My list of plugins that I recommend. I have divided them into two categories: Highly Recommended, Recommended, and No Longer Recommended. The highly recommended plugins can be used successfully by most WordPress based websites. The recommended plugins provide additional functionality which may be useful in in your site.
- 404 Error Monitor
- Captures 404 errors. This is useful if you have changed your permalink structure, so you can redirect your visitors to pages they are looking for.
- Akismet protects your site from comment, and trackback spam. It is one of the best solutions for spam prevention.
- Click the “Activate” link
- Sign up for an Akismet API key
- Go to your Akismet configuration page, and save your API key.
- Jetpack by WordPress.com
- Provides functionality found on WordPress.com to your WordPress site. This has several features, and is worth using.
- Page Comments Off Please
- This plugin is installed on all new WordPress sites.
- Quick Cache
- WordPress advanced cache plugin; speed without compromise!
- Quick Cache comment garbagecollector
- Add-on for Quick Cache. Will regenerate single page/post caches if a comment has been placed
- Web Ninja Auto Tagging System
- This plugin will automatically make tags.
- WordPress SEO
- This is my favorite SEO plugin.
- WP Smush.it
- Reduce image file sizes and improve performance.
- BulletProof Security
- Website Security Protection. This is my current perferred security plugin.
- Blogroll to Page
- Create pages of links using the WordPress blogroll functionality.
- MailPoet Newsletters
- Create and send newsletters. Import and manage your lists. Add subscription forms in widgets, articles and pages.
- Syndicate Out
- Syndicates posts made in any specified category to another WP blog using WordPress’ built in XML-RPC functionality.
- Easy Digital Downloads
- Serve Digital Downloads Through WordPress.
- Easy Digital Downloads – Bitcoin Currency
- Adds Bitcoin (BTC) currency in Easy Digital Downloads
- Easy Digital Downloads – Free Download
- Bypass Checkout Mechanism For Free Download
- Layered Pop
- Create multi-layers animated popup.
- Syntax Highlighter ComPress
- Syntax Highlighter lets you add different highlights to text.
- Ultimate Tag Cloud Widget
- This plugin aims to be the most configurable tag cloud widget out there.
- MailPoet Newsletters
- Manage mailing lists, and send mass emails, like newsletters.
- Meteor Slides
- Create Slideshows.
- Summary: Excerpt Extraction
- Creates summaries of your posts.
- Ultimate Noindex Nofollow Tool II
- Allows you to set noindex and nofollow on specific pages, posts, and archives.
- WP Post Series
- Adds a new taxonomy of a series of posts.
- Weaver II
General WordPress Links
(Education, Tutorials, Documentation, Support)
learn.wordpress.com – Tutorials
codex.wordpress.com – Documentation
wordpress.tv – WordPress Related Videos
wordpress.com/support – Support Forums
Links to Specific Help Pages
http://codex.wordpress.org/Hardening_WordPress – How to Secure a WordPress based Website
http://thematosoup.com/tips/wordpress-security-htaccess – Securing WordPress
http://www.gtmetrix.com – Test website for optimization of site
http://sitecheck.sucuri.net/scanner/ – Online malware scanner
http://www.ip2location.com/blockvisitorsbycountry.aspx – Tool to Allow you to create .htaccess code to block based on country
Securing a WordPress site can be complicated, but there are two items which can help dramatically each day:
Change the Admin Username away from admin
Change the database table prefix to something other than wp_
This is one of the first things I do when I make a brand new site, but if you have an established WordPress site you can make use of Better WP Security to do this.
WordPress like all database driven websites is vulnerable to attack through vulnerabilities in the code. Since WordPress will always have vulnerabilities it is important to keep WordPress, the plugins you use, and themes updated, and your passwords secure. One part of securing a password is to use a strong password (8-12 characters long with at least 1 uppercase letter, lowercase letter, number, and symbol).
Steps to Secure a Site
Remove files you are not familiar with.
Keep code updated
Remove unused scripts
Monitor file permissions
Hide configuration files
In the php.ini file make the following changes:
Set ‘register_globals’ to Off.
Set ‘display_error’ to 0 or Off.
Remember to confirm all user inputs. Items on Forms, in URLS and so on. Remember to make use of access Control. Keep users away from admin areas, and other places they do not need to be.
Make use of .htaccess to block known bad users, or the IP ranges of countries that you do not want accessing your website. Better WP Security is able to add some black list ips to your .htaccess. You can also make use of some free services create code for the .htaccess file to block access to certain countries. This may be useful if you see attacks coming mostly from certain countries and you do not need traffic from those countries this can be a useful tool to protect your site.
Increase Speed and Efficiency of WordPress
Occasionally when your site gets a large number of simultaneous visitors the site could appear down due to the overwhelming number of php processes running on the server. There are a couple of ways that you can combat this. You can install a caching plugin, like Hyper Cache or Quick Cache. You can also use CloudFlare with or with out a caching plugin to improve the loading speed of your site.
Using a pre-existing subdirectory install
If you already have WordPress installed in its own folder (e.g., http://example.com/wordpress), then the steps are as follows:
Go to the General panel.
In the box for Site address (URL): change the address to the root directory’s URL. Example: http://example.com
Click Save Changes. (Do not worry about the error message and do not try to see your blog at this point! You will probably get a message about file not found.)
Copy (NOT MOVE!) the index.php and .htaccess files from the WordPress (wordpress in our example) directory into the root directory of your site—the latter is probably named something like www or public_html. The .htaccess file is invisible, so you may have to set your FTP client to show hidden files. If you are not using pretty permalinks, then you may not have a .htaccess file. If you are running WordPress on a Windows (IIS) server and are using pretty permalinks, you’ll have a web.config rather than a .htaccess file in your WordPress directory.
Move (DON’T COPY) the wp-config.php file to your root directory.
Edit your root directory’s index.php.
Open your root directory’s index.php file in a text editor
Change the line that says:
Countries with Lots of Hackers
WordPress Database Information
The options table will tell you the SiteURL, the template and stylesheet used. You can change the theme by changing the stylesheet and template line.
What are your WordPress tips?