Your WordPress plugins might be silently losing business data

If your WordPress site uses third-party plugins, you may be experiencing data loss and other problematic behavior without even knowing it.

Like many of you, I’ve become quite attached to WordPress over the past 15 years. It is by far the most popular content management system, powering 28 percent of the Internet, and still the fastest growing, with over 500 sites created on the platform each day. Considering myself well versed in the software, I was surprised to discover — while working on a digital design project for a client — what could be the Y2K of WordPress. Many WordPress plugins are suffering data loss, and it looks like this problem will soon explode if not properly addressed.

The issue is essentially due to the fact that WordPress discards entire datasets even when only one of the data elements within the set contains too many characters for the insertion field. Because WordPress doesn’t log the data loss or any errors related to it, few developers are aware of the issue. And because of one particular scenario involving storing a visitor’s data when they’re connecting with an IPv6 address, the situation is exponentially worse.

Example: Say a WordPress site owner has a plugin installed that lets users add comments. Plugins like that typically store the user’s IP address along with comments they submit, for analytics purposes. For years, plugin developers have assumed that IP addresses were always in the standard IPv4, 15-character format that looks like this: Thus, plugin developers typically set the maximum allowed characters for the IP address database field their plugin uses to about 15-20 characters. However, IPv6 has a much longer 39-character format that looks like this: 2001:0db8:85a3:0000:0000:8a2e:0370:7334.

Unbeknownst to many users, site owners, and developers alike, these longer IPv6 addresses are becoming increasingly widespread. Those new addresses won’t fit into the database fields developers have been using for years. Furthermore, for security purposes, WordPress specifically validates that each part of a data set about to be stored will fit. In the example above, if the IP address is too long, WordPress discards the entire data set (not just the oversized IP address string). Worse, WordPress doesn’t log an error when this happens. The data is simply lost to the ether, without leaving a trace. This two-year-old WordPress bug thread shows how long the WP core devs have known that the community didn’t like this, but they still haven’t addressed it.

Yes, this currently just affects data coming from IPv6 addresses (currently about 17 percent of users). But while IPv6 use may be in the minority right now, it won’t be for long, and as it becomes the majority, these unexplained issues with data loss will reach pandemic proportions if left untreated.

Just how widespread is this?

1.02 million active WordPress plugin installs are silently discarding real visitor logs, content submissions curated by users, and more, right now, all because IPv6 addresses are present in the data being stored. Here are some other interesting stats:

  • 50,336 plugins are available at today
  • 200 plugins (~1 in 250) create IP address fields that are too short
  • Those 200 plugins have over 1 million active installs — a total of 1,023,280.
  • Here’s a publicly-accessible Google Sheet my team created that lists all known offending plugins. For each plugin, that sheet includes one example where that plugin declares an IP address field that is too short.

The fix is easy peasy: You simply need to change the table schema for the column that stores IP addresses from 15 to 39 (or more).

This problem can affect applications other than WordPress; really, any application that utilizes IP addresses and stores them in MySQL/PostgreSQL tables (especially in STRICT mode, which would prevent row inserts) where the column max is expecting a 15-character IPv4 IP address.

Debuggin’ the plugin

I uncovered this situation while recently working on a site that needed a rating system that allowed authenticated users to vote on specific post types. So naturally, I did a search of existing plugins that could meet the requirements and found one fairly quickly, CBX Rating, and it was a breeze to configure and get working. Then came the intermittent reports of the form submissions not going through.

I spent hours deactivating other plugins, digging through code, and guiding users via screenshare. I was unable to narrow it down or find any smoking gun. No success message, no error message, no errors in the console log, nothing in the server logs. How could form submissions be failing without errors?

I remembered something I had seen in WordPress before: row inserts silently failing if the data strings were longer than the table column maximums. So I shifted my attention to the back end, and that’s where I found the problem and my boss, Erik Neff (the company’s CTO), helped identify exactly why it was happening.

MySQL databases, not in STRICT mode, will truncate values if they’re over the max character count for a particular column and will insert the new record with a warning. When in STRICT mode, MySQL will not accept the record and will return an error. WordPress, on the other hand, won’t execute a query if it determines the length is longer than the max, and will instead return false, with no error or warning.

When using the WordPress $wpdb->insert method, you get back a 1 upon success and a 0 upon failure. But a function is called before any mySQL statements are executed, and that’s where the problem lies. The function is called protected function process_field_lengths, and it checks to see if the data’s length is less than the max allowable length for that table column. If the length is longer than allowed, the entire insert is aborted and false is returned with no error message or explanation. This is a known issue with WordPress core, and makes debugging that much harder.

The CBX Rating plugin we were using didn’t account for this failure point. I checked the plugin’s table schema and started increasing varchar max lengths across the board. Touchdown! Soon after, I got wind from users of all types that all forms were now being submitted successfully.

My mind raced to how this could be an epidemic, so Erik and I set out to determine the scale. The result of a (rather lengthy) check of WordPress plugins yielded a list of every place an IP address field was declared with an incorrect length. You can find those results in the Google sheet that I’ve made public.

Brett Exnowski is senior developer at Primitive Spark and specializes in complex web applications.


Most important and highly used WordPress SEO tools and plugins for everyone

Image result for Most important and highly used WordPress SEO tools and plugins for everyonePowerful SEO tools and plugins that not only improve the speed of your WordPress website but also making the rank of the website better. Below I have shared some of the best and most used SEO tools and plugins suggested by lots of SEO companies that can take your business to the next higher level.

WordPress SEO by Yoast:

Yoast is one of the perfect SEO solutions and caters various benefits to its users. It’s free and can be installed easily on any self-hosted WordPress website. For additional functionality, you can also purchase premium Yoast SEO.
With the use or help of Yoast we can:-

• Create and submit sitemap of our websites in XML format that also supports images.
• Add SEO title, Meta description, and Meta keywords to each post and page of your site
• Add custom title for your main site, archives, and category and tag pages
• Add Open Graph Metadata that shows you the correct title, description, and image for Facebook, Twitter Cards, Sitemaps and ping search engines at the time of site updating.
• Add custom RSS footer for our WordPress posts


It’s a most important and most accurate SEO tool used in long term keyword researching. Various SEO strategies you can deploy with the help of SEMRush. Nothing and no other SEO tool can beat SEMRush to do competitor analysis. Backlink analysis, the discovery of top keywords, estimate the passage of any site etc. can be accomplished via this perfect competitor research tool.
A SEMRush dashboard offers an open platform to check our website’s health or how a site is performing or to fix any SEO issue if it has. In addition to it, SEMRush also provides Organic keywords, traffic, Ads, position tracking visibility, SEO ideas etc. SEMRush is a paid invaluable see go-to tool that tops the charts to increase search engine traffic and always rank better. SEMRush is one of the favorite tools used by most of Website Development Company who also caters WordPress development services.

Google Keyword Planner

Keyword planner allows the user to identify, analyze and select the most popular and relevant keywords with high search volume to their niche, products or services. Investing a significant amount of time and money in keyword research will repay your every little SEO efforts and assure the success and high revenue of your business.
With the help of best free keyword research, you can

• Search out and swipe your competitor’s keywords
• Find out long tail local keywords in much faster way and easily outrank all other sites
• Search out for niche markets and other topics to blog about
• Create ad words campaigns easily

Google XML Sitemaps

Sitemap accomplishes fundamental requirement of search engines that the new or modified content is crawled and indexed. You can submit the sitemap by free sitemap creator or by paid sitemaps. Google XML Sitemaps is free, most reliable and easiest way to submit a website to search engines. After creating and submitting a sitemap in XML language, the content of sites such as category, tags, and media will update automatically. Best thing is that Google offers free service to submit your sitemap to Google, no charges. Other finest benefits of XML sitemaps are that your site or content can be efficiently and effectively crawled.

W3 Total Cache

Best WordPress plugin offered by the Google loading the websites much faster for users. High page speed via W3 Total Cache plugin can also increase page hits. With the help of W3 Total Cache plugin you can:-

• Cache pages and use browser caching
• Page compression for static pages
• Content Delivery Network (CDN)

Google Analyticator

You can connect your website with Google Analytics via Google Analyticator plugins. Most used this SEO plugin offers unique and ultimate features to their users and some of them are mentioned below:-

• Filter log of logged-in users
• Website loading speed and inbound linking can be tracked easily
• Adsense Ads can also be tracked.


