A security pluginWordPress is pretty secure by default, but a security plugin can make it even more secure. For example, WordPress does not limit the number of login attempts. Therefore, a hacker can write a script that repeatedly tries different passwords until they guess the correct password. They can easily try thousands of passwords per minute. To protect against such hacking attempts, you can install one of the security plugins below. All of them have the ability to limit the number of login attempts per IP address. If someone submits the incorrect password too many times, they’ll be locked out for a few minutes. Wordfence is the most popular WordPress security plugin, but I’m using All in One WP Security and Firewall. Wordfence has a much better blocking feature (e.g. blocking by region or host name), but it’s missing a lot of other features such as captchas for comments. Furthermore, All in One WP Security and Firewall clearly explains each option, whereas I had to Google many of Wordfence’s options. It could be worth it to install multiple security plugins.
A caching pluginWordPress can be quite slow if you have a slow server or if you have many posts or plugins. This will annoy your visitors and decrease your ranking on search engines. You may even hit your server’s resource limit if you have lots of visitors. A caching plugin speeds up WordPress’s load time and decrease its resource usage. A caching plugin works by saving WordPress’s output and serving the saved content. For example, the first time someone accesses your homepage, WordPress fetches your posts from the database and processes them. It also runs code from your plugins and theme. When everything finishes running, the HTML for your blog is generated. The caching plugin saves the resulting HTML. The next time someone accesses your homepage, the plugin serves the saved HTML instead of running everything again. When you make a change to your blog (or after a specified amount of time), the plugin deletes the cache and lets WordPress run with the new data. I’m using W3 Total Cache because it has more options than Wordfence and better design than WP Super Cache. W3 Total Cache and WP Super Cache have similar features, so it comes down to personal preferences. Wordfence is primarily a security plugin, but it has a simple caching feature that’s suitable for beginners. It has far fewer options than the two dedicated caching plugins, but it’s a good choice if you want to install a security plugin anyway.
An SEO pluginWordPress was designed with SEO in mind, but SEO plugins can help you do even better. SEO plugins automatically generate meta tags that help you rank slightly better. More importantly, they can make your entry in search engines look better and more likely to be slightly. Also, most SEO plugins generate meta tags for social networks such as Facebook and Twitter. When someone shares your posts on a social network, the plugins can make the links look better. Both SEO plugins below can generate XML sitemaps, but I prefer to use a dedicated plugin for that. I’m using Yoast for this blog because it has a tool to help me optimize my posts as I write. It analyzes my post and gives me hints to improve the post for SEO.
A XML sitemap pluginXML sitemaps are used by search engines to help find and crawl your content. Sitemaps help search engines find content that they wouldn’t have found otherwise. They also help you rank better by keeping search engines updated about your changes. All the popular SEO WordPress plugins include an XML sitemap feature. They all work pretty well, so you can use your SEO plugin to generate your sitemap. However, since having a dedicated XML sitemap plugin doesn’t hurt your blog’s performance, I recommend using Google XML Sitemaps to generate your sitemap. The plugin has slight advantages over SEO plugins, such as generating month-based sitemaps and automatically calculating post priorities.
A social media sharing button pluginA sharing button plugin adds buttons to share your post to Facebook, Twitter, etc. Many WordPress themes come with built-in sharing buttons, but a dedicated sharing button plugin can have a lot more options. I don’t really like any of the free sharing button plugins, probably because I made my own several years ago which had all the features I wanted. However, I stopped maintaining my plugin, but I may make a new one when I have time. After trying about 20 of the most popular sharing plugins, Cresta was my favorite. It was great-looking, lightweight, and had lots of customization options. However, it was missing the Reddit button. AddThis and AddToAny are great options as well. However, AddThis appears to get blocked by some ad blockers and I didn’t like AddToAny’s design. If you don’t need the Reddit button, I recommend getting the Cresta plugin.
A comment spam pluginWordPress is a common target for comment spam. Spammers create bots that look for WordPress blogs and post comments. You have several options for reducing comment spam: use a spam detection plugin, add a captcha, require login, or disable comments. The latter three options discourage readers from leaving comments. Therefore, I recommend using a spam detection plugin such as Akismet, which comes with WordPress. Akismet uses data from millions of WordPress blogs to figure out what types of comments are spam. If you get too many spam comments in your Akismet log, you can add a captcha to reduce spam. Many security plugins also include features to help with comment spam.
An image compression pluginWhen you upload an image, WordPress resizes it for when you want to display smaller images. However, WordPress’s image compression algorithm isn’t the best. Image compression plugins use better compression algorithms to generate images with smaller file sizes without losing quality. This makes your pages load faster and it saves you bandwidth. These plugins run only when you upload images, so you get these benefits for virtually no cost. WP Smush is the most popular image compression plugin. It’s easy to use and it has great design. However, I’m using EWWW because it has far more options. Furthermore, it tells me more information about what it’s doing, whereas WP Smush simply displays a progress bar. Both plugins produce similar file sizes, about 15% better than WordPress’s default algorithm. However, EWWW has options to decrease file size by increasing processing time or decreasing image quality.
An editor pluginWordPress’s default editor is TinyMCE. WordPress comes with only a small number of buttons available in the full TinyMCE editor. For example, it’s missing the button to insert emoticons. TinyMCE Advanced lets you add any or all of TinyMCE’s buttons. It also lets you move around the buttons. There are other editors available such as Beaver Builder and CKEditor for WordPress. However, I like TinyMCE, so I’m keeping it.
The most advanced WordPress forms plugin. Go beyond contact forms with our drag & drop form builder for surveys, quiz forms, and more.