WordPress Tutorial: A Guide to WordPress for Beginners

banner_WP

By Oliver Dale of WPLift and ThemeFurnace for Udemy

Interested in more than just a guide? Check out a full course.

TABLE OF CONTENTS: CLICK TO JUMP TO A SPECIFIC SECTION

Introduction

Difference between WordPress.com and WordPress.org
WordPress.com ( Free Hosting )
WordPress.org ( Self-Hosting )
About Hosting for WordPress
How to Install WordPress

The WordPress Dashboard

General Settings
Permalinks
Discussion Settings
Author Profile

Content Creation

Difference between Pages and Posts
Categories and Tags
The Post Editor
Media Library
Publishing a Post

Introduction to Themes

Types of Themes
Where to find Free Themes
Where to find Premium Themes
Theme Marketplaces
Theme Companies
How to Install a Theme
Using the Customizer
Creating a Custom Menu
Introduction to Widgets and How to Use Them

Introduction to Plugins

How to Install a Plugin
Where to find Free Plugins
Premium Plugins
Recommended Free Plugins

WordPress Security & Backups

Keep Updated
Security Settings
Recommended Security Plugins
Backup Plugins


Introduction

WordPress is by far the most popular content management system on the internet today with a 66% market share and is currently being used to power 23.3% of all websites online.

WordPress started life in 2003 when founder Matt Mullenweg “forked” a piece of blogging software named b2 / Cafelog (forking is when you take the code of one piece of software and use it as the basis to create something new). With the help of Mike Little, they used the code to create the first version of WordPress for release on the 27th May 2003. I’m sure that at the time they had no idea just what an impact their small blogging script would go on to have in the years to come.

Since that first release in 2003, WordPress has developed from a tool for blogging into a full content management system which can be used to power just about any type of website you can think of, from simple blogs to online portfolios for photographers and designers, full eCommerce websites selling physical or digital goods, marketplaces, online auction sites, directories and of course corporate websites for some of the largest companies online today.

wordpresslogo

There are also thousands of themes to change the look of your website and many more thousands of plugins to add and extend the functionality. Did I mention that it’s completely free for anyone to download and use?

In this tutorial we will be taking a complete beginners look at WordPress and discuss the different options available to you, how to install WordPress on your choice of host, how to use the most popular features, create content, add themes and plugins and also how to make your WordPress site safe and secure from spammers and hackers.

Difference between WordPress.com and WordPress.org

The first choice that first-time users will have when coming to WordPress is which version to use. You have two options: a self-hosted installation of WordPress or signing up for WordPress.com, which is a website that will let you sign up and host your WordPress website there for free. Of course there are quite a few things to bear in mind when choosing between the two, so in this section I will break them down and point out the pros and cons of each.

WordPress.com (Free Hosting)

WordPress.com is a website which is owned by the creator of WordPress, Matt Mullenweg, under his own company Automattic and is a for-profit enterprise. Essentially it is a free service which lets you sign up and create a WordPress website quite easily, and they will take care of hosting your site and all the other considerations behind the scenes so you can can concentrate on creating content without having to worry about anything technical.

wordpresscom

They make money from WordPress.com by displaying text adverts on your site and charging you for add-on services, such as backups, premium themes and plugins. You are given a free sub-domain for your site in the format of http://yoursite.wordpress.com so you would have to purchase a domain name and point it to your site there if you choose to do so.

Let’s take a look at the pros and cons of choosing this method:

Pros

  • Free – Signup and get a free website
  • Ease of use – Beginner-friendly, no technical knowledge required
  • Security – Hosted on secure servers controlled by Automattic
  • Maintenance Free – They will keep everything up to date for you
  • Support Included

Cons

  • Have to pay for using own domain
  • Limited choice of themes and have to pay to customize them
  • Limited choice of plugins
  • Now allowed to monetize your site unless you receive 25k views per month, and then have to use their Ad Control program
  • Have to pay for storage above 3GB

WordPress.org (Self-Hosting)

WordPress.org is where you can download the latest version of WordPress for installation on to your own hosting account. This version is completely free and is licensed under the GPL, which means you are completely free to do what ever you like with it. You can use it to create as many websites as you like, modify it however you like – you could even rename it and create you own “fork” of it if you wish. That’s the beauty of the GPL license.

wordpressorg

If you choose to go for this version of WordPress, there are some extra considerations that you should bear in mind. The first is that you will be required to own your own domain name and purchase hosting from a suitable web hosting company, which will cost you a yearly or monthly fee. The second is that you will have to install the script yourself, which can be a little confusing for beginners. Luckily a lot of hosts these days have a “one-click” installation feature which will do this for you. I will show you how to install WordPress yourself next, but first let’s take a look at the pros and cons of this way of using WordPress.

Pros

  • Free to download and use
  • Complete control over your website
  • Install any theme or plugin
  • Monetize how you like

Cons

  • Have to pay for hosting and domain name
  • Responsible for all updates and security
  • Responsible for site backups
  • Steeper learning curve
  • Support not included

About Hosting for WordPress

If you choose to go with the self-hosted option for using WordPress, one of the most important considerations is choosing a good web host. These are the people responsible for keeping your site online. Choose a bad host and you could suffer downtime, hacking attempts, slower access speeds, poor customer support and a host of other problems.

Luckily there is a new breed of hosting companies which are catering specifically to WordPress websites. These hosts are sometimes called “Managed WordPress Hosts” or they will be regular hosts which offer special features for WordPress users. I am going to list a few options here; all of these hosting companies provide a great quality service, good customer support and are tailored towards WordPress websites.

  • SiteGround – I personally use SiteGround to host my WordPress site. They offer reasonably priced hosting packages at different levels and they have some good WordPress features such as their own plugin to speed your site up, WordPress staging and their customer support is really fast and responsive.
  • WPEngine – WPEngine offers a “Managed” hosting experience specifically for WordPress sites; they will keep your WordPress installation and plugins up to date for you.
  • Pagely – Pagely is similar to WPEngine in that they are a Managed WordPress host and will keep everything secure and up to date for you.
  • Inmotion Hosting – Inmotion Hosting is a more traditional hosting company with a range of different plans. They run cPanel and offer one-click WordPress installations and also offer great customer support.

How to Install WordPress

The web hosting companies listed above all offer “one-click” installation of WordPress, which greatly simplifies the process. If you choose another host which doesn’t offer this or would like to see the manual process, I will break it down for you in this section. Here we will be assuming that your host uses cPanel for your control panel, which is the most popular option. The steps may vary if they use a different one, so you would need to contact them for instructions if that is the case.

The first step is to log in to your cPanel account and create a mySQL database for your WordPress installation to use. Scroll down to the “Databases” section and choose the “MySQL Databases” option.

mysql

One the next screen, enter a name for your database at the top and click “Create Database”.

createdb

Once it has been created, note down the name of your database and click the “Go Back” button.

created

You now need to create a user for your database so that WordPress can interact with it. On this page, enter a username and password; you can click the “Password Generator” to let cPanel create a secure one for you. Once done, click the “Create User” button.

user

The final step is to add the user you created to the database you created. In the “Add a User to a Database” choose your database and user from the drop-down list and click the “Add” button.

adduser

On the next screen, tick the “All Privileges” box and click the “Make Changes” button.

privs

You now have a database and a user added to it, and can move on to the next stage.

Head over to WordPress and download the latest version here. Once you have the zip file on your computer, unzip it and you can now upload it to your hosting.

wordpressfiles

Uploading WordPress is done via FTP. Your hosting company should have provided your FTP details for your account when you signed up with them. Enter these into your FTP program; a good free one to use is Filezilla.

Upload all the WordPress files to the public_html directory of your hosting account if you wish your WordPress site to be located at http://www.youdomain.com, or if you would like it in a folder ( such as http://www.yourdomain.com/blog ) then create a new folder and upload the files there instead.

Once the files are all uploaded, visit your site in a browser to start the installation process. You will first have to enter your database name, username and password you created before and you can leave the other two fields as they are.

install1

After clicking “Submit”, on the next screen you can enter some required information about your site. Give the site a title and pick an admin username (I recommend that you choose something other than “admin” for security reasons). Enter your password and email address and then click “Install WordPress”.

install2

Once it has installed, you will be presented with a “Success” message saying it has been installed. You can then click the “Login” button to proceed to your WordPress admin area.

install3

You now have a working installation of WordPress and can progress to getting familiar with the WordPress dashboard.