This premium plugin helps you to control all the web links on your website. You can clean up all your anchor text, spammy links, and link juice problems as well as can monitor all the outgoing links on your site.

Open Site Explorer

With the help of this free tool, you can get significant information for any domain name such as what anchor texts and links a particular domain is using, top pages, linking domains etc.

Print Friendly

Recent Editor’s Picks:

  • Machines Won’t Take Over CX…But A Few AI Titans Might
  • Employee Engagement: A Confluence of Passion and Purpose
  • Critical Focus Areas for Customer Experience Improvement
  • 10 Characteristics of The “Perfect” Customer Need Statement
  • Customer Experience Motives Drive Organic Growth


10 Best WordPress Themes to Choose From for Your Next Website Project

10 Best WordPress Themes to Choose From for Your Next Website Project

The digital world is spawning at an exponential rate. Every hour, roughly 1,000 websites are created. We’re talking petabytes of new data every single hour. To understand the sheer size and volume of that, there’s one million gigabytes in a petabyte or 1,000 terabytes. Considering that the human mind is estimated to be able to hold 1.25 terabytes of data, one petabyte is equivalent to approximately 800 human minds.

While those numbers could most certainly shock and awe you, the truth is that many of the newcomers to the online world rely on the WordPress platform to help streamline the process of getting their website up and running quickly and easily. With over 100 million websites and counting, WordPress is by far the most popular CMS in existence. That might be why the WordPress theme market is burgeoning and exploding.

However, with tens of thousands of themes in existence, how do you know which WordPress theme is the best one for your next website project? While this can most certainly be a subjective topic, these pre-built themes, which offer a far smoother transition into cyberspace, are scooped up in droves.

Some of these themes are terrific for ecommerce stores while others are great for starting a blog. However, the best theme for your project will be based on a few criteria. Not only should they be aesthetically appealing to the eye, but they also need to be mobile responsive. Considering that Google’s search is now a mobile-first index, and mobile searches far outpace desktop, responsiveness in design is important.

When a design is responsive, it looks and functions just as well on mobile and tablet devices as it does on desktop. However, building a responsive design on your own is no simple feat. Trust me, I’ve built loads of them. And unless you rely on a system like Twitter’s Bootstrap, building responsive designs for different media types is an exhaustive endeavor. That’s why some of the best WordPress themes have placed special weight on this one crucial aspect.

Related: CMS Battle for Beginners: WordPress vs Joomla vs Drupal (Infographic)

How to choose the best theme for your website.

Whether you’ve just started a business, or you’re trying to figure out the type of business you want to start, there are some things to look for when selecting a theme for your WordPress site. Some themes offer great support for ecommerce stores while others are terrific for membership-based sites. Either way, you’ll usually need some plugins to make everything function smoothly with one another.

After nearly two decades of software engineering, web development and SEO mastery, I can tell you that there are 7 critical categories that any software application or extension (i.e. WordPress theme) is judged on.

1. Ease-of-installation: While there are tons of WordPress themes out there, the best ones are easy to install. There should be a simple interface that will help you get started quickly and easily, without a lot of fuss or programming know-how.

2. Degree of customization allowed: Pre-built add-ons, tailor-made plugins and a high degree of customization make themes that much more powerful. While some themes focus on a high degree of customization, others don’t.

3. Mobile usability: Mobile usability is crucial. Considering Google places heavy weight on this, finding the right WordPress theme that supports a responsive mobile design should be one of the defining factors in your quest for the ideal theme.

4. Overall speed: As a developer, I can tell you firsthand that your style of coding counts for a lot. It can either be bogged down by excessive code, or be light and compact. The latter is important to facilitate the overall speed of page loads, which is a crucial factor when it comes to things like SEO and visitor retention.

5. Aesthetic appeal of design: The aesthetic appeal of the theme is important. How polished is the look and feel? Does it look amateur or professional? People pay acute attention to design, so be sure to select the right theme that supports a high-quality design.

6. Customer reviews: Reviews are important when it comes to any product or service. And, when it comes to discovering the right theme, you should do your due diligence into the experiences of others. What’s the general consensus on that theme? Are they authentic reviews?

7. Ongoing support and upgrades: Support is an important aspect in any business, especially in one that requires constant evolution and upgrades to keep up with core upgrades to the WordPress platform. Be sure that whatever theme you purchase, that they provide some sort of on-going or limited support and that they’re constantly evolving, upgrading and adding new features.

Related: 25 Reasons Your Business Should Switch to WordPress

Top themes for WordPress sites.

While any list of themes for WordPress might be considered subjective, the preceding list of criteria help to laser-focus the approach to finding the perfect one. Below are what I consider to be some of the best themes that are out there.

1. X-Theme

I’m partial to X-Theme. It’s the theme that I presently use on my blog. And I’ve had an incredible experience with it. It hits all 7 of the criteria that I’ve laid out and does so particular well. X-Theme was created by ThemeCo, and it offers a highly-customizable, mobile-friendly, easy-to-use interface for your WordPress website. This one is definitely worth checking out.

2. Avada

Another one of the most versatile themes I’ve come across out there, Avada is one of the best-selling themes of all time and was created by Theme Fusion. It offers up a powerful design interface, allowing you to customize nearly all of the graphical elements of your WordPress site.

3. Hexater

Hexater is a fantastic theme that allows you to quickly and easily customize your site without investing hundreds of hours trying to figure out how it works or having a PhD in graphic design. This theme offers quick-to-market renditions for things like product launches, ebooks and niche authority sites, as just a few examples.

4. BeTheme

BeTheme is a massive theme built for WordPress with over 260 variations that can be launched with a single click. This powerful theme is beautiful, responsive, fast-loading and highly customizable. The company offers fast and reliable support, lifetime updates and the framework is optimized for SEO.

5. The7

The7 is one of the most customizable themes that are available for the WordPress platform. It includes a visual composer with a beautiful design wizard and over 750 theme options, along with over 26 pre-built websites that are quickly and easily launchable with a single click.

6. Flatsome

Flatsome is a great theme if you’re planning to run an ecommerce store with the WooCommerce plugin. It’s by far one of the best-selling WordPress themes for WooCommerce out there. It’s highly customizable, provide on-going updates, is fast-loading, boasts a responsive design and has beautiful pre-built designs with on-going updates.

7. Uncode

Uncode is a WordPress theme that gives you with the ability to create beautiful designs within an ultra-fast-loading framework. There are over 200+ layouts, a versatile visual composer and provides over 30 ready-for-market designs to get you up and running quickly and seamlessly.

8. Genesis

Gensis is a framework for WordPress that allows you to create beautiful and stunning websites that are highly customizable. This theme offers a light-weight design that’s highly optimized for speed, and provides advanced customization options, giving you the ability and flexibility to build just about any type of website with the framework.

9. Pixelgrade

Pixelgrade offers a visually-stunning WordPress theme that’s designed for a variety of situations, best suited for a variety of occupations such as restaurateurs, photographers, bloggers, designers and more. The theme is customizable, responsive and very easy-to-use.

10. Storefront

Storefront is a bulletproof WordPress theme that was specifically designed for the WooCommerce add-on. It’s a great way to build an ecommerce store quickly and easily, offering up extensible customization options with a fast-loading framework that makes creating an online story easy and straightforward.


The 5 Best WordPress Themes for SEO Visibility

The 5 Best WordPress Themes for SEO Visibility

This article is part of a series created in partnership with SiteGround. Thank you for supporting the partners who make SitePoint possible.

Theme selection to optimize your website’s SEO is more important than you might think. SEO can easily be negatively affected by poorly written themes. Specifically, the following points can hurt your SEO or the user experience causing your search engine rankings to suffer:

  • The inability to remove spammy links. Too often free or low-cost WordPress themes are given away in some campaign to generate leads and come with code and links that can hurt your organic search visibility.
  • Poor usability can result in higher bounce rates
  • Non-mobile friendly designs will suffer to Google’s SEO scrutiny
  • Poor design will result in a lower average time per page which tells Google your content isn’t relevant resulting in a lower ranking
  • Slow loading time from a bloated them will also go against Google’s best practices for SEO
  • Regular updates and ongoing support. Very few free or low-cost themes are patched for security purposes or upgraded when new versions of WordPress rollout. This leaves your site open to all sorts of vulnerabilities from hacking to poor SEO performance.

