Today I’m going to share with you a few of the plugins I use most. Some of them are essential to a healthy site, while others add functionality that seems minor, but greatly enhances the security or convenience of your site in common situations.
I am not acquainted with the developers of any of these plugins, nor do I receive affiliate pay or any other form of kickback for recommending them. While some of the plugins have a premium version, this post discusses the free version. All of these plugins are available in the WordPress plugin repository, or from Plugins/Add New in your WordPress Dashboard.
Wordfence is the first plugin I install on a new site. I also install it on existing sites, especially those that may have been compromised by outdated plugins, themes or WordPress.
Wordfence is an awesome security plugin that does all kinds of different things to protect your site from hackers, from scanning for hostile code, to monitoring login attempts, to blocking hackers who try to upload malicious files to your site. Wordfence emails you when there are issues to address, or updates available for your site.
The free version of Wordfence is generously featured, but you can get even more features in the premium version. The Wordfence folks are highly worthy of your support. If you can’t afford or don’t need premium Wordfence, at least write them a nice review.
Every WordPress site should be backed up regularly. Backups created through a hosting interface such as cPanel may only be useful if you are restoring your entire site – which is not to say you can’t make and download those backups, too, but I prefer to use a WordPress plugin for finer control over what is backed up, and easier access to extraction of a single file.
With BackWPup, you can schedule the time and frequency of backups, create separate backup jobs for different parts of your site (such as those large image galleries that rarely change), activate a handy topbar icon in your Dashboard from which you can initiate or download backups, and back up site files plus database to a single zip file for easy downloading. You can also receive email notifications after a backup job completes to remind you to download a copy, or upload your backups to various cloud drives, and there is a handy one-click link to back up your database before you run major WordPress updates, or anything else that will alter your database.
Have you ever spent hours trying to configure a caching plugin, researching dozens of unfamiliar terms and settings, and trying to understand how they apply to your site and interact with each other until your brain went cross-eyed, only to end up with SLOWER loading than you started out with? If so, you are going to love SpeedyCache. Almost all of the settings are paywalled (only available in premium) which makes your choices really simple, and they are labeled and described in a much more newbie-friendly way than other caching plugins. If you turn on Enable Cache and Automatic Cache after installation (don’t forget to save at the bottom of the settings), you will probably find your site is faster than it’s ever been before.
Posting an email address to a website is a lot like broadcasting a giant CALLING ALL SPAMMERS message. Spammers have automated programs constantly scouring the internet, searching the underlying code of websites for anything formatted like an email address.
Email Encoder recognizes email addresses on your site automatically, and converts them to unrecognizable code behind the scenes, so that they still look and work like email addresses for humans, but become invisible to automated email address harvesters. There is nothing to configure – just install it, and it works in the background.
ABOVE: Email address (red text) as it appears in the underlying code of a website. Clearly an email address.
Same email address after installation of Email Address Encoder.
Alas, my favorite columns plugin, Column Shortcodes, has not been tested with the current version of WordPress, so I can’t currently recommend it. Hopefully, the authors will eventually find time to bring it up to date. Until then, Shortcodes Ultimate (aka Ultimate Shortcodes) also offers a columns feature, along with a ton of other layout and styling options (for example, spacers, tabs and accordions). You can see it in action on my home page, in the middle of the “Getting Started With WordPress” section. I try not to use a lot of shortcodes in my sites, but if you just need them for one or two things, chances are, you can find that in Shortcodes Ultimate.
Creating a mailing list on your website can be ridiculously complex, requiring multiple plugins and a steep learning curve, only to produce really ugly emails after all that trouble. Or you can use Email Subscribers & Newsletters by Icegram, which offers a great balance between features and simplicity.
The feature set is just what you’d want: relatively simple setup, a subscribe widget, shortcode for a sign-up page (to link to when you promote your list), double opt-in option, editable sign-up confirmations, editable automatic post notifications, manual emailing to your list (“newsletters” in WordPress lingo), importable/exportable subscriber lists, and reports on who got the email and who opened it. The plugin authors also monitor the WordPress.org support forums (which they are not obliged to do).
Even if you don’t have blog posts on your website, you may find yourself receiving spam comments. How can this happen? WordPress automatically creates “pages” (i.e., URLs) for every image and every author on your site. Spammer bots can find these “pages” and post comments on them, even though they aren’t on your navigation menu, and you didn’t know they existed.
The WordPress admin settings to manage comments (Settings > Discussion) are rather complex, with many options for managing comments if you do choose to receive them. There ought to be a checkbox at the very top to disable all comments everywhere, but there is not. That’s what this plugin does (and why it is wildly popular, with over a million users).
In addition, the plugin provides simple and clear checkboxes for other options, including disable comments on pages, disable on posts, and perhaps most usefully, disable on media. This would be the box to check if you DO have posts on your site and want visitors to be able to comment, but wish to reduce spam commenting by blocking comments on image URLs.
The plugin also offers the option to delete existing spam comments when you set it up, so you don’t have to do it manually.
Not on the List
Akismet. You may notice certain widely-used and much-recommended plugins that are not on my list. For example, Akismet, which is included by default in every WordPress installation. Akismet filters comment spam, and does it very well. However, since there are now so many WordPress sites that don’t include a blog (therefore, no comments), it may be time to rethink the automatic inclusion of Akismet.
Jetpack. Jetpack was originally intended to provide self-hosted WordPress users some of the nice widgets that used to be built in to WordPress.com sites. However, it has mushroomed into a gigantic megaplugin with dozens of modules. In recent years, venture capitalists took over the board of WordPress.com. They have butchered that platform so badly that I no longer recommend or support it, as well as rather aggressively promoting unneeded and very expensive services to people who don’t understand what they are buying – including Jetpack. Jetpack has been monetized with premium add-on services, most of which which you can get with other plugins for free.
Yoast SEO. Yoast SEO adds a user-friendly color code system and recommendations for changes to improve SEO to the content editing panes. Sadly, the plugin was purchased by predatory megahost NewFold Digital in 2021. Functionally, it doesn’t seem to have changed much, but I trust Newfold Digital about as far as I could throw them, so I can’t recommend anything they are associated with. Many of my clients now use the Rank Math plugin for SEO. This is more complex and less intuitive, but does offer some features Yoast SEO does not have. Yoast SEO’s longtime competitor, All in One SEO, is also a popular replacement option.
Paying for Plugins
It’s easy to expect a lot from plugins, without giving much thought to where they come from. In the high-profile, constantly changing world of WordPress, it can be a lot of work to create, support and update a plugin. Some plugin authors do the work for free, which is great for users – until something changes and they no longer have the time to maintain the plugin.
Other plugin builders choose from a variety of models to earn some recompense for their labor, such as offering paid support or premium versions of the plugins, or advertising other non-free products through their plugin’s Dashboard interface.
When you install a plugin, think about how it has helped you. If it’s useful enough to keep, take the time to go to the plugin’s page in the WordPress plugin repository, and post a favorable review. You can also support plugin developers by purchasing the premium version, or if you don’t want the premium version, it’s OK to send them a donation, too!
If you request and receive support from the plugin author, be nice, and say thank you. WordPress wouldn’t be the amazingly flexible tool it is without plugins, so let plugin writers know that we appreciate how much they help us create the websites of our dreams.
7 Plugins for Every WordPress Site
Today I’m going to share with you a few of the plugins I use most. Some of them are essential to a healthy site, while others add functionality that seems minor, but greatly enhances the security or convenience of your site in common situations.
I am not acquainted with the developers of any of these plugins, nor do I receive affiliate pay or any other form of kickback for recommending them. While some of the plugins have a premium version, this post discusses the free version. All of these plugins are available in the WordPress plugin repository, or from Plugins/Add New in your WordPress Dashboard.
1). Wordfence
Wordfence is an awesome security plugin that does all kinds of different things to protect your site from hackers, from scanning for hostile code, to monitoring login attempts, to blocking hackers who try to upload malicious files to your site. Wordfence emails you when there are issues to address, or updates available for your site.
The free version of Wordfence is generously featured, but you can get even more features in the premium version. The Wordfence folks are highly worthy of your support. If you can’t afford or don’t need premium Wordfence, at least write them a nice review.
2). BackWPup
With BackWPup, you can schedule the time and frequency of backups, create separate backup jobs for different parts of your site (such as those large image galleries that rarely change), activate a handy topbar icon in your Dashboard from which you can initiate or download backups, and back up site files plus database to a single zip file for easy downloading. You can also receive email notifications after a backup job completes to remind you to download a copy, or upload your backups to various cloud drives, and there is a handy one-click link to back up your database before you run major WordPress updates, or anything else that will alter your database.
3). SpeedyCache
Have you ever spent hours trying to configure a caching plugin, researching dozens of unfamiliar terms and settings, and trying to understand how they apply to your site and interact with each other until your brain went cross-eyed, only to end up with SLOWER loading than you started out with? If so, you are going to love SpeedyCache. Almost all of the settings are paywalled (only available in premium) which makes your choices really simple, and they are labeled and described in a much more newbie-friendly way than other caching plugins. If you turn on Enable Cache and Automatic Cache after installation (don’t forget to save at the bottom of the settings), you will probably find your site is faster than it’s ever been before.
