WordPress themes and plugins

Themes and plugins to get you started.

Great! So now we have our WordPress installation setup and we’re ready to get started building out our site. Given that this will be an e-commerce site, the plugin we’ll need is Woocommerce, but before we go ahead with the installation let me explain what plugins and themes are.

A plugin is an extension with will give your WordPress site some extra functionality, be it security, additional SEO capability or e-commerce. There are currently nearly 50,000 plugins available according to WordPress.org, which makes WordPress very flexible in terms of what you want it to do.

A theme on the other hand dictates how your site looks. It’s a little hard to tell exactly how many theme. s there are, but you can be sure that it’s a lot, and all are customisable ensuring that your site, with a little effort, can look unique, even if it’s using the same base theme.

So first off, we need to login to the dashboard. To do this, either click the link provided on the Softaculous success page or simply type your url into the address bar followed by a forward slash and wp-admin. It should look something like this:



[siteorigin_widget class=”SiteOrigin_Widget_Image_Widget”][/siteorigin_widget]
[siteorigin_widget class=”SiteOrigin_Widget_Image_Widget”][/siteorigin_widget]
[siteorigin_widget class=”SiteOrigin_Widget_Image_Widget”][/siteorigin_widget]

After logging in, you’ll be taken straight to the dashboard. It can look a little overwhelming at first but as we progress, it’ll become much more familiar. Before going into too much detail about the rest of the dashboard, let’s stick to the plan and install our plugins and theme.

A couple of notes first. Generally with themes and plugins, there are free and paid or premium versions. For much of this exercise we’ll be using the free versions, and occasionally paid, which as you can guess will provide more features and ( hopefully ) better support. Some things to look for when installing themes and plugins are:

  • Does it provide the functionality / look you require?
  • Is it regularly maintained? It’s possible that the plugin or theme might not be compatible with your version of WordPress but if it’s regularly updated, you can safely assume that in the not too distant future it will.
  • Is it used on many sites / installations?
  • Does it get good reviews?

Once you’re comfortable that your plugin or theme is the right one, go ahead and install it, and don’t worry too much if it isn’t their easy to uninstall too.

The first plugin we’re going to install is the iThemes Security plugin, and we want to use it to do two things:

  1. Limit brute force attacks
  2. Change the login address for the admin

We want to do these things to help prevent our site getting hacked, and with around 70 millions installations over the internet, WordPress is a pretty good target. As you can imagine every WordPress installation has wp-admin as the standard entry point to login to the dashboard. So changing the admin login address is crucial to help prevent brute force attacks on this entry point. So what is a brute force attack you ask? A brute force attack effectively uses a dictionary type method to guess username and password combinations. So if your username is admin and password is 123456, this can be very easy, particular as computer can try millions of combinations per second. What we can do to avoid this kind of attack is have a strong username and password, and limit login attempts to a few every few minutes. We’ll go about setting up the latter now, and hopefully you’ve already got the former. If not, I’ll cover that shortly.

To add a new plugin, look for the ‘Plugins’ entry in the dashboard menu on the left. As you hover over it, you’ll see a flyout menu with ‘Add new’ as an option. Select that or click ‘Plugins’ and select the ‘Add new’ button to the right of the Plugins heading at the top of the page.


[siteorigin_widget class=”SiteOrigin_Widget_Image_Widget”][/siteorigin_widget]
[siteorigin_widget class=”SiteOrigin_Widget_Image_Widget”][/siteorigin_widget]
[siteorigin_widget class=”SiteOrigin_Widget_Image_Widget”][/siteorigin_widget]

Once you’ve found the iThemes Security plugin, click install, then activate. Notice the information to the bottom of each the themes and plugins shows reviews, number of downloads and how recently it was updated. You can read more about each plugin to see if it suits by clicking on the ‘More Details’ link beneath Install Now. You’ll then be taken back to the dashboard where you can begin to configure the plugin. There will be two new entries pointing to the security plugin in the dashboard menu – one at the top and one to the left, click one of them to begin the configuration. 


To begin with we’re shown the ‘Security Check’ page which has a ‘Secure Site’ button toward the bottom. If we click that some additional recommended modules and settings will be installed and implemented, otherwise click ‘Close’ to ignore them. I’m going to cllick ‘Secure Site’. On the next page I’ve also clicked the ‘Run Brute Force Network Protection’ button, after which our foundation for security is complete.


[siteorigin_widget class=”SiteOrigin_Widget_Image_Widget”][/siteorigin_widget]
[siteorigin_widget class=”SiteOrigin_Widget_Image_Widget”][/siteorigin_widget]
[siteorigin_widget class=”SiteOrigin_Widget_Image_Widget”][/siteorigin_widget]

As mentioned earlier, many themes and plugins are available with both free and paid versions and iThemes Security is no exception. I haven’t enabled the PRO version (yet). Let’s continue configuring this plugin.

First let’s change the URL for the admin login to something a little less obvious. If you think about it, there are around 70 million sites on the web using WordPress and every one of them starts out with the wp-admin suffix for the admin login. Many of them are never changed. This makes it very easy for someone to execute a brute force attack in an effort to login to your site. Let’s fix that.

Go to the ‘Advanced’ link toward the top right of the iThemes Security dashboard and click it. Click ‘Configure’ on the ‘Hide Backend’ card. Check ‘Enable the hide backend feature’ and enter the details appropriate for your site. I’ve redirected the site to the home page for non-admin users trying to get to the wp-admin url. When you’re done, click ‘Save Settings’.

Two other cards worth looking at while here are SSL ( if you have that option with your host ) and WordPress Salts, which will increase the complexity of your password on the server side, making it near impossible to hack. Don’t worry though, for you, the password will remain the same.

With that, we’re pretty much done for our first plugin, well done! Feel free to keep poking around, and if you have any questions, drop me a line. Read on for more on installation of themes and plugins here.

[siteorigin_widget class=”SiteOrigin_Widget_Image_Widget”][/siteorigin_widget]
[siteorigin_widget class=”SiteOrigin_Widget_Image_Widget”][/siteorigin_widget]
[siteorigin_widget class=”SiteOrigin_Widget_Image_Widget”][/siteorigin_widget]

Leave a Reply

Your email address will not be published. Required fields are marked *