WordPress functionality can be extended by using plugins.
A plugin is a bit of code that can be added to your WordPress blog that adds some extra functions like a slideshow, a video player, or even social media share buttons. Plugins are also made for securing your wordpress, advertising, and site speed or performance.
Depending on the situation here are some of my favorite go to plugins for WordPress.
Updated: Securing your WordPress Blog: Security Plugins
Better WP Security This is my new go to security plugin for WordPress. Jim Walker at HackRepair.com showed this to me and I was just blown away. The key feature here is that it automates some of the more difficult tasks like completely hiding your admin area with one click of your mouse. Another key feature to me is it has a built in block bad bots file. I used to have to add this manually, but not anymore.
Most WordPress blog attacks are a result of plugin vulnerabilities, weak passwords, and outdated software. Better WP Security will hide the places those vulnerabilities live keeping an attacker from learning too much about your site and keeping them away from sensitive areas like login, admin, etc.
- Remove the meta “Generator” tag
- Change the urls for WordPress dashboard including login, admin, and more
- Completely turn off the ability to login for a given time period (away mode)
- Remove theme, plugin, and core update notifications from users who do not have permission to update them
- Remove Windows Live Write header information
- Remove RSD header information
- Rename “admin” account
- Change the ID on the user with ID 1
- Change the WordPress database table prefix
- Change wp-content path
- Removes login error messages
- Display a random version number to non administrative users anywhere version is used
Be sure to check out Jim’s article WordPress Security Plugins Revealed for a thorough breakdown on each one of these security plugins for WordPress.
- BPS Security – Bulletproof security is a great plugin with many features. It adds a very robust security filter. Website security protection against: XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking are stopped cold. It also provides a htaccess file editor, very handy for adding the perishable press 5G anti bot file. And I highly recommend adding the 5G anti bot it will stop a lot of traffic coming from bad places.
- WordPress Firewall – I use this to secure sites where set it and forget it type of configuration is needed. If the site owner is not well versed on htaccess files this is the plugin you want. Minimal configuration and fool proof security. Has a email option to email site owner on detecting an attack.
Web site speed and SEO
WordPress is great for (SEO Search Engine Optimization) but it can be even better with the right plugin. If WP has any drawbacks it would be site speed. WordPress is dynamic and depending on what a user might be doing on your site, many requests are made between the browser, the application, and the database.
- WordPress SEO by Yoast – In my experience this is by far the best SEO plugin for WordPress. It handles a lot of SEO duities easily and gives extra fields on page and post screens to further optimize specific posts. Snippet preview shows you how your post will display on SERP, Search Engine result Page. Has fields for Google, Alexa, and Bing verification tags. Facebook and Twitter meta and Google Authorship. Very easy to use and configure.
- W3 Total Cache – Great plugin and well thought out. Provides a lot of functionality with browser, page, object, database, minify and content delivery network support. requires a lot of configuration but even with minimal configuration it provides a robust caching system. W3 Total Cache improves the user experience of your site by increasing server performance, reducing the download times and providing transparent content delivery network (CDN) integration.
- WP Super Cache – Great plugin, reduces requests on the server by producing static html files to replace dynamic wordpress content. Site speed is very crucial for great SEO performance. Instead of WP having to create every page on the fly, WP Super Cache creates static versions of posts and pages and delivers them to the user. Requires a bit of configuration to achieve optimal results.
Spam, stopping comment spam, spambots, and robot registrations
Spammers are rampant on the Internet and they like to spam WordPress. here is how to stop them.
Akismet – Provides the best spambot protection. Free and professional versions available. Akismet monitors every blog using it and compiles the spam reports into a database. when a spammer comes to your blog it is checked against this database, if there is a match, spambot is denied access.
Spam Free WordPress – SFW is very similar to Akismet and provides excellent protection from spambots. You have to register for a free key and then you can use that same key on multiple WordPress blogs. Very nice.
For some reason there are spambots that find your registration form and proceed to do automated signups. You will recognize them as they usually appear as vbtyus or any kind of nonsensical combination of letters.
- WP-reCAPTCHA – Very well designed plugin. Utilizes the familiar re-CAPTCHA that I am sure you have seen on many sites. Integrates reCAPTCHA anti-spam methods with WordPress including comment, registration, and email spam protection. Requires a key from Google re-captcha but it is super easy and simple to get. Highly recommend.
- Cartpauj Register Captcha – I also use this plugin a lot. Especially when you need set it and forget it type of configuration is needed. It does one simple task, and does it well. It adds an extra CAPTCHA field to the registration form in WordPress. There are no settings to configure or get confused with. Just activate and watch those SPAM sign-ups fade away!
Backing up your WordPress
Backing up your blog is easy and really worth the time to set it up. That way if you ever have a problem you have a backup.
WP-DBManager – Allows you to optimize database, repair database, backup database, restore database, manage backups , drop/empty tables and run selected queries. Supports automatic scheduling of backing up, optimizing and repairing of database.
I have used every one of these WordPress Plugins extensively and they do a great job. When I setup a site these are the ones I use. Please contact me if you need any more information.