The WordPress Dashboard

To get started with your WordPress site, you will need to log in using the username and password you created when installing it. You can log in at http://www.yourdomain.com/wp-admin where you will see the following form:

login

Once you have logged in, you be presented with the WordPress dashboard. This is the main admin area for WordPress where you can configure the settings for your site, create posts and pages, install themes and plugins and a whole lot more. On first installation of WordPress there is a helpful “Welcome to WordPress” section at the top which contains some links you can follow to start having a look around and getting used to the Dashboard.

welcome

You can now take a look at the front end of your website, where you will see the default blogging theme installed, named “Twenty Fifteen”. In later parts of this tutorial, we will look at how you can customize your site by adding different themes.

twentyfifteen

General Settings

There are a few settings which need to be taken care of on each new installation of WordPress. This is also a good chance to get familiar with your Dashboard. To start off, in the sidebar, visit “Settings” > “General” and you will see that here you can set some options for the site:

  • Site Title (Name of your Site)
  • Site Tagline (Description of your site)
  • WordPress Address (Location of WordPress)
  • Site Address (Your site homepage if you installed WordPress in a directory)
  • Email Address (Admin email)
  • Membership (Tick this if you want people to be able to register on your site)
  • New user default role (Leave as subscriber for now)
  • Date Format
  • Time Format
  • Day the Week Starts
  • Site Language

generalsettings

You will probably not need to change anything here, but remember it for future use should you want to move your site or change the title/tagline.

Permalinks

The next thing to do is setup your “Permalinks”, which is the URL structure your website will use. By default WordPress has them in this format:

http://www.yourdomain.com/?p=123

… which is not the prettiest or most search-engine-friendly option to use. You have the option to use them with dates inserted like so:

http://www.yourdomain.com/2015/08/19/sample-post/

… which is better, but my recommendation to use here is simply the “Post Name” option, which provides the shortest and best-looking option:

http://www.yourdomain.com/sample-post/

To use this option, click the “Post Name” option and then click the “Save Changes” button.

permalinks

Discussion Settings

The next step with a new WordPress site is to configure your “Discussion” settings, which control the commenting feature. People can leave comments on your posts, which is a great feature but should be controlled so you prevent spammers from leaving comments. To do this, visit “Settings” > “Discussion”. I recommend that you un-tick the “Allow link notifications from other blogs (pingbacks and trackbacks) on new articles” box, as this can be open to abuse. The other options are fine to leave for now, but can be modified later if you start to receive a lot of spam on your site.

discussion

At the bottom of this page, you have some options for “Avatars,” which are the small icons left next to a person’s name when they leave a comment. You can choose which default ones to use if the user does not have one set, or you can disable them completely if you prefer.

avatars

Author Profile

Another section worth checking out is your Author profile page. This is located under “Users” > “Your Profile” and lets you set some options for using the site and personal information about yourself.

At the top of the page you can choose to disable the “Visual Editor”. I recommend that you keep this enabled as it’s very handy when writing your posts. You can choose a different admin color scheme if the default one is a little too plain for you. You can also disable the “Toolbar” when browsing your site. The toolbar is a bar which runs along the top of your site with shortcuts to various site features. Personally, I disable this as I like to view my site the way visitors would, but it’s up to you to decide if you find this feature useful.

userprofile1

Underneath this are options for your personal profile. You can enter your name, contact info, website URL and a short bio, which is displayed under your posts on the site. You can use this area to write about yourself and link to your social profiles, websites, etc.

userprofile2

Content Creation

Now that you have become somewhat familiar with the WordPress dashboard, it’s time to use it for something useful and publish your first piece of content. In this section I will show you how to publish blog posts and pages along with all the various options you can use along the way.

Difference between Pages and Posts

Out of the box in WordPress you are able to add two types of content: posts and pages. The method of adding content to them is nearly identical, as we will se in the next section, but they function differently on your site so it’s worth just explaining the difference between them. Pages are intended to be “one-off” static pages that are used on your site for things like an about me page, a contact page, terms and conditions, and so on. By default, comments are turned off on pages as they are not typically needed. Pages do not appear on the front page of your site when you add content to them; they are designed to be linked to from a menu, either in your header, footer or other place.

Posts make up the content of your blog. When you publish a post, it is the latest item shown on your site and when a new post is added, this will push it down the page. Posts have comments open on them by default and can be sorted into categories, by date and also by tag (more on this next). Your posts display in reverse chronological order and will appear in your website’s RSS feed, while pages do not.

Categories and Tags

To help group your posts together, there are two features you can use: categories and tags. When you publish a post, you can choose a category to place it under which will house all posts related to that subject, allowing a user to select this category on your site and browse all your posts related to it.

You can add categories as you go from the Post Editing screen, but I prefer to set them up in advance. You should brainstorm which topics you will be commonly writing about and add them now.

To do this, visit “Posts” > “Categories” and you will see a box to add a new category. Add them one by one here until you are satisfied with the result.

categories

The other way to group content together in WordPress is by the use of “tags”. When you add a post it’s a good idea to add around 3 relevant tags. Let’s take this post about WordPress I’m writing; I might choose to add the following tags to it:

  • Beginners WordPress
  • Introduction to WordPress
  • WordPress Basics

Then when I’m writing about WordPress again at a later date, there might be some cross-over in tags used, so then a site visitor could click on “WordPress Basics” and get all the posts related to that. Using tags is not necessary at all, so you can choose to skip them entirely if you wish. There has been some debate recently about how useful they are to the end user.

You can add tags like categories before you start writing (“Posts” > “Tags”), or choose to add them as you go, which is what I would recommend as you can tailor them to your content better.

The Post Editor

We now move on to the Post Editing screen, which is where you will probably be spending most of your time within the WordPress Dashboard. The Post Editor is where you can create new posts, edit them, and publish them to your website, and you can also schedule them to be published at a certain date and time. Visit “Posts” > “Add New” to get started.

The Add New Post screen contains a box to enter your post title and a larger box underneath, which is where you will type the content of your post. Just above the box you will see the “Visual Editor” menu, which you can use for formatting text with things like bold, italic, lists, quotes and inserting links. Above the Visual Editor is a “Add Media” button, which you can use for inserting images into your post.

posteditor

To test it out, enter a post title and some text and click “Save Draft”. If you wish to insert a link, highlight a piece of text and click the link icon and enter the URL for your link. You can then click the “Preview” button to see how the post looks on your site. It is not live yet, so don’t worry about that.

link

By default you have certain formatting options contained in the Visual Editor. If you click the far right icon called “Toolbar Toggle”, it will add a second row underneath with even more formatting options you can use to create your post text.

visualeditor

Media Library

An important part of any blog post is the accompanying images. All images, videos and audio in WordPress are controlled by the “Media Library”. When writing a post, you can access this to upload an image or pick one that has been used before. On your post editing screen, click the “Add Media” button just above the Visual Editor. This will load up a pop-up box and will show any images you already have used on the site like so:

medialibrary

To add a new image, click the “Upload Files” tab, which will open up the media uploader. Here you can either drag and drop a collection of images from your computer into the box or click the “Select Images” button and select them manually from your computer. Once your file(s) have finished uploading, you will be presented with some options on the right-hand side.

You can give each image a title and caption if required, Alt Text and a Description, and then you can choose some display options for when it is inserted into your post. You can choose an alignment (None, Left, Right, or Centered), Link to (None, Custom URL, Media Attachment Page, or the File itself), and you can can also choose a size (Full Size, Medium, or Thumbnail).

uploadedimage

Click the “Insert into Post” button and your image will now be added to the post. If you find you need to change any of the settings, simply click the image once and a toolbar will appear where you can change them.

editimage

Publishing a Post

So now you have written your blog post, inserted your links and images, and it’s ready to go live. Before you publish your post, there are a few final things to do before you do so. On the right-hand side of the post editing screen are some boxes you should complete. Ignore the top one, “Publish”, for now; we will visit that last. Choose a category for your post from the list you initially created. You can also add a new category here if you need to. Enter some tags for the post in the tags box, clicking “Add” after each one. And lastly is the “Featured Image” box; here you can upload an image associated with your post. Different themes display this differently, but will typically be the large image at the top of the post. It is uploaded the same way as before, using the Media Library uploader.

publishpost1

Once you are satisfied with those options, go back to the top of the right menu, where you have the “Publish” box. To publish your post live immediately on the site, simply click the “Publish” button and it will go live. Before doing so, I just want to point out a great feature of WordPress, which is the ability to “Schedule” posts. Clicking the “Edit” button next to the “Publish immediately” text opens up calendar area where you can pick an exact date and time for your post to go live. If you do that and click “OK”, the “Publish” button will change to a “Schedule” button, which when clicked will add your post to go live when you chose. This is a handy feature if you want to add a lot of posts at once and then spread them out over a period of time.

publishpost2

You now know how to add posts to your WordPress site. Pages are added in exactly the same way. Visit “Pages” > “Add New” and you will have the same post editing screen, except when creating pages, you do not have the option to pick categories and tags. Pages also have the schedule option.

Introduction to Themes

In this next section we will be discussing “WordPress Themes“. Themes control how your actual website looks and how the content is presented. They are the part that all site visitors will see, and there are many different types of themes for different purposes. A WordPress theme is made up of a group of files which are used as templates to display different parts of your website. There will be a template for the homepage, one for the blog, one for single posts, one for pages, plus any extra ones the theme creator decides to include. Let’s take a look at the different types of themes, free and paid, how to install them and how to customize them to fit your site.

Types of Themes

These days there is a WordPress theme for just about any purpose. There are niche-specific themes for creating a website for a doctor, a hotel, a job board, a photography portfolio and so on. There are also a lot of more generalized themes aimed at bloggers, business owners and so on. Most themes can be broken down into one of the following categories:

  • Blogging – Designed to be used for blogging as the main purpose
  • Business – For creating complete corporate-style websites
  • Portfolio – For displaying images or videos
  • Magazine – Similar to blog themes but used for more complex layouts
  • eCommerce – Used to build online stores
  • Multi-Purpose – Larger themes which can be used for different purposes
  • App – A more complex theme designed for a singular purpose, e.g., a directory, job board or real estate site
  • Frameworks – A basis to create your own custom themes on top of

Different types of themes will offer different styling and functionality within them, so it’s worth carefully reading the theme description and checking out the demo for the theme to see if it will suit your needs. Next up, we are going to look at where you can get free themes and paid themes, the differences between each and how to install them on your website.

Where to Find Free Themes

The best place to get free WordPress themes is via the official directory. Here you will find just under 2,000 themes which are completely free to download and use for any purpose. The reason this is the best place to source themes is that every theme listed here has undergone a strict review process to ensure that they are coded to WordPress standards. They will all support all of the WordPress core features and importantly, they are safe to use on your site.

You can find a great number of themes by searching on Google, but there are some problems that could arise from using this method. They won’t have been reviewed for code quality, so some features could break on your site. Some could have advertising placed in the footer area with links that you may not want (this is not allowed in the official directory) and even worse, some themes contain malicious code which could let hackers or spammers gain access to your website.

themes

You don’t even have to visit the WordPress website to add themes from the directory; they are accessible from within your WordPress Dashboard. Visit “Appearance” > “Themes” > “Add New” and you will see the same listings right there. From here you can check the latest themes, popular themes, and featured themes (which change at random each day), and there is a “Feature Filter” so you can choose colors, features and layout options. You can also search here using keywords related to the type of theme you are looking for.

themelisting

Unfortunately, not all themes in the WordPress directory are of the highest-quality design-wise. At the moment the design requirements are quite loose, so you will find quite a few themes with poor designs. Because of this, each month I publish a list at my blog, WPLift, of the very best free themes from the official directory. This is something I have been doing for years now, so check those out if you would like a good, up-to-date list of the latest well-designed themes:

Where to Find Premium Themes

So-called “premium” themes or commercial/paid themes are also available to use for your WordPress site. The main difference between these and free ones is that sometimes the design will be better (although the free themes are getting a lot better lately). They may include more features too, but the big difference is that you will receive customer support for your theme from the creator. If you are new to WordPress, they can prove to be a good investment. Good commercial theme companies will be continually releasing updates for their their theme to make sure it always works with the latest version of WordPress, while free theme providers do not have this requirement.

When choosing a commercial theme provider, you have the choice between a theme company or a marketplace. Theme companies will be operated by a single person or a team and will sell their own themes and have their own customer support system in place, either via a forum or ticket system, and you will be dealing with them directly. A marketplace is where one company will run the marketplace website, but they allow multiple vendors to sell their themes on their platform. Support in this case will be provided by each vendor, rather than the marketplace itself. Due to the nature of marketplaces, if you choose to purchase a theme from one, you should check the reviews and support options as each vendor will be different.

I’m now going to provide a few options for what I consider to be the best theme providers and marketplaces available at the moment.

Theme Marketplaces

  • ThemeForest – Currently the largest theme marketplace. They have 5,500+ WordPress themes available in many different categories. Some amazing themes are listed here, but so are some poorly coded themes, so make sure to check the customer reviews before purchasing.
  • Creative Market – I love CreativeMarket for all types of design-related purchases. It’s smaller in size than ThemeForest, but I find the quality higher in general. They currently have just under 2,000 WordPress themes listed.

Theme Companies

I have picked a few of my favorite theme companies to list here. These are all well-established companies that have been around for years and have earned reputations for good designs and good customer support. You can view a list here on the official site, which lists many more companies.

  • WooThemes – One of the oldest theme companies in existence; creators of the WooCommerce plugin, and have just been acquired by Automattic (the same company behind WordPress.com), so you are in good hands with these.
  • Obox – Obox Themes are another long-established theme company with a good selection of well-designed themes.
  • Elegant Themes – ElegantThemes are a huge favorite. They pioneered the “Theme Club” model, where you can gain access to all their themes for a one-off price. They currently have 87 themes, which can you purchase from $69 per year.
  • Array – Array is a smaller theme shop created by a 2-man team. They have some of the most beautiful themes I have seen.
  • ThemeFurnace – ThemeFurnace is my own theme company. We are also a small 2-man team with 17 themes available for a club membership price of $49 per year.
  • Themify -Themify makes some great-looking themes and plugins, and you can get access to all of them from $79 per year.
  • The Theme Foundry – The Theme Foundry are another well-established company. Launched in 2008, they have 12 themes for a price of $199.
  • Organic Themes – Organic has some great-looking themes available from $69 each per year, or all their themes for $249.

How to Install a Theme

Once you have downloaded your theme, it will be in zip format and you have two options to install it. You can unzip the file and upload the theme folder via FTP to your wp-content/themes folder on your site. This is located as follows:

http://www.yourdomain.com/wp-content/themes

An simpler way to install a theme is to upload it directly in zip format via your Dashboard. To do this, visit “Appearance” > “Themes” > “Add New” > “Upload Theme”. Click the “Browse” button and locate the theme’s zip file on your computer, and then click “Install Now”.

addtheme

Once it has uploaded, you can either click the “Live Preview” link to see how it looks on your site, or you can click “Activate”, which will put it live on your site right away.

addtheme2

You can add as many themes as you like. Visit “Themes” and all your uploaded themes will be listed. From here you can activate any you like or view their details.

addtheme3

Using the Customizer

WordPress has a built-in feature for making edits to your theme, named the Customizer. From here you can change things like colors, background images, upload a logo and so on. Every theme will have different available options, and some commercial themes may not use it all in favor of their own custom options panel. All themes listed in the official WordPress directory have to use the Customizer; they are not allowed to use a custom options panel. This is to try to make the user experience the same for most themes.

To get started with the Customizer and see what changes you can make, visit “Appearance” > “Customize” and it will load up. In the left-hand panel will be all the available options, and on the right will be a preview of your site. As you make changes, they will be updated in real time in the preview.

customizer

You should check what options your chosen theme offers and have a test of them. Don’t worry about messing anything up, as nothing is added to your site until you click the “Save & Publish” button located at the top of the left-hand menu.

customizer2

Creating a Custom Menu

The final theme-related option I would like to tell you about is “Menus” option. This allows you to create customized menus for your WordPress site. Each theme will have different menu places defined in the theme, and from here you can choose what links you would like to add to each one to aid your visitors’ navigation. To access this feature, visit “Appearance” > “Menus” to get started (you can also access this via the Customizer if you wish to see a live preview).

Give your menu a name related to it, and click “Create Menu”.

menus

Now you can begin adding links to your menu using the options on the left. You can add any pages from your site, any posts, and any categories, or you can create custom links which can link to any URL. You can also rename the links how you like and drag and drop the order of them until you have your menu looking how you want. In the “Menu Settings” area underneath you will see tick boxes with names. These are the available menu areas provided by your theme and will be different between different themes. Tick a location and click “Save Menu”, and it will now be live on your site.

menus2

Introduction to Widgets and How to Use Them

The final theme-related feature I would like to talk about is “Widgets“. Widgets are a way of adding different pieces of content to your theme in the sidebars, footer and any other “Widgetized” areas that your theme may provide; each theme is different, but most will include at least a sidebar area to house these. They are accessed via “Appearance” > “Widgets”, where you will see a list of available widgets on the left-hand side and your areas on the right. To add a widget to your site, you simply drag and drop the required one over to the desired area.

widgets

Once the widget is in place on the right, you can click on it to open it, and you will see each widget has some different options you can set. For example, here the “Categories” widget will display a list of all the categories on your site. You can give it a name choose to display it as a drop-down list, choose to show the post count for each category, and choose to show the hierarchy (if you have categories within categories).

widgets2

Your theme may include some custom widgets which are specific to that theme, and all WordPress themes will include the following default widgets:

  • Archives – A monthly archive of your site’s posts.
  • Calendar – A calendar of your site’s posts.
  • Categories – A list or drop-down of categories.
  • Custom Menu – Add a custom menu to your sidebar.
  • Meta – Login, RSS, & WordPress.org links.
  • Pages – A list of your site’s pages.
  • Recent Comments – Your site’s most recent comments.
  • Recent Posts – Your site’s most recent posts.
  • RSS – Entries from any RSS or Atom feed.
  • Search – A search form for your site.
  • Tag Cloud – A cloud of your most used tags.
  • Text – Arbitrary text or HTML.

Introduction to Plugins

We now move on to one of the most powerful elements of WordPress: plugins. Plugins are pieces of extra code you can upload and install on your WordPress website to provide extra functionality that is not included in WordPress by default. Plugins are an easy way for anyone to extend the capabilities of WordPress without having to touch a line of code. You simply upload the plugin via your Dashboard and activate it, and it will begin working.

There are plugins for thousands of different uses. Here are some examples of what you can achieve with plugins:

  • Social Media – Add sharing buttons for social media sites
  • Contact Forms – Easily add a contact form to your site to receive emails
  • SEO – Improve your search engine rankings
  • Membership – Create a membership website
  • Forums – Add a forum to your website for members
  • Security – Protect your site from hackers

These are just to give you an idea of what sort of things plugins can accomplish. First, let’s take a look at how to install a plugin. Then we will look at places to get them, and finally I will give you my list of essential free plugins that I think every site should use.

How to Install a Plugin

Installing a plugin works in much the same way as installing a theme. A plugin is distributed in zip format, which you can upload via FTP to your wp-content/plugins folder on your site. This is located as follows:

http://www.yourdomain.com/wp-content/plugins/

An simpler way to install a plugin is to upload it directly in zip format via your Dashboard. To do this, visit “Plugins” > “Themes” > “Add New” > “Upload Plugin”. Click the “Browse” button and locate the theme’s zip file on your computer, and then click “Install Now”.

addplugin

Once it has finished uploading, click the “Activate Plugin” link to finish the process. Different plugins will work in different ways, so you should consult the documentation. Some will add a new menu item to your Dashboard, while others will be under “Tools” > “Settings” > “Pluginname”.

Where to find Free Plugins

Once again, the WordPress directory is your best option for free plugins. It currently hosts around 40,000 different plugins for just about every piece of functionality you could wish to add to your site. It has a good search engine, so you can search for keywords related to what you wish to achieve.

plugindir

Now, because of the sheer number of plugins listed on there, you will find quite a lot of similar plugins, especially for more popular functionalities. So, you will need to do a little investigating to find the best one for you. If you click through on a plugin, each has their own listing page which will give you a description written by the plugin author. They will also include some screenshots, installation notes and sometimes an FAQ.

Down the right-hand side you can see requirements for the plugin, when it was last updated, and how many installs it has, and under that is a rating based on people who have tried the plugin and given it a 1-to-5-star rating. You should use these as a guide to how good the plugin is. Try and pick one which has been updated recently, has more installs and has a good star rating.

pluginlisting

Premium Plugins

Premium or commercial plugins work the same way as premium themes. They will be provided on a marketplace or the author’s own website and should include customer support. A lot of times when searching for a free plugin on the WordPress directory, you will see that the author offers a “pro” version of their plugin, which will often include more features or add-ons for a fee. I like these so called “freemium” plugins, as they gives you a chance to try the free version to see if it suits you, and then you can upgrade to a pro version if you need the support or extra features offered.

Recently there was a Pro Plugin Directory launched, which is doing a great job of listing premium plugins, along with reviews, etc. It only has 130+ plugins listed at the time of writing, but it’s a good source until there is an official version launched.

proplugindir

A large marketplace for premium plugins is called CodeCanyon. Created by the same company as ThemeForest, it currently offers 3,700+ WordPress plugins in many different categories. As mentioned before, make sure you check the listing description, check out the demo and read the reviews before purchasing.

codecanyon

Google is another place to find premium plugins. If the plugin is well established, you should be able to find quite a bit of information about it by searching for “plugin name + reviews” or searching for “plugin type roundups”. Also, blogs will often create list posts of different types of plugins.

If there is no demo of the plugin offered on the site, you can always contact the author and request one or find out if they have a money-back guarantee so you can test the plugin out and make sure it is suitable for your needs.

Recommended Free Plugins

  • Yoast SEO – This is quite simply the best SEO plugin for WordPress and will add a lot of features designed to help you rank better in the search engines. I install this on every single WordPress website I create.
  • Akismet – Akismet comes bundled with WordPress and is an anti-spam plugin designed to stop comment spammers from abusing your website.
  • ContactForm7 – The best free contact form plugin; really easy to setup and customize so you can create as many contact forms as you like with different input fields.
  • WP Super Cache – This is another must-use plugin. It will speed your WordPress site up considerably by utilizing “caching”, which means creating static HTML pages for your site which will load a lot faster for your visitors.
  • WooCommerce – If you plan to sell via your website, than WooCommerce is the best free eCommerce plugin. There are lots of available extensions and themes available for it.
  • JetPack – JetPack works like a toolkit for your WordPress site. You install the main plugin, and then there are lots of different modules you can enable for a whole range of site features.
  • WordFence – WordFence is a security plugin which provides a whole range of features designed to protect your site against hackers and malicious traffic.

WordPress Security & Backups

Our last section is dedicated to protecting your WordPress site from malicious activity. Due to the huge popularity of WordPress, it attracts hackers and spammers who wish to abuse it for their own purposes. Hackers normally target a site to place links on there, often hidden so the site owner doesn’t notice them, so they can gain links to their own sites from popular blogs. Spammers also aim to place links to their own sites in your comments sections; these aren’t usually so much a problem.

Luckily, WordPress is very quick to respond to any security flaws that are found, and new versions are released which fix any vulnerabilities quite quickly. There are a few steps you can take to make sure your site doesn’t become a victim of hacking and other malicious attacks, so let’s see what you can do to protect your website.

Keep Updated

The number one way to keep your WordPress safe from attack is to make sure you are always running the latest version. This is because if a vulnerability is discovered and fixed, updating your WordPress installation will prevent attacks from happening. The most common way hackers gain access to a site is if it is running an outdated version with a known vulnerability.

By default now WordPress will automatically update itself to the latest version as soon as it is released. Unfortunately, this can fail or certain hosts might have disabled this feature. If a new version becomes available, there will be a notification at the top of your Dashboard.

update

If you follow the “Please Update Now” link and then the “Update Now” button, WordPress will update itself to the latest version automatically.

update2

For the same reason, you should also keep your plugins and themes up to date, as security flaws can also be found in these. The process is the same as updating WordPress itself: any available updates will be shown under “Dashboard” > “Updates”, and a red notification with a number will appear there.

Security Settings

There are a few things you can do by default on your WordPress site to make life harder for hackers. The first thing you can do is choose a unique username for the admin user. Never use “admin”; make the username something hard to guess, and along with a strong password, this will add an extra layer of difficulty to getting your login credentials.

You should limit the number of accounts that have access to your admin panel. Try to keep the admin accounts to one, and limit other user levels to what is required; you can set users as subscriber, contributor, author or editor. Read more here about user levels in WordPress.

Something else you can do is set the file permissions correctly using your FTP program. They should be set as follows:

  • / – The root WordPress directory: all files should be writable only by your user account, except .htaccess if you want WordPress to automatically generate rewrite rules for you.
  • /wp-admin/ – The WordPress administration area: all files should be writable only by your user account.
  • /wp-includes/ – The bulk of WordPress application logic: all files should be writable only by your user account.
  • /wp-content/ – User-supplied content: intended to be writable by your user account and the web server process.
  • /wp-content/themes/ – Theme files. If you want to use the built-in theme editor, all files need to be writable by the web server process. If you do not want to use the built-in theme editor, all files can be writable only by your user account.
  • /wp-content/plugins/ – Plugin files: all files should be writable only by your user account.

Changing file permissions in an FTP program is usually done by right-clicking on the file or folder, which will open a box where you can set the options:

filepermissions

Recommended Security Plugins

There are a whole range of plugins dedicated to making your site more secure. Here are what I recommend you use:

  • Limit Login Attempts – This plugin will only allow so many failed login attempts. If too many are tried, it will block the IP address to prevent further attempts. This is useful to block “brute force” attacks, where the hacker will use a script to try and gain access to your admin area.
  • Captcha On Login – This is another way to protect your admin. By forcing the user to enter a Captcha code on login, this will prevent bots and other automated methods of logging in.
  • WordFence – This is a full security plugin which can check to see if your site is infected, block malicious traffic, and improve login security and the ongoing monitoring of your site.
  • Sucuri – This is a premium service which costs from $199 per year. They provide ongoing security scanning and monitoring with alerts and, in the event that your site is hacked or defaced, they will completely fix the problem for you and restore your site.

Backup Plugins

Another part of WordPress maintenance and security is making sure you have regular backups of your website. In the event that you are hacked or something goes wrong with your hosting, etc., if you have a complete backup of your site then you can restore it. How often you take backups will depend on your site. If you are blogging each day, you will need daily backups, but if you only add content every month, then a weekly backup should be fine for you.

Most hosting companies will have a backup system in place which you can set up via their control panel. I would also recommend that you add your own backup solution as an extra measure. You can use the following plugins to generate and download a backup of your site. An even better solution I find is to use one which will back up your website to a cloud service such as Dropbox or Amazon S3.

  • Backup WordPress – This plugin is simple to set up and will let you set up a backup schedule. It works well with shared hosting companies, where you might not have much available memory.
  • BackWPup Free – This is another plugin for scheduling backups, but will also let you store those on Dropbox and a range of other cloud services.
  • WordPress Backup to Dropbox – This plugin is designed specifically to back up your site to your Dropbox account; easy to set up and authorize the plugin.
  • VaultPress – This is a service by the creators of WordPress. You can get Daily backups stored on their servers from $9 per month.