Deal Ends In:
00 Days
00 Hours
00 Mins
00 Secs
Memorial Day


Hosting Question? Find the Solution - Browse our Guides, Articles, and How-To's

3 Ways of How to Install WordPress Plugins Step by Step

There are three ways of installing WordPress plugins, two from within the WordPress Admin pages and one using file transfer such as FTP, SFTP or SCP. None of these are particularly more difficult than the other, but nevertheless, we’ll cover how to install WordPress plugins step by step using each of the methods listed.

Method #A – Plugin Installation Using WordPress Admin Plugins Page

The easiest and most popular way to install WordPress plugins is through the WordPress Admin plugins page.

  1. Login to WordPress Admin area
  2. Click Plugins in the menu to the left
  3. Input the plugin name into the search form at the top right of the page
  4. Scroll down until you find the plugin, then click Install Now
  5. Wait for the message confirming the installation was a success
  6. Click Activate Plugin and move on to configuring any settings required

The advantage of this method is that you can search for plugins by function, like “security”, “firewall”, “facebook”, etc. and then browse through the search results, right from within the WordPress Admin plugin page, choosing a plugin after you’ve had a chance to scan through several other competing plugins. If you already know the name of the plugin, then this isn’t much of an advantage, but is worth mentioning nonetheless.

Method #B – Installation Using WordPress Admin Plugins Page Upload

Rather than doing a search and browse approach to finding the ideal plugin to install, the upload method relies on you having the plugin ZIP file that you’d like to install. This is particularly useful when you’ve got plugins from somewhere other than the plugin repository, which is what Method A relies on.

If you’ve bought a plugin from a developer or large repository site like, then Method B will give you the flexibility to upload the zip file and install it directly without needing to conduct a search first.

  1. Login to WordPress Admin area
  2. Click Plugins → Add New in the menu to the left
  3. Click the Upload Plugin button at the top of the page
  4. Browse your local file system, select the file and click Install Now
  5. Wait for the message confirming the installation was a success
  6. Click Activate Plugin and move on to configuring any settings required

As you can see, the steps are remarkably similar to those from Method A. The only difference is that you’re uploading a local ZIP file rather than locating the plugin on

Method #C – Plugin Installation Using File Transfer + WP Admin

Occasionally you’ll find some hurdle which gets in the way of trying to install a plugin using Method B. You’ve got a ZIP file, but aren’t able to use the upload function within the WordPress Admin Plugins page Add New function. Perhaps you’ve got a standard list of 10 or 20 plugins to add and you’d like to speed up the process. In that case, uploading the ZIP files in batch will give you a chance to handle half of the plugin install process in one fell swoop.

Method C relies on you having installed and configured a file transfer client to move files between your local machine and your WordPress hosting filesystem. You could use cPanel File Manager, but it’s slower and requires you to login to cPanel and use File Manager.

In Method C, we’re assuming that you’re using FTP, SFTP, SCP, FXP or some other file transfer software that’s already installed and configured.

  1. Unzip the plugin ZIP file on your local machine
  2. Launch your file transfer client and browse to find that unzipped plugin folder
  3. Transfer the entire local plugin folder to your hosting /wp-content/plugins folder
  4. Login to WordPress Admin area
  5. Click Plugins in the menu to the left
  6. You’ll now see the new plugin installed but not yet activated in your list of plugins
  7. Click Activate Plugin and move on to configuring any settings required

This method does bypass some of the checks that would otherwise prevent you from installing malicious code in your WordPress site, so use it with caution, making sure that the plugin you’re installing is indeed the one intended and that you trust the source fully.

How to Know if a WordPress Plugin is Safe?

The problem with installing WordPress plugins is that you don’t always know beforehand if they are actually safe to install and use. There is no giant flashing warning light saying, “Don’t Install Me – I’m Harmful!”.

There are a few sanity checks that you can perform, before installing a plugin, to help you decide whether or not it’s going to be safe to install.

Plugin Safety Signals – Questions to Ask BEFORE Installing

Rule 1 – Consider the Source

Is the plugin from a known reputable source like, or Or, is it from a site you’ve never heard of – a site that may look dodgy, offer dodgy content (like spying, hacking, keyloggers, eavesdropping or other extremely questionable purpose plugin)?

Rule 2 – Read the Reviews

Don’t just look at plugin ratings. Sometimes old plugins die and are taken over by those with evil intent. You might see 4.8 out of 5.0 stars and think it’s awesome, then take a look at the reviews and realize it was 5.0 out of 5.0 up until a year ago at which point it’s got a string of 1.0 reviews because it’s now some type of malware, suspected information stealer or just plain insecure. Have you checked the reviews before installing?

Rule 3 – Visit the Developer Site

Plugins are created by developers, many of whom rely on income from premium versions in order to pay the bills. Checking out the developer site means more than just visiting, it means doing a few minutes of investigating.

Search for the developer site and plugin name in Google and try adding words like “hacked”, “compromised” and “unsafe”. Search for the developer site on Google and see if Google gives a warning about the site being unsafe or malware-related. If you’re using an anti-virus application or have a plugin that checks a site reputation, do any warnings go off before you visit or when you try to click and visit?


Installing plugins is more than just clicking Install and Activate. You, as a responsible site owner, have a duty to protect yourself (and others) by casting a critical eye upon software you’re about to install, particularly when other people will be interacting with it and when your livelihood is on the line.

Take the time to look, think, look, then ask, whenever you come into contact with plugins, extensions, themes or anything that you’re going to install to your web hosting account. You’ll be glad you did!