These all contribute to the overall user experience, and will consequently affect your SEO. With that knowledge as a base, we set out to find the top five WordPress themes for SEO visibility. This list will outline our top five and give you insights into how they will strengthen your site’s SEO performance.



According to Brian Dean, renowned SEO expert, SEO WP is his top recommendation for SEO optimized WordPress themes. What makes it so special?

  • From the minute you download it, you a get blazing fast theme load time of only three seconds, which greatly improves the SEO of the website and the overall user experience.
  • Your website is fully responsive and will look great on any webpage. They validate every site with a Google mobile-friendly check.
  • Consistently updated each month to have the best written code for SEO and to make sure it is free of all known bugs.
  • Lightweight design and code cuts the average size of your site in a third.

In addition to a solid SEO foundation the theme comes with a free live composer page builder which allows you to customize the theme to any layout you desire.


Read more about the SEO WP theme or read user reviews and try it out on ThemeForest.

2. BoomBox


BoomBox is a solid theme choice right out of the box. It was designed specifically for SEO because its purpose is to cater towards creating viral content and building popular websites that generate a large amount of traffic each day.

Much like Reddit, BoomBox has a neat front-end submission feature built in so visitors can submit content for voting without visiting the back-end admin section of the website. You also get the option to vote on posts based on your desired emoji response. This feature is, of course, optional.


Read more about BoomBox, get user feedback, and download the theme on ThemeForest.

3. Salient


Salient is a multipurpose SEO-optimized WordPress theme that is well known for being a high-quality product. It comes with a specially tailored version of Visual Composer’s drag-and-drop builder to make even the most novice website designer to pro status in no time.


Salient boasts 150+ professionally designed templates so you can get your site built efficiently and to your standards. It also has over 3,500 icons, over 700 fonts, and unlimited color possibilities including gradient colors.

If you want truly customizable and full SEO optimization right out of the box then head over to ThemeForest and download Salient.

4. X Theme

X Theme

One of the most popular themes of 2017, the X theme has taken the WordPress theme market to a new height by introducing the concept of stacks. Currently X has four different stacks to choose from:

  1. Integrity – Perfect for professionals, creatives, and business sites.
  2. Renew – Designed with a flat look that showcases your content in an easily digestible format. User-friendly content keeps visitors on the page longer which is a key metric in any SEO analysis.
  3. Icon – Crafted for more modern blogging sites. It gives a minimal design that gives the blog’s words the spotlight. This site will run lighter with fewer design elements which gives your site an SEO boost in the speed category.
  4. Ethos – Built with magazine sites in mind. Ethos highlights engaging content that promotes click through rates and with it a more respectable bounce rate.

X Theme

Like many of its heavyweight counterparts, X comes with a front-end page builder. You get a free license for Cornerstone with each purchase.

To give the X theme a shot or to see some live demos check out ThemeForest.

5. Schema


As far as SEO optimized WordPress themes go, Schema is among the highest in demand in the market. It combines SEO support with unparalleled load times. It is advertised as being the fastest loading ultra friendly SEO WordPress theme on the market — a statement that is echoed by all the 5-star reviews you will find on MyThemeShop. Knowing full well how much loading time affects search engine rankings makes Schema a smart choice for those looking to maximize their site’s performance and still roll in under budget.


As you can see they don’t just talk about SEO optimization results, they test them. One of the ways Schema sets itself apart is by utilizing a vast library of shortcodes that work with rich snippets to help you rank higher on search engines. They also code with Google’s SEO best practices in mind and write quality code to make the site even more friendly to Google’s algorithm.

To read more about Schema or try it yourself, check out MyThemeShop.


Now that you know which themes are top shelf, you can move forward into deeper testing and tweaking of your site’s settings and content to rank even higher. Follow this short SEO checklist for best SEO practices:

  1. Run a quality check against Google’s Webmaster Guidelines
  2. Make sure your website is mobile friendly
  3. Make sure your website loads quickly

Finally, no matter the theme, you can still mess up your SEO with your content and configuration. Remember to supplement your theme’s built-in SEO with high-quality content written for humans (not search engines) and a solid SEO plugin like Yoast or All In One SEO Pack.

If you’re looking for somewhere to host your WordPress site after you’ve got your theme choice figured out, take a look at our partner, SiteGround. They offer managed WordPress hosting, with one-click installation, staging environments, a WP-CLI interface, pre-installed Git, autoupdates, and more!

If you’re looking for somewhere to host your WordPress site after you’ve got your theme choice figured out, take a look at our partner, SiteGround. They offer managed WordPress hosting, with one-click installation, staging environments, a WP-CLI interface, pre-installed Git, auto-updates, and more. They even have a tailor-made plugin, SG Optimizer, which optimizes and speeds up client sites tremendously!


How to Install a WordPress Plugin on Your Website

If your website was built using WordPress, one of the best things you can do for your small business is to learn how to install a WordPress plugin.

While that may sound like hyperbole, consider this: WordPress plugins, the majority of which are free, extend and expand the functionality of your website up to and including the ability to automate and manage your business — from online marketing to lead capture and from sales to delivery — faster and more consistently than you do today.

How many more clients or customers could your business add and serve using that extra time?

That’s the power of WordPress plugins.

There are currently more than 36,375 plugins available at That’s a lot. But don’t let the sheer number of plugins scare you away, because we’re going to show you how to pick a good plugin out of that pile. Then we’re going to show you how to install a WordPress plugin you chose on your own site so you can start reaping the benefits of the plugin’s added functionality to manage your business.

Good to Know Before Moving On

Hosted vs. Non-Hosted

Of course, WordPress comes in two flavors: hosted  and self-hosted.

When you create your WordPress site over at, you’re using the hosted option. While not as customizable as the self-hosted option, it’s the perfect platform if you want to get up and running quickly. Unfortunately, your choice of plugins is much more limited when your site is hosted and that curtails the benefits you can realize from using plugins.

If you create your WordPress website over at one of the many available hosting companies, you’re using the self-hosted option. Infinitely customizable, self-hosted WordPress sites can use any of the 36,375 plugins available over at and that’s a good thing.

Two Key Factors to Consider Before Selecting a WordPress Plugin to Install

Because of feature enhancements and bug fixes, WordPress’ code is updated on a fairly regular basis. After each update, there’s always a chance that a plugin that worked with the older version of WordPress may not work with the new one.

To make a particular plugin work with the latest version of WordPress, it needs to be updated as well and therein lies the problem. Since most plugin developers offer their work for free, they sometimes drop the project somewhere along the way and the plugin stops getting updated.

These plugins are “dead” and if a plugin you are using dies, you’ll need to search for a replacement.

To minimize the chance that you’ll face this headache, you should always pay attention to these two factors when selecting a plugin to install:

When Was the Plugin Last Updated?

A plugin that gets updated often is a plugin that is less likely to die.

To figure out if your plugin has been updated to the latest version of WordPress, first visit the plugin’s page on and look underneath the header on the right. There you’ll see up to which version the plugin is compatible (in the image below, that’s version 4.1.1).

how to install a wordpress plugin

Next, head on over to the front page of and look at the lower of the blue download buttons on the right. As you can see, WordPress version 4.1.1 is the latest WordPress update, so the plugin above is A-OK.

how to install a wordpress plugin

Another way to check this is to search for a plugin using your WordPress dashboard (more on how to run that search in just a bit).

As you can see in the search results below, one of the plugins was tested and declared “Compatible” and one was not. Always try to select plugins that are tested and compatible as that means they’re up to date (assuming of course that you keep your WordPress version up to date which you should).

how to install a wordpress plugin

One other thing to beware of is when the “Last Updated” date is more than a year old (and many, many of them are). If that’s the case, it’s likely that the plugin is dead.

Do the Developers Provide Timely Support?