4). Email Encoder
Posting an email address to a website is a lot like broadcasting a giant CALLING ALL SPAMMERS message. Spammers have automated programs constantly scouring the internet, searching the underlying code of websites for anything formatted like an email address.
Email Encoder recognizes email addresses on your site automatically, and converts them to unrecognizable code behind the scenes, so that they still look and work like email addresses for humans, but become invisible to automated email address harvesters. There is nothing to configure – just install it, and it works in the background.
ABOVE: Email address (red text) as it appears in the underlying code of a website. Clearly an email address.
Same email address after installation of Email Address Encoder.
5). Shortcodes Ultimate
6). Email Subscribers & Newsletters
The feature set is just what you’d want: relatively simple setup, a subscribe widget, shortcode for a sign-up page (to link to when you promote your list), double opt-in option, editable sign-up confirmations, editable automatic post notifications, manual emailing to your list (“newsletters” in WordPress lingo), importable/exportable subscriber lists, and reports on who got the email and who opened it. The plugin authors also monitor the WordPress.org support forums (which they are not obliged to do).
7). Disable Comments
Even if you don’t have blog posts on your website, you may find yourself receiving spam comments. How can this happen? WordPress automatically creates “pages” (i.e., URLs) for every image and every author on your site. Spammer bots can find these “pages” and post comments on them, even though they aren’t on your navigation menu, and you didn’t know they existed.
The WordPress admin settings to manage comments (Settings > Discussion) are rather complex, with many options for managing comments if you do choose to receive them. There ought to be a checkbox at the very top to disable all comments everywhere, but there is not. That’s what this plugin does (and why it is wildly popular, with over a million users).
In addition, the plugin provides simple and clear checkboxes for other options, including disable comments on pages, disable on posts, and perhaps most usefully, disable on media. This would be the box to check if you DO have posts on your site and want visitors to be able to comment, but wish to reduce spam commenting by blocking comments on image URLs.
The plugin also offers the option to delete existing spam comments when you set it up, so you don’t have to do it manually.
Not on the List
Akismet. You may notice certain widely-used and much-recommended plugins that are not on my list. For example, Akismet, which is included by default in every WordPress installation. Akismet filters comment spam, and does it very well. However, since there are now so many WordPress sites that don’t include a blog (therefore, no comments), it may be time to rethink the automatic inclusion of Akismet.
Jetpack. Jetpack was originally intended to provide self-hosted WordPress users some of the nice widgets that used to be built in to WordPress.com sites. However, it has mushroomed into a gigantic megaplugin with dozens of modules. In recent years, venture capitalists took over the board of WordPress.com. They have butchered that platform so badly that I no longer recommend or support it, as well as rather aggressively promoting unneeded and very expensive services to people who don’t understand what they are buying – including Jetpack. Jetpack has been monetized with premium add-on services, most of which which you can get with other plugins for free.
Yoast SEO. Yoast SEO adds a user-friendly color code system and recommendations for changes to improve SEO to the content editing panes. Sadly, the plugin was purchased by predatory megahost NewFold Digital in 2021. Functionally, it doesn’t seem to have changed much, but I trust Newfold Digital about as far as I could throw them, so I can’t recommend anything they are associated with. Many of my clients now use the Rank Math plugin for SEO. This is more complex and less intuitive, but does offer some features Yoast SEO does not have. Yoast SEO’s longtime competitor, All in One SEO, is also a popular replacement option.
Paying for Plugins
It’s easy to expect a lot from plugins, without giving much thought to where they come from. In the high-profile, constantly changing world of WordPress, it can be a lot of work to create, support and update a plugin. Some plugin authors do the work for free, which is great for users – until something changes and they no longer have the time to maintain the plugin.
Other plugin builders choose from a variety of models to earn some recompense for their labor, such as offering paid support or premium versions of the plugins, or advertising other non-free products through their plugin’s Dashboard interface.
When you install a plugin, think about how it has helped you. If it’s useful enough to keep, take the time to go to the plugin’s page in the WordPress plugin repository, and post a favorable review. You can also support plugin developers by purchasing the premium version, or if you don’t want the premium version, it’s OK to send them a donation, too!
If you request and receive support from the plugin author, be nice, and say thank you. WordPress wouldn’t be the amazingly flexible tool it is without plugins, so let plugin writers know that we appreciate how much they help us create the websites of our dreams.