Without a doubt, the best place to find free WordPress plugins is the official Plugin Directory. With over 12,000 plugins, compatibility polls, support tags, and usage statistics, it’s definitely the most complete resource out there.
Most WordPress users can easily find and install plugins from the official directory via Plugins -> Add New in their Dashboard, but some may need to complete a manual installation. To install a plugin manually, download it and then use an FTP or SFTP client to upload the decompressed archive to your blog’s /wp-content/plugins/ directory. Once the plugin has been uploaded, you should be able to activate it from the Plugins section of your Dashboard. If it isn’t appearing, the plugin may have additional installation instructions.
Plugins are not free from the dangers of malware, and can sometimes be far more dangerous than themes. Unfortunately, the plugin directory does not have a volunteer review staff like the theme directory does, so users need to be extra careful. Always check a new plugin’s tagged support topics before installing it and run the Exploit Scanner plugin before activating it. If it finds any results for the plugin files in the “Level Severe” category, just delete the plugin and find another. If you are ever uncomfortable with any of the results from the Exploit Scanner plugin, delete the plugin and find another.
Plugin malware is a serious issue. By simply installing and activating a plugin, you could instantly lose all of your data, subjecting your visitors to invasive scripts, or leaving your blog open to malicious attack.
To be safe, always run the Exploit Scanner plugin before activating a new plugin.
This is the third entry in our hopefully long-running WordPress FAQ series. What did you think, and what questions would you like us to answer next?
If anyone has any concerns about a plugin they can ask at
the http://wordpress.org/support/ forums and
they can also email plugins@wordpress.org If you email please be
specific as to what you have seen and why it is causing concern.
The plugin will then be installed, checked and read to establish
any issues.
Thanks for this article. I didn’t realize that the plug-in repository was not scanned in the same way that the theme repository is. The next plug-in I add will be the Exploit plug-in referenced above.
Very happy that I came across this post.
There are a few blogs that I have been having issues with and now I believe a few of the plug ins may be the problem.
Never knew about the Exploit Scanner plug in.
Appreciate this information very much.
Thanks
That was a great, quick read that included some critically important points:
The WordPress Plugin Directory is undoubtedly the best on-stop shop for any of our plugin needs. I have a few favorite developers that I follow, but I also know that their latest releases are sure to be found on the directory. And with the stats that help me make a decision on whether or not to install a plugin I am interested in.
The vulnerability of our sites to malware delivered through a plugin installation really is something to be taken seriously. I liked the fact you highlighted the need for a strict regimen of security checks each time a plugin is considered for installation.
Exploit Scanner Plugin. What a great tool. For me, it is just a matter of getting into the discipline of using it each and every time a new plugin is introduced to my site or to a client’s site. I know many of us just “hit the install button” because of the presumption of security that comes with things we get from the WordPress site.
As far as questions for furthering your FAQ series: You mentioned that our website visitors might be subject to invasive scripts associated with malware – any thoughts, advice, symptoms or other education you care to pass along would be much appreciated!
Thanks for writing a great, useful piece.