I try to use minimal plugins in the sites I build from scratch. The trouble is that, the more 3rd-party plugins you have installed, whether activated or not, the more vulnerable your site is to intruders, and the more likely you are to have script conflicts between plugins that will cause your website to slow down, or even grind to a complete halt.
But with that said, there are 5 plugins that will help your website be as functional and secure as possible right from the get-go.
1. Spam Prevention
So, every self-hosted WordPress site is susceptible to a lot of comment spam. It can get pretty annoying. It’s mostly harmless, but it’s tacky and time-consuming to monitor it all. Fortunately, WordPress comes with the best spam blocker as part of it’s core installation. Akismet does a great job. All you need to do is create a WordPress.com account (this is the only thing I will ever recommend using WordPress.com for), and connecting your account to the Akismet plugin on your website. There’s a pro/paid version, but so far I’ve found the free one to be adequate for most websites.
2. Site Security
Oh yessss…this one is VITAL for any WordPress websites. And there are a couple of security plugins that are widely used. This one happens to be my favorite, for a few reasons: simply do a search for iThemes Security. Again, this is a plugin that has additional features available for a fee. But in most cases the free version will be adequate. In addition to it’s ability to block known hacker IPs, some of it’s most important features are:
- Allows you to get rid of User ID 1 (the automatic User ID assigned to the first user of your website – usually you, or whoever set up your install and is the primary administrator). It doesn’t *get rid* of the user themselves, it just makes a change to the database. This is important because hackers will often assume there’s a User ID of 1 and use that to try to get access to the website through back doors. If it doesn’t exist, it makes it *just* a bit harder to get in.
- It gives you a way to change your “login” URL, which is standard on every install of WordPress (http://www.website-url.com/login). You can change it to anything you want. Again, this helps to thwart hackers who know the standard URLs for gaining access to the admin panel.
- It gives you options for blocking access to the core wp-admin area as well. Important for the same reasons as above
- Possible the *most* important thing it makes simple is changing your wp-content directory name! The wp-content directory is where all your theme and plugins and media files “live”. Which makes it particularly vulnerable to hackers. By physically changing this directory name to something completely different, it makes it much more difficult for hackers that use bots to gain access to your website.
It has a number of other great security options as well. I highly recommend going through and turning on everything applicable to your website (not all webistes have SSL installed, so that one won’t be needed. And I haven’t yet run across a site that needed to limit admin access to certain hours of the day, for instance).
3. Site Backups
In this case, I recommend a premium plugin. I don’t do this often, but it’s one of 2 that I highly recommend as being worth the expense. Made by the same folks as iThemes Security, BackupBuddy is absolutely invaluable not just for backups, but for quick and simple site migration and restore as well. You can schedule regular backups and set it up to store those backups to an offsite storage location (such as DropBox), to email them to you, or just keep them stored in a directory on your website. And since it’s made by the same folks who make your security system, there’s excellent integration there.
However, there are some other backup plugins that folks use. I have not worked with most of these though so I don’t have an opinion one way or the other: UpdraftPlus WordPress Backup has over 1Million installs, as does Jetpack (which has quite a lot of other features available as well, but is a HUGE plugin. I rarely use it, as a matter of fact: Some hosts block a key file that Jetpack requires), and BackupWordPress has over 600,000 installs. With that many installs, you’re sure to get decent support when/if you run into any issues.
This is the other premium plugin I recommend: Gravity Forms. Yes, there are plenty of other plugins that make it easy to create forms. But Gravity Forms really does give you an incredible number of features right from the start, including a built in “honeypot” (it’s an invisible sort of “Captcha” – I don’t really know how it works, but it filters out bot entries very effectively without requiring folks to type anything in, which can be annoying). You *can* also include a captcha on your forms if you want though. Additionally, it has features that allow you to tie it in to any of the standard mail list systems like MailChimp, and can even tie in to PayPal (or other payment systems) pretty easily, making it a simple matter to create a small product catalog without the need for actual eCommerce being setup on your site. You can also create multi-page forms with ease, and it has lots of free and premium add-ons as well. Very much worth the investment.
5. SEO (Search Engine Optimization)
Ain’t no one gonna find your website just because it exists on the web. And while thePixelPixie doesn’t offer SEO services directly, I do make sure that every website is setup with the best possible SEO plugin available, in order to give you a headstart, and a starting place for your own SEO efforts. Yoast SEO is the most-used, most popular plugin to assist in these efforts. Again, there is a free and a paid version. All PixelPixie websites come with the free version installed from the get-go. With this, you get an area on every single page and post in your website to create optimal title tags, keywords, and even specific titles, descriptions, and images for Facebook and Twitter. It has lots of other features available, including turning off indexing of certain areas if you don’t want them to show up in search results, ways to specify how your page titles display, etc. It’s extensive, and extremely useful.
BONUS #6. ECommerce
Not every website needs ecommerce. And even if you *do* sell a couple of items on your site, you don’t necessarily need all the features of an online storefront. However, if you *do* need a full-featured store, WooCommerce is THE choice. Incredibly, the core system is absolutely free and available as a quick download through the plugins area on your admin panel. It was built specifically to integrate with WordPress and is continually being updated and improved. Plus there are countless free and premium plugins that allow customizations for just about any possible store need.
These are the most important plugins for your WordPress website. Some of them have extensive options and take some time to setup. I totally understand that the options can sometimes be a bit intimidating. Don’t be scared though. You really *can* do it. And if you *really* don’t want to tackle the initial setup yourself, I’m only an email away and am happy to help you. Soon I will even have premium content available with detailed tutorials on setting these things up yourself. In the meantime, simply Contact me and let me know what you’re needing help with and I will give you a quote. It won’t be too painful, I promise 😉
Let me know if you have any other plugins you consider to be important. I’m always interested in hearing what others are using.