Since most plugins are free, there’s not a lot of incentive for a developer to provide support. They need to have the passion to continue supporting their work and the drive to see it through.

As this is the case, you should always check on the level of attention a developer devotes to support before selecting their plugin. To do so, visit the plugin’s page on and click on the “Support” tab as shown below:

how to install a wordpress plugin

Once you’re at the support discussion forum for that plugin (as shown below), look around to see what you can find. Does the developer respond in a timely manner or do questions languish for weeks? Do they provide service with a smile or are they snippy and rude?

how to install a wordpress plugin

Bad service is a strong sign that the plugin may be dying.

How to Install a WordPress Plugin

There are two ways to install a WordPress plugin using the WordPress dashboard:

  1. Search for a plugin and install the one you want to use, and
  2. Upload a .zip file containing the plugin and install its once it’s ready.

Search for a Plugin and Install the One You Want to Use

Here are the steps to follow:

  1. Login to your WordPress dashboard and click “Plugins” in the left column:

Your WordPress Dashboard

  1. Click on “Add New” under “Plugins in the left column to be taken to the, “Add Plugins” screen:

how to install a wordpress plugin

Here, you can begin your search for plugins using the first of three methods. Using the links at the top, you can look for “Featured”, “Popular”, Recommended” and “Favorites” plugins. This is the best way to search if you want to explore what’s out there for you to use for your own site.

  1. If you know the name of a plugin you want or some keywords for what the type of plugin you want does (e.g. social sharing, image slider), the second way to search is the search field on the top right of the “Add Plugins” screen:

how to install a wordpress plugin

This image also shows the, “More Details” link that we’ll talk about in step 5.

  1. The third and final way to search for a plugin is to use the tags at the bottom of the “Add Plugins” screen. This method combines the exploring of the first search method with the refinement of the second search method:

how to install a wordpress plugin

  1. When you want to take a closer look at a plugin, click the “More Details” link (as shown in the image under step 3 above) and you’ll get this pop-up details screen:

how to install a wordpress plugin

Note the tabs along the top (under the red image). Here’s where you can learn all about the plugin as well as see screenshots of the plugin in action.

If you’re ready to install this plugin, click the blue “Install Now” button on the bottom left of the details screen.

  1. Once the install is complete, you’ll see the following screen:

WordPress Plugin Installed - Activate?

It is possible to install a plugin without activating it (e.g. you install a new plugin but want to minimize the impact if something goes wrong when you activate it so you don’t activate it until the weekend when your website traffic is lower), which is why you see the choice to activate the plugin above. Let’s say we’re ready to forge ahead and click the, “Activate Plugin” link.

  1. And your plugin is installed! Congrats! To start using your plugin, look for it’s menu link in one of three places:
  • The left column,
  • Under the “Plugins” menu, or
  • Under the “Tools” menu as shown in this example:

how to install a wordpress plugin

Upload a Zip File Containing the Plugin and Install its Once it’s Ready

Often, a WordPress plugin will have a free version with basic functionality and a premium version with expanded features.

When you purchase a premium plugin, you typically receive a .zip file containing the plugin. Use this approach to install your new plugin:

  1. Download the plugin according to the developer’s instructions. You can also download any of the free plugins on if you want to use this install method as opposed to the one above. In that case, each plugin has a button like the one shown below:

how to install a wordpress plugin

  1. Once you click the download button, you’ll see a pop-up like this:

Choose to save the file and then click, “OK”:

how to install a wordpress plugin

  1. Next you’ll need to tell your browser where you want the file saved to. Make sure you select a spot that you’ll remember.

Note: if you don’t see a screen like the one below, your file was saved to you “Downloads” directory automatically so look for it there.

how to install a wordpress plugin

  1. Now that you have the plugin .zip file downloaded, it’s time to upload it to your site using the WordPress dashboard.

Head on over to the “Add Plugins” screen and click the “Upload Plugin” button as shown below:

how to install a wordpress plugin

  1. On the next screen, click the “Browse” button:

how to install a wordpress plugin

  1. Then, in the window that pops up, find the plugin’s .zip file, click on it and then click the “Open” button:

how to install a wordpress plugin

  1. Now that you’ve told WordPress which file to upload, click the “Install Now” button to begin:

how to install a wordpress plugin

  1. And finally, we’re back at this screen. Head on back to the, “Search for a Plugin and Install the One You Want to Use” section and pick up from step 6 to finish up. Congrats! You’ve installed a WordPress plugin for your site.


9 Best WordPress Security Plugins to Secure Your Website

Wordpress security

WordPress is an open-source platform and it also is the most popular content management platform there is today. But the problem is it offers basic security that is not equipped for dealing with DDoS and brute force attack as well as spamming.

The worst part is that hackers get crafty each time WordPress beefs up security and many users are vulnerable to hacking and intrusive strikes. Protecting your WordPress website doesn’t only mean installing plugins. You have to make sure that you have done your homework by taking all the necessary measures to secure your website. Installing a security plugin means going the extra mile in order to protect your website from malware and other attacks.

Therefore, it falls on us to guide such impulsive users on how they should harden the security of their WordPress site by using the following plugins:

1. Sucuri Security

Sucuri happens to be one of the most recognized names when it comes to online security in general. It offers a mass of amazing features such as:

Security Activity Audit Logging: This feature is used to monitor all security-related events that regards your WordPress site. For this thing, any changes that occur with the application is taken as a security event.

File Integrity Monitoring: This feature compares a known good with the current state. If the current state is different from the known good, then you have a problem. When the plugin is installed, it will create a known good that is all of the directories of the root of the install.

Remote Malware Scanning: This is powered by the free security scanner – SiteCheck, which basically scans your site remotely for any malware.

Blacklist Monitoring: Another great feature of the Security Malware Scanner is that it makes use of various blacklist engines such as Sucuri Labs, Google Safe Browsing, Norton and AVG among so many others.

Effective Security Hardening: Sucuri is tasked with cleaning over 100 websites a day and that too with security hardening configurations.

Post-Hack Security Actions: No matter how solid you think your security is, it is inevitable that you will get hacked. That’s why security offers Post-Hack Security Actions that enable you to get around the problem.

Security Notifications: It’s useless having all those security features unless you are alerted of the issues and that is where security notifications come into play.

2. iThemes Security

iThemes Security is by far the best WordPress security plugin that you will ever find. It has over 30+ ways of protecting and securing your WordPress website. It also blocks suspicious users and prevents brute force attacks.

Seeing as how WordPress is a common target for hackers due to weak passwords, plugin vulnerabilities and obsolete software, iThemes Security aims to lock down WordPress, repair common holes, prevent automated attacks and enhance user credentials.

3. Jetpack

In spite of it not being a security plugin so to speak, Jetpack includes an array of modules that strengthens your site. You no longer have to worry about downtime, data loss or hacking anymore.

Jetpack intelligently monitors your site, guards it against brute force attacks, scans for malicious codes, secures your logins, and backs up all of your data. It also includes a 2-factor authentication module via The premium plans let you use malware scanning and automatic site backups.

4. All In One WP Security & Firewall

Here is another commendable WordPress security plugin that is robust, stable, well-supported and easy to use. It even goes the extra mile by adding further security and firewall using a security plugin that enforces plenty of good security practices.

It lessens the risk of security by looking for vulnerabilities and by implementing the latest WordPress security practices and techniques. It uses a phenomenal security points grading system just so it measures how you have protected your based on the security features that you have used.

The security firewall rules are categorized into “basic”, “intermediate” and “advanced”. This way, you can apply the firewall rules without having to break your site’s functionality. Add that to the fact that All In One WordPress Security does not slow your site down and is 100 percent free.

5. Wordfence

Wordfence is a powerhouse of a security plugin is just what your WordPress site is looking for. Its web application firewall prevents your site from getting hacked as it is powered by Threat Defense Feed. It takes advantage of the proprietary feed, which alerts you immediately whenever your site gets hacked.

It includes a Live Traffic view that gives you a real-time hawk’s eye view of your online traffic as well as any hacking attempts that are made. It has over 22 million downloads and is 100 percent open-source as well as free. As long as you download from the WordPress directory, you should be fine.

