What are the top five plugins you install on every site

(Cullen) #1

One of my favorite things is hearing people share what plugins they use on a regular basis so I thought I would toss that question out to everyone as well. Hopefully we can all find some cool new plugins as well. Here are my top five:

Gravity Forms - It’s a commercial plugin, but it’s my go to for forms.
BruteProtect - You might be amazed how many unauthorized attacks you get (kinda scary actually) This guy helps block them
LeadIn - Recently started adding this to my sites to see how visitors use the site
WP Migrate DB Pro - I can’t begin to tell you how much time this plugin has saved me during dev (and after).
Launch Check - I use this plugin when launching a new site to make sure I didn’t miss anything obvious. (Disclaimer - I built this one to help me stop making stupid errors)

I would love to hear what you are using. Please post your top five in the format below.

Plugin Name - Description / Why you use it.


A list of essential plugins all new WordPress websites should feature
(James Huff) #2

Great idea!

Jetpack - so many useful features.
Akismet - keeping the spam away.
VaultPress - automated backups for peace of mind (and to recover from my own mistakes).
Google XML Sitemaps - XML sitemaps are great, and so is this plugin if you don’t want to bother getting lost in everything else SEO.
Google Authenticator or Authy - something for two-factor authentication, final decision depends on the site and how I feel at the time.

Disclaimer: I work for Automattic, who makes Jetpack, Akismet, and VaultPress, but I’d still use Jetpack and gladly continue to pay for Akimset and VaultPress even if I didn’t.

(Jeff C) #3

If I started up a new WordPress site, I’d definitely install the following plugins. Oops, I have six. