire business on WordPress websites and skills. So, I hope by considering the above plugin installation guide and tips you can manage and grow your website and business successfully.

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Spread the love

Leave a Comment