Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member

Choosing trusted plug-ins and themes

From: WordPress 3: Developing Secure Sites

Video: Choosing trusted plug-ins and themes

Did you know that installing insecure plug-ins and themes puts your site at risk? If the plug-in or theme contains any sort of vulnerability, your entire site may be targeted and attacked. Choosing trusted plug-ins and themes only takes a few minutes, and you can do most of it from the comfort of the WordPress Admin. In this screencast we will demonstrate some practical guidelines and helpful tips for choosing safe and secure plug-ins and themes. The goal is simple: review as much information as it takes to make the best choice.

Choosing trusted plug-ins and themes

Did you know that installing insecure plug-ins and themes puts your site at risk? If the plug-in or theme contains any sort of vulnerability, your entire site may be targeted and attacked. Choosing trusted plug-ins and themes only takes a few minutes, and you can do most of it from the comfort of the WordPress Admin. In this screencast we will demonstrate some practical guidelines and helpful tips for choosing safe and secure plug-ins and themes. The goal is simple: review as much information as it takes to make the best choice.

There are no hard-and-fast rules, but applying some practical guidelines will help you find a safe and reliable plug-in. Whenever possible choose plug-ins from the WordPress Plugin Directory. Look for intelligent, informative descriptions, look at the version number of the plug-in, look for an active changelog, and look at the plug-in rating. Let's see an example of this by going to the install plug-ins screen in the WordPress Admin area. We click on the Add New button and do a quick search for Google XML sitemaps.

Let's click on the Details link to see an example of a safe and reliable plug-in. Notice the description is well written and intelligent. It suits our purposes and explains everything that we need, provides related links, some fine print, and everything else we need to know about this plug-in. Clicking on the Installation page, we also see--very informative, well written, thorough. That's good. We are going to need that, especially if it's anything other than typical. Screenshots, here are screenshots of the plug-in, and what we are looking for here is quality.

We are looking for a functionality and things that may be useful for us if we decide to install the plug-in. The changelog is very important because it shows whether or not the plug-in is actively developed and maintained. The changelog for this plug-in is actually listed on this web page here outside of the Admin area, but that's okay. We just scroll down and we begin to see the amount of work that has been put into this plug-in, and we begin to understand why it is the best XML site map plug-in. According to many people, it is just amazing.

So let's return to the Admin and look at more clues for this great plug-in. It has a good frequently asked questions, FAQ, section, includes some other notes about the license, translations, and so forth. But perhaps the most valuable piece of information is in the sidebar here. This summary provides clues that will help you decide whether or not this plug-in is right for you. First look at the version number. 3.2.4 suggests that this plug-in has been around a while. Look at the author. Is it a reputable author, one that you recognize? When was it last updated? 374 days ago. That's roughly a year, and so we may be hesitant by seeing that.

It says it is compatible with the latest version of WordPress, and here is an amazing tidbit of information: it has been downloaded over 5 million times, which is an incredibly large number for a plug-in. Another important clue is here in the average rating, and 4 1/2 stars based on that many, 2,000--over 2000--votes. Definitely this would make up my mind right here. I would probably go with this plug-in maybe after looking at a couple more. But if you still can't decide after all that, look for an external plug-in page that you can do visit. If one is available, the link will be listed right here in the sidebar beneath the WordPress org link.

We can click on that go to the web site for the plug-in and learn more about the plug-in. Now, applying this strategy, let's find a good plug-in for say formatting our theme for mobile devices. So we click on the Add New link and type in a keyword to get us started, something like 'mobile' and then click on Search Plugins to bring up the results. As you can see, there's quite a bit to choose from, as is the case with most WordPress plug-ins.

So first, let's scan the list to get a general idea of what's available. There's some good ratings, looks like some new plug-ins here, and then let's begin our search by clicking on the Details link for the first result. This looks good, but it says it hasn't been tested with our current version of WordPress. Something to keep in mind is that Word press releases what are called point updates, where the plug-in will go from version 3.0.5 to 3.1, or 3.0.6.

In many cases, plug-ins will work just fine for point updates. WordPress's current version is 3, so chances are this plug-in will work just fine, and the reason that it says this message is because somebody has not taken the time to log in to WordPress.org and let the software know that it is compatible. You see a nice thorough description here, version number 1.2.4. It's been downloaded 192,000 times. Some great ratings here, four stars, based on a good number of ratings. The installation looks doable.

It includes some screenshots here of what the plug-in looks like. That's nice to know. So everything looks good, and we would continue flipping through tabs and seeing things like this right here, the changelog. Good, good changelog. Active development. We would continue shopping through a plug-ins to narrow it down and fin the best of the best of the best. Once you get that far, it becomes a matter of personal preferences, features, and so forth. For WordPress themes the same sort of strategy applies.

Look for themes that point toward active development, trusted authors, compatibility, and popularity. To see an example of this, let's return to the demo site admin area and go to the Appearance menu and click on Themes. Click on the Install Themes tab and enter your keyword or keywords. For us, it is mobile. So we click Search, and we see we have some great results. As you can see, there's not as much information available as for plug-ins, but we can get a good idea by clicking the Details link and looking at the version number, author, and ratings.

Once you decide on a theme and have it installed, a great way to check it out under the hood is to use the handy Theme Check plug-in, as seen here in the Appearance menu. Let's run a quick check on the default 2010 Theme. Let's suppress the extraneous information and click Check it! Here we see that the results are very good: Twenty Ten has passed the tests and is squeaky clean, safe to use. To see an example of a theme with less-than-stellar results, we rerun the Theme Check on a randomly chosen theme named Skulls. We click Check it! And as we see, the Skulls theme is missing a number of required items, as well as a number of recommended items.

Does this mean that you shouldn't use the theme? Well, that's up to you. But if you see anything serious, you should either investigate further or just move on to the next theme. In this screencast, we've seen some smart ways to stay savvy when adding new themes and plug-ins. From the comfort of the Admin area, WordPress makes it easy to find, install, and update safe and secure plug-ins and themes for your site.

Show transcript

This video is part of

Image for WordPress 3: Developing Secure Sites
WordPress 3: Developing Secure Sites

36 video lessons · 11286 viewers

Jeff Starr
Author

 

Start learning today

Get unlimited access to all courses for just $25/month.

Become a member
Sometimes @lynda teaches me how to use a program and sometimes Lynda.com changes my life forever. @JosefShutter
@lynda lynda.com is an absolute life saver when it comes to learning todays software. Definitely recommend it! #higherlearning @Michael_Caraway
@lynda The best thing online! Your database of courses is great! To the mark and very helpful. Thanks! @ru22more
Got to create something yesterday I never thought I could do. #thanks @lynda @Ngventurella
I really do love @lynda as a learning platform. Never stop learning and developing, it’s probably our greatest gift as a species! @soundslikedavid
@lynda just subscribed to lynda.com all I can say its brilliant join now trust me @ButchSamurai
@lynda is an awesome resource. The membership is priceless if you take advantage of it. @diabetic_techie
One of the best decision I made this year. Buy a 1yr subscription to @lynda @cybercaptive
guys lynda.com (@lynda) is the best. So far I’ve learned Java, principles of OO programming, and now learning about MS project @lucasmitchell
Signed back up to @lynda dot com. I’ve missed it!! Proper geeking out right now! #timetolearn #geek @JayGodbold
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ.

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Join now "Already a member? Log in

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed WordPress 3: Developing Secure Sites.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferencesfrom the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Are you sure you want to delete this note?

No

Your file was successfully uploaded.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.