Without a doubt, the best place to find free WordPress plugins is the official Plugin Directory. With over 12,000 plugins, compatibility polls, support tags, and usage statistics, it’s definitely the most complete resource out there.
Most WordPress users can easily find and install plugins from the official directory via Plugins -> Add New in their Dashboard, but some may need to complete a manual installation. To install a plugin manually, download it and then use an FTP or SFTP client to upload the decompressed archive to your blog’s /wp-content/plugins/ directory. Once the plugin has been uploaded, you should be able to activate it from the Plugins section of your Dashboard. If it isn’t appearing, the plugin may have additional installation instructions.
Plugins are not free from the dangers of malware, and can sometimes be far more dangerous than themes. Unfortunately, the plugin directory does not have a volunteer review staff like the theme directory does, so users need to be extra careful. Always check a new plugin’s tagged support topics before installing it and run the Exploit Scanner plugin before activating it. If it finds any results for the plugin files in the “Level Severe” category, just delete the plugin and find another. If you are ever uncomfortable with any of the results from the Exploit Scanner plugin, delete the plugin and find another.
Plugin malware is a serious issue. By simply installing and activating a plugin, you could instantly lose all of your data, subjecting your visitors to invasive scripts, or leaving your blog open to malicious attack.
To be safe, always run the Exploit Scanner plugin before activating a new plugin.
This is the third entry in our hopefully long-running WordPress FAQ series. What did you think, and what questions would you like us to answer next?