How to manage plugins, themes and secure your WordPress installation with Plesk WordPress toolkit?

How to manage plugins in WordPress using Plesk?

A plugin is known to add improved functionalities and features to your existing WordPress site. With Plesk, you can simply add or remove plugins, in few steps:

1. Adding/Installing Plugin

To add any plugin to your site, go to:

WordPress > Plugins tab > Install

Here, you need to mention the name of the plugin which you want to install, and click on search icon. Select the required plugin from the list and click on the check-box located in its front. The installed plugin will be activated by default. However, you can change this setting by unchecking the Activate after installation checkbox.

2. Removing Plugins

You can easily remove the plugins for any installation. Select the installation from which you want to remove the plugin and click the Plugins. Simply select the delete icon to remove it from the selected installation.

Manage Plugins

3. Activating and Deactivating Plugins

You can choose the WordPress installation from which you want to activate or deactivate any particular plugin. After selecting it, you have to click on Plugins. Here, you will find all the plugins present on the selected installation, with their activation statuses. You can individually select a plugin to activate or deactivate it for one or all installations.
To activate or deactivate one or more plugins on all WordPress installations on the server, just go to:

Server Management > WordPress > Plugins tab

Select the plugins you want to activate or deactivate by selecting the corresponding check boxes.

4. Updating Plugins

For updating any plugin, go to:

Server Management > WordPress > Plugins tab

Select the checkboxes against the plugins which you want to update. Click on Update.

How to manage WordPress themes using Plesk?

WordPress hosting themes give your site an attractive and beautiful look. Using Plesk, you can easily add, remove, activate or deactivate any WordPress theme.

1. Add Theme

To add any new theme, go to:

WordPress > Themes tab > Install

Look for the theme which you want by typing in its name and clicking on search icon. Select the desired theme, and tick the checkbox. You can have the same theme for all WP instances or can select it for one or more instances by clicking on the drop-down and then Select instances.

2. Remove theme

To remove any theme from the WordPress instance, go to WordPress.

Select the particular instance from which you want to remove the theme, and select Themes. Click on delete icon to delete the theme.

Manage themes

3. Activate or Deactivate theme

To activate or deactivate any theme for any particular subscription, go to:

WordPress > Themes tab

Select the installation on which you want to activate the theme and select Themes. You will find the complete list of themes for that installation along with the activation status. Select the theme, and it will be activated on all the installation on which it is used.

4. Update a theme

You can also update the existing themes on your WordPress installation. Simply go to:

WordPress > Themes tab

Now, select any theme which you want to update and select Update.

Securing your WordPress installations with Plesk WordPress Toolkit

You need to ensure the security of your WordPress instance. With the help of Plesk, you can easily do it. There is a very simple and defined way to do that, simply go to WordPress.


Here, you can do any of the following things:

  • You can check the security of your installations by selecting them and clicking on Check Security.
  • Alternatively, you can check security for individual installation as well by clicking on icon in the column S beside desired WP instance name.

To make your WP installation safe, select the checkboxes against the security improvements required, and select Secure.

Here’s a list of Security improvements by Plesk:

  • The wp-content folder security check ensures that the PHP files are not executed from wp-content directory, as it may contain infected files.
  • Configuration file includes database access credentials which can be hacked. The security check ensures that any unauthorized access to this file is blocked.
  • The wp-includes folder might include infected files, and security check ensures that PHP files are not executed from the wp-includes directory.
  • Directory browsing permissions are disabled by default to secure WordPress installation from hackers.
  • Database prefix is set to something different than wp__ by the security check, to forbid any unauthorized access.
  • Security keys ensure information encryption of WordPress users’ cookies. Security check monitors that the security keys like AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, and NONCE_KEY are set up and contain alphanumeric characters.
  • Files and Directories’ permissions need to comply with the security standards and policies. The security check ensures that the standard permissions are set for wp-config.php file, other files and directories.
  • Administrator’s username can lead to hacking of the WP instance as by default, WP sets a user with username admin, who has all administrative privileges. So, the hacker only needs to guess the password. Hence, the security check ensures that there is no user who has admin privileges and username set as admin.
  • Version information if displayed, makes the site vulnerable to hackers, hence, security check ensures that the readme.html files are always empty and every theme’s functions.php file has the line: remove_action(\’wp_head\’, \’wp_generator\’); .

Ask a question

"Hey couldn't find what you were looking for in our knowledgebase? Please enter your question here".

First Name *
Last Name *
Email Address *
Question *
Captcha *