It also features a Premium API key that grants you premium support, scheduled scans, country blocking, password auditing, real-time updates to the Threat Defense Feed, a two-factor authentication and also checks your IP address if it is being used to spam-vertised.

6. WPS Hide Login

WPS Hide Login is a simple plugin that comfortably lets you change the URL of the login form page to anything that you desire. However, it does not rename or change files in core, and neither does it add rewrite rules.

What it does it intercept page requests and it works on any WordPress site. As a result, users cannot access the wp-admin directory and wp-login.php page. So, you should be able to bookmark or remember the URL.

7. BulletProof Security

BulletProof Security is indeed a force to be reckoned with. It guards your site against SQL injections as well as other exploits. The plugin consists of a firewall that stops malicious script from executing before it goes for your WordPress core files. Its key features include: real-time file monitor auto-restore intrusion detection & prevention system, quarantine intrusion detection & prevention system, DB monitor intrusion detection system, JTC anti-spam | anti-hacker, uploads folder anti-exploit guard, security logging, HTTP error logging, PHP error logging.

8. Security Ninja

Security Ninja gives you the ability to go into hiding whenever bots, hackers or spammers come knocking at your door. It grants you virtually full control over what security features you would implement on your site. Its biggest trait is conducting over 50 security tests with a single click.

It is sad though that the free version does not include a malware scanner. But that can be rectified by purchasing the premium version of this plugin. When that’s done, you will also get a WordPress core file scanner and an event logger, as well as gain the ability to schedule your scans.

9. WP Hide & Security Enhancer

WP Hide & Security Enhancer is the easiest way for you to hide your WordPress core files, theme and plugin paths from being visible on the front end of your site. This vastly improves upon Site Security and no one will ever realize that you’re running a WordPress.

It provides a great way to clean up HTML by removing all of your WordPress fingerprints. You can change the default WordPress login URLs from wp-admin and wp-login.php to something completely random.

To Conclude

That about wraps up all of the best WordPress security plugins that are a shoo-in to give you a peaceful online experience and absolute privacy. If you feel the need to mention more for this list, don’t hesitate to let me know in the comments below.


8 of the Best Plugins for Securing Your WordPress Site

This article is part of a series created in partnership with SiteGround. Thank you for supporting the partners who make SitePoint possible.

How do you avoid getting hacked? Our last article detailed forty techniques for securing your WordPress site. This follow-up post is a quick reference of the best plugins that look after your security needs.

We’ve focused on highly-rated plugins that cover a range of security features, rather than one-trick-wonders. If your hosting provider doesn’t already have a comprehensive security solution, installing one of these would be a great first step in your security strategy.

Have we missed your favorite security plugin? Let us know in the comments.

1. WordFence

  • Cost: Free, Premium from $99/year
  • Active installs: 2+ million
  • Rating: 4.8 out of 5 stars (3,048 reviews)

Wordfence Security is 100% free and open source. We also offer a Premium API key that gives you Premium Support, Country Blocking, Scheduled Scans, Password Auditing, real-time updates to the Threat Defense Feed, two-factor authentication, and we even check if your website IP address is being used to Spamvertize.

WordFence includes these security features:

  • Firewall. WAF with automatically updated firewall rules that block common WordPress security threats.
  • Blocking features. Real-time blocking of known attackers and malicious networks and other security threats.
  • Login security. Two-factor authentication, enforced strong passwords, security to lock out brute force attacks.
  • Security scanning. Scans core files, themes and plugins for malware and backdoors, and checks for files that have been changed.
  • Monitoring. Monitors traffic in real time including bots and reverse DNS, monitors for DNS changes and disk space.


2. All In One WP Security & Firewall

  • Cost: Free
  • Active installs: 500,000+
  • Rating: 4.8 out of 5 stars (669 reviews)

A comprehensive, easy to use, stable and well supported security plugin… It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.

All In One WP Security & Firewall includes these security features:

  • User accounts security. Change the default admin username, check for user display names that are the same as usernames, password strength tool, stop user enumeration.
  • User login security. Login lockdown (brute force protection), log out inctive users, view failed login attempts, whitelist IP addresses, see who’s logged in, CAPTCHA.
  • User registration security. Enable manual approval, CAPTCHA, Honeypot.
  • Database security. Set the default WP prefix, schedule automatic backups.
  • File system security. Identify and fix insecure permissions, disable file editing from WP admin, monitor system logs.
  • htaccess and wp-config.php file backup and restore. Easily backup, restore and modify these important files.
  • Blacklist functionality. Ban users based on IP address or range, or by specifying user agents.
  • Firewall. Add firewall protection via htaccess, firewall rules that stop malicious scripts.
  • Brute force login and attack prevention. Cookie-based login prevention, CAPTCHA on login form, rename login form URL, Honeypot.
  • Whois lookup. Get full details of a suspicous host.
  • Security scanner. File change alerts, scan database tables for suspicious strings.
  • Comment spam security. Block IP addresses of spammers, add CAPTCHA to comment form.
  • Front-end text copy protection. Disables right click, text selection and the copy option.


3. iThemes Security

  • Cost: Free, Pro: 2 sites $80/year, 10 sites $100/year, unlimited sites $150/year, Gold $297 lifetime.
  • Previously called Better WP Security
  • Active installs: 800,000+
  • Rating: 4.7 out of 5 stars (3,812 reviews)

iThemes Security Pro takes the guesswork out of WordPress security. You shouldn’t have to be a security professional to use a security plugin, so iThemes Security Pro makes it easy to secure & protect your WordPress website.

The free version gives you some protection, but the Pro version includes these security features:

  • Two-Factor Authentication. “Use a mobile app such as Google Authenticator or Authy to generate a code or have a generated code emailed to you.”
  • WordPress Salts & Security Keys. “The iThemes Security plugin makes updating your WordPress keys and salts easy.”
  • Malware Scan Scheduling. “Have your site scanned for malware automatically each day. If an issue is found, an email is sent with the details.”
  • Password Security. “Generate strong passwords right from your profile screen.”
  • Password Expiration. “Set a maximum password age and force users to choose a new password. You can also force all users to choose a new password immediately (if needed).”
  • Google reCAPTCHA. “Protect your site against spammers.”
  • User Action Logging. “Track when users edit content, login or logout.”
  • Import/Export Settings. “Saves time setting up multiple WordPress sites.”
  • Dashboard Widget. “Manage important tasks such as user banning and system scans right from the WordPress dashboard.”
  • Online File Comparison. “When a file change is detected it will scan the origin of the files to determine if the change was malicious or not. Currently works only in WordPress core but plugins and themes are coming.”
  • Temporary Privilege Escalation. “Give a contractor or someone else temporary admin or editor access to your site that will automatically reset itself.”
  • wp-cli Integration. “Manage your site’s security from the command line.”


4. Sucuri Security

  • Cost: Free, Basic $199/year, Pro $299/year, Business $499/year
  • Active installs: 300,000+
  • Rating: 4.6 out of 5 stars (260 reviews)

We keep your website safe and hack-free! The Sucuri Platform is a suite of tools designed for complete website security. With no additional cost or hidden fees, the Sucuri Platform is affordable, easy to deploy, and supported by a team of professionals at your disposal.

Sucuri forms part of the security solution of many quality hosting providers, including SiteGround. It’s a valuable tool for SiteGround to protect its clients’ sites from malware, because it scans every link that is accessible from the website homepage on a daily basis. It includes these security features:

  • Clean and repair hacked websites. “Professional security incident response team available 24/7/365.”
  • Attack and hack prevention. “A cloud-based WAF/IPS solution designed to stop hacks and attacks.”
  • Continuous monitoring. “Continuous monitoring and alerting of any security-related issues.”

The free WordPress security plugin includes these features:

  • Security Activity Audit Logging
  • File Integrity Monitoring
  • Remote Malware Scanning
  • Blacklist Monitoring
  • Effective Security Hardening
  • Post-Hack Security Actions
  • Security Notifications


5. Jetpack, which now includes VaultPress

  • Cost: Free, Personal ($39/year), Premium ($99/year), Professional ($299/year)
  • Active installs: 3+ million
  • Rating: 4.1 out of 5 stars (1,330 reviews)

Jetpack (by Automattic, who bring you WordPress) does more than just security. It basically brings the features of to the rest of us, which is appealing. For security and backup the paid plans includes VaultPress.

