A default WordPress install is fairly minimal. You can add pages and blog posts and manage various settings, such as whether or not visitors should be allowed to leave comments on your site. But it lacks some basic features, such as a contact form and spam protection. You therefore almost certainly want to install plugins to extend the functionality of your website.
You can manage plugins via the Plugins menu. There are two plugins installed by default: Akismet and Hello Dolly. The former is a paid-for anti spam plugin and the latter displays random lyrics from Louis Armstrong’s Hello, Dolly in the dashboard. Both plugins are deactive by default, which means they are installed but not used. You can safely delete them. To do so, first select the plugins and then the Delete option from the Bulk actions drop-down menu.
Image: Removing the Akismet and Hello Dolly plugins.
There are lots of WordPress plugins. As at June 2021 there are over 58,000 plugins in the WordPress plugin directory. These plugins have been made by WordPress users and developers all over the world, and they are usually free.
A downside of having so many available plugins is that it can be difficult to find the right plugin. In general, look for plugins that are actively maintained; have a large number of installs and good reviews.
We can’t really recommend plugins, but to give you an idea of how the plugin system works I will install All In One WP Security & Firewall. This is a free plugin that does a number of things to help keep your website secure. Among others, it can add spam protection to forms, which is highly recommended if you have any comment or contact forms on your website.
You can search for plugins via the Plugins page in the WordPress dashboard. Once you have found the plugin your want to install, simply click the Install Now button.
Image: Installing the All In One Security plugin.
Plugins you install are not automatically enabled. To enable a plugin, click the Activate button. You can also activate or deactivate plugins via the main Plugins page.
Plugins usually have various settings that can be changed. The All In One WP Security plugin adds a menu item to the navigation, and there is also a link to the settings on the Plugins page. All In One WP Security has lots of options. If you want to learn more about what the plugin can do, there is a good article at tipsandtricks-hq.com. For this article I will just look at the SPAM Prevention settings.
All In One WP Security has two anti-spam options: it can add a Captcha to forms and it can try to block spambots. If you hate spam as much as I do then you can enable both options.
Image: The main spam settings in All In One Security.
When you are logged into WordPress you won’t see the Captcha (because you are a trusted user). However, when you are logged out you see that a spam challenge is added to forms.
Image: The spam challenge added by All In One Security.
Although plugins are useful and often necessary, it is best not to go mad with plugins. Install plugins that are genuinely helpful, but don’t install a plugin just because you can. Plugins can have a negative impact on your website’s performance, and you may run into issue with incompatible plugins.
Also, bear in mind that some plugins become unmaintained. Those plugins may no longer work when you update the WordPress core files. Equally important, such plugins no longer receive security updates and can be exploited. Almost all WordPress hacks are the result of plugins or themes that are out of date.
This article is part of a mini-series about getting started with WordPress. You can also read the following articles: