Plugins are a double-edged sword. They can add huge amounts of features to a WordPress site that no one in their right mind would want their developer to create from scratch. On the other hand, they can bring your site crashing down with a vulnerability or by becoming outdated, which can cause an error so wild that a visitor only sees a white page when they visit your site.
Before I dive into my list, some seasoned users will notice a few they probably use as missing. Those are explained in my previous article on when to use a plugin.
If you’re not using Akismet, you’ll know it before long. You will soon be getting spam comments out the ying-yang and then send your developer an e-mail, nearly in tears. Akismet is the centralized anti-spam plugin made and maintained by the creators of WordPress, Automattic. It realistically catches 99% of spam now and I’ve seen numbers as high as 250,000 blocked spam comments on one of my clients’ sites.
Better WordPress Google XML Sitemaps
Every site should have a sitemap for SEO purposes – it’s the file(s) search engine bots seek out to index a site. The most popular sitemap plugin, Google XML Sitemap Generator, puts quite a strain on the database of larger sites, but BWP works differently in the backend.
As far as I’m concerned, those two plugins are a requirement for every site and everything else is debatable with varying degrees of usefulness.
Limit Login Attempts
Limit Login Attempts is one of two major plugins used to stop brute force attacks on one username. After a customizable number of attempts, it locks out an IP address for a customizable time. After that, an even longer time. The other (Login Lockdown) also has a setting to hide the message that the username is not found (which tells them, by reverse application, when they are trying a valid username), but I’ve had clients locked out when using a correct login, causing me to reset lockouts. It also hasn’t been updated in over 2 years.
Hotfix is a plugin to push critical bug fixes to your WordPress install before they release an official update. It doesn’t happen very often, but when a bug is affecting your site, it really makes things better. It’s so small and isn’t a security risk, it’s a good plugin to have installed on all of your sites.
WordPress SEO by Yoast
I don’t like only promoting premium plugins when most people can do fine with a free plugin. WordPress SEO by Yoast is one of them, which I recommend as a free alternative to the premium Scribe SEO plugin. It’s definitely not lacking in features and (when used properly) will get you the SEO results you want. Be sure you enter both SEO values for the site/homepage and your pages and posts. It takes everything working together to make a complete SEO package.
Unless you’re using a theme like the Genesis framework that includes SEO fields on every page and post, you need to have an SEO plugin. No excuses. No exceptions. Don’t reason that 2, 3, or 4 SEO plugins are better than having one, either. Stop that.
W3 Total Cache
Any site on shared hosting, VPS, or dedicated host needs to have caching (managed WordPress hosts handle caching for you). Caching plugins have unique options, and shared options among them, so they’re all a bit different. I prefer W3 Total Cache because I’m the sort that likes all of the options (there are good articles on the options available just a Google away). It does a really good job and has an easy option to setup a CDN and other technical things.
In the near future, I’ll continue discussions about plugins with my favorite Genesis-specific plugins and my favorite premium plugins. If you don’t want to wait for the latter, just take a gander at my sidebar. I use them all and either install them on every personal and client site or the vast majority of sites.
Oh, and enjoy that 6th plugin – I like titles that begin with “5” more than “6” in the majority of situations. That’s how I roll.