VaultPress is a real-time backup and security scanning service designed and built by Automattic, the same company that operates (and backs up!) millions of sites on

VaultPress is now powered by Jetpack and effortlessly backs up every post, comment, media file, revision, and dashboard setting on your site to our servers. With VaultPress you’re protected against hackers, malware, accidental damage, and host outages.

VaultPress includes these security features:

  • Backups. “Comprehensive daily or real-time automated backups stored in our offsite digital vault, optimized for WordPress and better than your host.”
  • Restores. “Even during the most stressful moments we have your back. Restore your entire online presence quickly and easily without needing your host.”
  • File scanning. “Automatically detect and eliminate viruses, malware, and other exploitable security problems that may be hiding in your website.”
  • Automated file repair. “Fix detected viruses, malware, and other dangerous threats with a single click.”
  • Spam defense. “Protect your SEO, readers, and brand reputation by automatically blocking all spammers.”


6. BulletProof Security

  • Cost: Free, Pro $59.95 (one time purchase)
  • Active installs: 100,000+
  • Rating: 4.7 out of 5 stars (302 reviews)

BulletProof Security Pro has an amazing track record. BPS Pro has been publicly available for 5+ years and is installed on over 30,000 websites worldwide. Not a single one of those 30,000+ websites in 5+ years have been hacked.

100% hack free website guarantee. If your website is hacked after installing BPS Pro, we will clean up your hacked website for free. We can easily offer that awesome deal because your website will never be hacked if you have BPS Pro installed.

The free version includes these security features:

  • One-Click setup wizard
  • .htaccess website security protection (firewalls)
  • Hidden plugin folders / files cron (HPF)
  • Login security & monitoring
  • Idle session logout (ISL)
  • Auth cookie expiration (ACE)
  • DB backup: full/Partial, manual/scheduled, email/zip, cron delete old backups, logging
  • DB table prefix changer
  • Security logging
  • HTTP error logging

The Pro version adds these features:

  • AutoRestore Intrusion Detection & Prevention System (ARQ IDPS)
  • Quarantine Intrusion Detection & Prevention System (ARQ IDPS)
  • Real-time file monitor (IDPS)
  • DB Monitor Intrusion Detection System (IDS)
  • DB diff tool: data comparison tool
  • DB status & info
  • Plugin firewall (IP Firewall): automated whitelisting & IP address updating in real time
  • JTC anti-spam/anti-hacker
  • Uploads folder anti-exploit guard (UAEG)
  • Custom php.ini website security
  • F-Lock: read only file locking
  • Additional logging options
  • S-Monitor: monitoring & alerting core
  • Pro Tools: 16 mini-plugins


7. SecuPress

  • Cost: Free, 1 site $57.60/year, 3 sites $144/year, 10 sites $288/year, unlimited sites $479/year
  • Active installs: 5,000+
  • Rating: 4.8 out of 5 stars (19 reviews)

Protect your WordPress with malware scans, block bots & suspicious IPs. Get a complete WordPress security toolkit for free or as a pro plugin.

If you are proactive, our free WordPress security plugin is a great choice! No time to activate weekly scans? Then SecuPress pro is the way to go. Our plugin takes care of everything with automated tasks.

SecuPress includes these features:

  • Anti brute force login
  • Blocked IPs
  • Firewall
  • Security alerts
  • Malware scan (Pro)
  • Block country by geolocation
  • Protection of security keys
  • Block visits from bad bots
  • Vulnerable plugins & themes detection (Pro)
  • Security reports in PDF format (Pro)


8. Security Ninja

  • Cost: Single site $29 (1 year updates/support), multi site $79 (1 year updates/support), forever unlimited $199
  • Active installs: 6,000+
  • Rating: 5 out of 5 stars (6 reviews)

Security Ninja helps thousands to stay safe and prevent downtime due to security issues. 50+ tests will provide a comprehensive overview of your site’s security.

The free version lets you achieve the following:

  • Perform 50+ security tests including brute-force attacks.
  • Check your site for security vulnerabilities and holes.
  • Take preventive measures against attacks.
  • Prevent 0-day exploit attacks.
  • Use included code snippets for quick fixes.
  • Brute-force attack on user accounts to test password strength.
  • Numerous installation parameters tests.
  • File permissions.
  • Version hiding.
  • 0-day exploits tests.
  • Debug and auto-update modes tests.
  • Database configuration tests.
  • Apache and PHP related tests
  • WP options tests.

You can even more protection using these Pro modules:

  • Core scanner. “Easily monitor the state of your WP core files. Have a clear view of files that are modified but shouldn’t be and restore them with a single click.”
  • Malware scanner. “Powerful heuristic malware scanning algorithm will check all your themes, plugins, uploaded files and options table for suspicious content.”
  • Auto fixer. “If you don’t like creating backups, editing files, messing with code and getting your hands dirty – Security Ninja PRO will do everything for you. Fix security issues with one click.”
  • Events logger. “Monitor, track and log more than 50 events on the site in great detail. From user actions, to post edits and widget changes – Events Logger sees everything.”
  • Scheduled scanner. “Have Security Ninja do automatic, periodic scans of your sites, including scans of core files. If there are any changes you’ll be notified via email.”


WordPress blogs defaced in hack attacks

Great white shark

A security flaw in the WordPress blogging software has let hackers attack and deface tens of thousands of sites.

One estimate suggests more than 1.5 million pages on blogs have been defaced.

The security firm that found the vulnerability said some hackers were now trying to use it to take over sites rather than just spoil pages.

WordPress urged site owners to update software to avoid falling victim.

Feeding frenzy

The vulnerability is found in an add-on for the WordPress blogging software that was introduced in versions released at the end of 2016.

Security firm Sucuri found the “severe” bug and informed WordPress about it on 20 January.

In a blogpost, WordPress said it delayed going public about the flaw so it could prompt hosting firms to update their software to a fixed version.

The patched version of WordPress was formally released on 26 January and led to many sites and blogs automatically applying the update.

However, many blogs have not followed suit leaving them open to defacement attacks.

Security firm WordFence said it had seen evidence that 20 hacker groups were trying to meddle with vulnerable sites. About 40,000 blogs are believed to have been hit.

The vulnerability had set off a “feeding frenzy” among hacker groups, WordFence founder Mark Maunder told the Bleeping Computer tech news site.

“During the past 48 hours we have seen over 800,000 attacks exploiting this specific vulnerability across the WordPress sites we monitor,” he added.

Sucuri said some hacker groups had moved on from defacement to attempts to use the bug to hijack sites for their own ends.

“Attackers are starting to think of ways to monetise this vulnerability,” wrote Sucuri founder Daniel Cid. “Defacements don’t offer economic returns, so that will likely die soon.”

Hackers were keen to use the vulnerable sites as proxies for spam or malware campaigns, he said.


How to Backup and Secure WordPress with Jetpack

Jetpack is undoubtedly one of the most popular WordPress plugins with over 1 million installs at the time of writing.

If you’ve been following WordPress in the news, you might have heard that Jetpack has undergone some serious redevelopment over the past year, if you haven’t checked it out for a while – now is a good time to take another look.

Developed by Automattic (the people behind Jetpack is more than just another plugin, it’s more like a plugin on steroids. It brings self-hosted WordPress sites many of the same features of, with a few powerful additions.

We’ve covered Jetpack in detail at SitePoint, however the latest version boasts a completely redesigned UI, along with a wide range of new features. In this article, we’ll be covering some the new security features including integrated daily and realtime backups.

Jetpack Installation and Features Overview

How to Install Jetpack

Before you begin, double check you’re running the latest version of WordPress and that your site is publicly accessible (if you’re using a local installation check out Jetpack’s developer mode). You might also want to double check that your web host uses PHP 5 or later (if not, it might be a good idea to move!).

The easiest method of installation is via the WordPress dashboard. I’ll take you through a brief walkthrough:

  • Log into your WordPress dashboard
  • Navigate to ‘Plugins’ and ‘Add New’
  • Then type in ‘Jetpack’ into the search bar and you’ll see ‘Jetpack by’ plugin appear

Installing Jetpack Plugin for WordPress

  • Then click ‘Install Now’
  • Once the plugin has installed click ‘Activate’
  • You will then see the following alert to connect your website to

Connecting Jetpack to

  • When you click ‘Connect to’ you will be redirected to to either create an account or sign in with an exisiting account
  • After you’ve created an account or logged in with your existing account, Jetpack will confirm that you’re happy to connect the site to this user and then return you to your WordPress site
  • You will now find you have a new dashboard menu item ‘Jetpack’ which enables you to control what features you use
  • When the plugin first connects, you’ll also have the option to auto activate the commonly used features of Jetpack

For WP-CLI users, you can also get Jetpack up and running using this command wp plugin install jetpack.

For more information on the installation process, check out and the handy quick start guide.

Key Features in Jetpack

The Jetpack interface has been rewritten from the ground up using the popular JavaScript library React. The user experience is smooth and navigating the module selection and configuration feels very snappy.

WordPress Jetpack New Interface

Jetpack is definitely the Swisse Army knife of WordPress plugins. It offers more than 20 modules with a comprehensive range of features and benefits all in the one plugin. What’s even better is that you can just activate what you need, which enables this plugin to be highly customisable for any WordPress site.

The main features of the Jetpack plugin centre around 5 key areas:

  1. Backups and Security – Brute force protection and single sign-on. Jetpacks pro features also allow spam protection, offsite backups with archive and storage using VaultPress, automated restores and malware scanning.
  2. Performance – High-speed CDN and uptime monitoring.
  3. Traffic and Engagement – Site stats, related posts, enhanced distribution, sharing tools and the ‘Professional’ subscription level also enables your site to run polls, ratings and surveys.
  4. Site Management – Plugin management, auto updates and cross platform tools. The subscription options also include easy site migration (via Backups).
  5. Support – The free plugin provides basic support to all users, however the pro options for Jetpack provide additional WordPress and security support.

Some of the lesser known features I like are Custom Content Types, Markdown support and Custom CSS, but in this article I’m going to dig deeper into the first point of Backups and Security.

How to Backup Your Website with Jetpack

Jetpack offers some powerful site management and system administration capabilities. One of the most overlooked and underrated tasks for all site owners is backups. We’ll take a look at the pro options for backups available with Jetpack, but first I’ll delve into why backups are important.

Not All Backups Are Created Equal

Just because your host includes ‘backups’, if you look in the fine print these backups are often not kept for very long and they come with no guarantees, sometimes even charging you to source the backup if the need arises.

I always recommend that my clients never rely on just your hosting providers backups, for many reasons. Here are a few:

  • The backups are often on the same system (or network) as your website. If the hosting service fails, your backup goes down with your website
  • Your backups are not guaranteed
  • They are just best effort, and typically nobody is checking the integrity of your backups
  • You have no legal comeback if your backups are lost
  • You have no control over your backups, sometimes being unable to download your own copy for archiving

It doesn’t matter what you’re working on, losing all of your hard earned work can be one of the most frustrating and expensive occurrences we face. It’s all too common, and happens all too easily.

Despite your best efforts, failures do happen, so be prepared. A good backup strategy includes storing (preferably offsite) a number of backups, on an automated schedule to help protect you in the event that things go wrong. Certain types of failures might not be apparent immediately, which is why it’s recommended you also maintain an archive of your older backups.

Backup Options with Jetpack

For individuals and businesses that take their website operations seriously, there are two subscription options available with Jetpack. Both of these options come with professional support, something that many businesses using WordPress want.

If you only need daily backups of your site, then Jetpack’s ‘Premium’ subscription option is a great choice. It will provide daily backups of your WordPress themes, plugins, uploads and database. As mentioned above, site owners don’t immediately realize there is an issue with their site, so having access to a 30 day archive of these daily backups is a great feature so you can choose to restore any daily point in time within that 30 day period.

For $99 per year, per site, the ‘Premium’ option provides you with:

  • Automated daily backups with an easy one click restore feature
  • Spam filtering via the Akismet plugin
  • Malware scanning on a daily basis

If you spend a significant amount of time in your website on a daily basis then realtime backups are a better choice. These are part of Jetpack’s ‘Professional’ plan which will backup every post, comment, media file, revision and dashboard settings as the changes happen. You can also reap the benefits of a full backup archive so you will be able to restore any backup for the life of your subscription.

For $299 per year, per site, the ‘Professional’ option provides all the great features in the ‘Premium’ subscription but also includes:

  • Unlimited off-site backups in real time
  • One-click security threat resolution
  • Premium WordPress and security support

Daily backups will be adequate for many sites, however with WordPress now powering more and more ecommerce, membership or community sites, realtime backups are becoming increasingly more important. Realtime backups mean that each change is saved at on offsite location, separate from your hosting environment.

Walkthrough of the Backup and Restore Process

Backups in VaultPress happen automatically in the background. As mentioned above, the initial complete backup will take a little longer than subsequent backups.

Once you’ve selected your subscription and made your payment, you’ll be prompted to configure VaultPress and Akismet. This will ask you to connect to your account. The backup-specific functionality is configured in the VaultPress.

Jetpack Premium Subscription

If you’ve signed up for a Premium subscription, backups will automatically occur on a daily basis. If you have a Professional subscription, they’ll happen in realtime as your site changes. We’ll walk through an example using a Premium subscription, showing you how to restore a backup.

Locating Your Backups

You can find your backups in the VaultPress dashboard, you can visit, follow the link in your account, or your own WordPress dashboard. You can then navigate to the date you’re looking for and either restore a complete backup, or browse and download or restore individual files. This is a handy feature that not all backup plugins or services offer.

VaultPress Backup Files

Restoring a Backup

The Settings page is where you can give VaultPress access to your host using SSH, SFTP or FTP, as well as set alternate credentials if you want to move your site to a new host. These settings are provided at the time you sign up for your hosting account. If you ever need to restore from a backup, you’ll need to make sure you’ve configured server access.

VaultPress SSH Settings

Once you’ve configured your server settings, restoring a backup is easy. Here are the steps:

  • Sign in to the dashboard and the ‘view backups’ section
  • Find the backup you want to restore and click ‘restore’
  • You can then select any or all of the options for restoring database, plugins, themes and uploads
  • You will then be asked to confirm the restore
  • That’s it! No need to mess around with manual database and file restores yourself, Jetpack handles all of the heavy lifting.

On the Settings page you can also add other users via their accounts and grant them access.

Once you’ve activated VaultPress, an initial backup will kick off. This initial backup can take a while, however subsequent backups are much faster.

You can also restore a backup to a new hosting provider or a new domain, here’s some more information on how to do this.

How to Secure Your Website with Jetpack

Web security is a topic that I am particularly passionate about and something that website owners should never take for granted.

Common WordPress Security Threats

In a recent report (called the Website Hacked Trend Report 2016 – Q1), Sucuri analyzed over 11,000 infected websites.

Of those that were running WordPress, over 50% were out of date.

In the conclusion, they noted:

“If there is one thing we know from this report is that vulnerable software is a big problem, contributing to a large number of compromises. The blanket guidance to stay current and update is falling on deaf ears. Some initiatives, like those undertaken by WordPress – emphasis on backward compatibility and auto-updates – are having positives effects on the core of the platform, but we know that the a majority of the compromises are coming from a platform’s extensible components, not its core.”


The bolding is mine, but it’s something I feel worth highlighting because I constantly keep seeing this problem in the field – and from people that should know better. It’s up to all of us to take security and backups seriously, and also educate our peers and clients. Regular updates and backups are easily enabled, so there aren’t any excuses.

Jetpack also offers a centralized management interface that makes the job of managing lots of sites much easier.

The Security Options Available in Jetpack

Security is a process. It should never be a ‘set and forget’ approach. Monitoring your website for security threats is an important consideration for any website owner.

Recognising the importance of web security, Jetpack has simplified security monitoring for your website with a dedicated section called ‘Security’ under the ‘Settings’ section of the plugin which offers:

  • Protection against brute force attacks (Free)
  • Monitoring of site downtime (Free)
  • Single sign for secure authentication (Free)
  • Security Scanning to protect from threats and attacks (Premium)
  • Akismet spam control (Premium)
  • Automatic backups of your entire site (Premium)

Example of Mitigated Attacks

VaultPress will check for several common threats, including changed WordPress core files, web shells (that give attackers control of your site) and detection of plugins and themes with known security vulnerabilities.

Below is an example of a very common issue caused by the TimThumb script used in many older themes.

Jetpack Security - TimThumb


In this article, we’ve covered the core features available with Jetpack, focusing on security and backups. It couldn’t be easier to get started with using Jetpack as part of your website security and backup regime.

If you want to learn more about the features of Jetpack, SitePoint has previously covered this topic, along with WordPress maintenance, in the following articles:

  • Add Features To Your Site : A Guide to Jetpack
  • The Definitive Guide to WordPress Maintenance
  • Using Jetpack’s Publicize for Easy WordPress Social Sharing
  • 5 Things You May Not Know about Jetpack for WordPress

I’d also recommend the official documentation for reference and support:

  • Jetpack Support

Automattic is offering SitePoint readers 10% off on Jetpack plans — follow this link to get the code.


WordPress Multilingual Plugins to Level Up Your Global Reach

Even though English is a universal language, there are still over 6000 languages written and spoken in daily life right across the world. Chinese is the most popular language spoken after languages such as Spanish, English, Hindi and Arabic.

A multilingual website helps to increase your global reach and it’s something every developer and website owner should consider.

Why WordPress?

WordPress is one of the best platforms when it comes to setting up a website and it’s available for everyone irrespective of their mother tongue. You can find out more about installing WordPress in your chosen language here.

WordPress also has a range of exciting plugins to handle and create multilingual content for your website visitors. These plugins help you to extend your site to be more accessible and to avoid losing potential site visits simply because the visitor may speak another language.

Why Should You Add Multiple Languages on Your Website?

Even though English is a universal language, only 26% of the total online audience are native English speakers. This figure is even lower than previous years and it’s set to fall more.

In the US, which is largely an English-speaking country, up to 10% of the population speaks Spanish. Multilingual countries are common. Ensuring your website is multilingual not only helps to increase your global reach but also provides a platform for increasing sales. For instance, ASOS, which is a European clothes brand, enhanced their sales by 39% across the world, when they increased their reach to include the Chinese and Russian markets in 2013.

In this article, I’ll cover the key features and benefits of some of the top WordPress plugins designed to help your website better cater for multi-language.



This is a full featured plugin that manages both translation and multilingual functionality.

It comes in different licenses to suit almost any WordPress website – Multilingual CMS ($79 per year), Multilingual Blog ($29 per year), and lifetime option ($195 once off).

Naturally, the blog option is aimed towards less complex needs and sites and can handle all kinds of multilingual posts, along with menus and taxonomies. It can also detect language of browsers.

All these features are added in CMS along with the ability to translate widgets, custom feeds and themes. It also offers multi-user translation management and ecommerce support.


  • Supports unlimited sites and 30 day money back guarantee with any of the above versions.
  • Provides out-of-the-box support and is compatible with many themes for up to 40 languages.
  • Fully developed platform within the CMS to manage content and assign jobs to translators.
  • You can connect your WPML install to various pro translation services in order to outsource work and enable various levels of management screens and notifications to keep track on your site progress.
  • Active development team to provide dedicated support in different languages and active community forums.

Google Language Translator

Google language translator

Google Language Translator is a plugin not officially from Google, but it’s built on the top of official translation tool, Google Translate. It allows you to add a shortcode into pages, posts, or widget areas that need to be translated automatically.

It’s been designed to allow you to provide content in multiple languages in the easiest way possible. All you need to do is download and activate plugin, unlike other plugin options.


  • Fast and easy setup.
  • Supports up to 80 languages through Google Translate.
  • You may turn off Google branding when needed.
  • Switch between the whole range of options in Google Translate and a selected range of languages manually.
  • Vertical or inline layout options to provide the best visual appeal.
  • Auto translation to hire pro translator or to translate content manually.

Google Language Translator is a great choice for quick and cost-effective translation solution. It still gets the job done despite some drawbacks in using automatic translation.



This is a free and lesser known multilingual plugin offering unique way for visitors to access translated content. With the help of the translation button, Translator is used to translate your site in several languages efficiently and quickly. It’s based on machine-powered, automatic translations through Google Translate.


  • Simply choose the desired language to add for the viewers.
  • Automatic translation option above each post.
  • With best Google multilingual practices, it’s SEO optimized.
  • Stylish button customized to match your website’s look.

qTranslate X

qTranslate X

This is a free WordPress Plugin, to translate the theme to multilingual content using WordPress.

It supports endless languages that can be modified, added or deleted through an easy configuration page. All you have to do is activate the plugin and write content. It’s the easiest plugin to maintain dynamic content on the site.

When the static localization is implemented well and offered with WordPress framework using po/mo file framefork, you cannot maintain dynamic content without having an specialized plugin.


  • Several languages built in.
  • Translate widget titles and various custom fields using a shortcode.
  • Automatic date and time format conversion.
  • Customizable language switcher.
  • One language for each URL and three different URL formats available.
  • Language-specific sitemaps for Yoast SEO and Google XML Sitemaps.



For multilingual WordPress sites, WPGlobus includes additional add-ons like WPGlobus for TinyMCE, WP Globus for WPBakery Visual Composer (which provides the core plugin on themes supporting WPBakery), WooCommerce and WPGlobus Plus.


  • Tools to translate all kinds of widgets and posts for your website.
  • Allows you to add languages to your website and adds SEO features automatically for translated content.
  • Switch between languages for any post, either through widget or drop-down menu.
  • Allow users to switch between languages when available for any post either through widget or drop-down menu.
  • Easy to switch the language of administrator interface according to your preferences just from the dashboard.
  • Features admin interface to translate pages, posts, widgets, menus, tags and categories to several languages.
  • In the navigation menu, it adds a dropdown menu to switch between languages.
  • Admin interface to define custom combinations of language abbreviation and country flag and to select active languages.

WooCommerce Multilingual – Run with WPML

Woocommerce multilingual

Run multilingual ecommerce sites with ease using WPML and Woocommerce. Visitors can switch languages, translate store pages and products and order your products in their own language.


  • Multilingual with various kinds of product categories.
  • Central management to translate product categories, custom attributes and tags.
  • Keeps the same language throughout the checkout process.
  • Synchronize product images and variations.
  • Enable inventory tracking without having to separate products in different languages.
  • Send emails to administrators and clients in their desired language.
  • Run an individual WooCommerce store with several currencies.



If you’re looking for all-inclusive solution to setup and manage a multilingual WordPress site, Polylang provides a well-rounded solution. You can also link the translation service of Lingotek to your add-on. You can also use translation services or perform this manually.


  • Support for over 41 languages using admin interface.
  • Use unique sub-domains for each language enabled.
  • Easily switch between languages with a widget.
  • Even though it can detect the language automatically, one can also set it up manually or with a code in URL.
  • Provides translation features for custom posts, regular posts, taxonomies, and widgets.

Should You Choose Professional Translation?

Professional translation really is the best option if you’re making money from your site already, to help potentially cover the costs.

Standard translation rates can definitely help you to get the feel for what you’ll need to budget. If you choose the professional route, keep in mind that it’s not as simple as just paying someone to care for the translation, setting up the plugin, pasting it in and just leaving it as it is.

First of all, it’s a complex task to manage a translation project and you will have to go through sensible guidelines when it comes to sourcing a professional.

Capturing new customers or readers from different locations will also require a certain level of support. Before you invest in translation services, consider whether it’ll be viable for your company to engage with these new visitors and customer base. You might need to also review getting some extended support.

The Final Verdict

Do you still think translation of your site is tough job even after reading the above points? Don’t worry! All you need to start small, even with just one alternative language first. Any of these plugins will definitely help you stand out of the crowd.

What are your favorite multilingual plugins? Do you have any recommendations for other developers and website owners who are contemplating implementing multi-language functionality? If so, please share your comments below.