A default WordPress install is fairly minimal. You can add pages and blog posts and manage various settings, such as whether or not visitors should be allowed to leave comments on your site. But it lacks some basic features, such as a contact form and spam protection. You therefore almost certainly want to install plugins to extend the functionality of your website.

Pre-installed plugins

You can manage plugins via the Plugins menu. There are two plugins installed by default: Akismet and Hello Dolly. The former is a paid-for anti spam plugin and the latter displays random lyrics from Louis Armstrong’s Hello, Dolly. Both plugins are deactive by default, which means they are installed but not used. You can typically delete them. To do so, select the plugins and then Delete from the Bulk actions drop-down menu.

The WordPress plugin page lists all installed plugins. You can activate, deactivate and remove plugins via this page.
Removing the Akismet and Hello Dolly plugins.

Installing plugins

There are lots of WordPress plugins. As at January 2021 there are over 58,000 plugins in the WordPress plugin directory. These plugins have been made by WordPress users all over the world, and they are usually free.

A downside of having so many available plugins is that it can be difficult to find the right plugin. In general, look for plugins that are actively maintained; have a large number of installs and good reviews.

We can’t really recommend plugins, but to give you an idea of how the plugin system works we will install All In One WP Security & Firewall. This is a free plugin that does a number of things to help keep your website secure. Among others, it can add spam protection to forms, which is highly recommended if you have any comment or contact forms on your website.

You can search for plugins via the Plugins page in the WordPress dashboard. Once you have found the plugin your want to install, simply click the Install Now button.

You can search for and install plugins via the Plugins page in the WordPress dashboard.
Installing the All In One Security plugin.

Plugins you install are not automatically enabled. To enable a plugin, click the Activate button. You can also activate or deactivate plugins via the main Plugins page.

Plugin settings

Plugins usually have various settings that can be changed. The All In One WP Security plugin adds a menu item to the navigation, and there is also a link to the settings on the Plugins page. All In One WP Security has lots of options. If you want to learn more about what the plugin can do, there is a good article at tipsandtricks-hq.com. For this article we will just look at the SPAM Prevention settings.

All In One WP Security has two anti-spam options: it can add a Captcha to forms and it can try to block spambots. If you hate spam as much as we do then you can enable both options.

The All In One Security plugin has lots of settings to help prevent spam.
The main spam settings in All In One Security.

When you are logged into WordPress you won’t see the Captcha. However, when you are logged out you see that a spam challenge is added to forms.

A simple spam challenge under a comment form, added by the All In One Security plugin.
The spam challenge added by All In One Security.

WordPress plugin madness

Although plugins are useful and often necessary, it is best not to go mad with plugins. Install plugins that are genuinely helpful, but don’t install a plugin just because you can. Plugins can have a negative impact on your website’s performance, and you may run into issue with incompatible plugins.

Also, bear in mind that some plugins become unmaintained. Those plugins may no longer work when you update the WordPress core files. Equally important, these plugins no longer receive security updates and can be exploited. Almost all WordPress hacks are the result of plugins that are out of date.

This article is part of a mini-series about getting started with WordPress. You can also read the following articles: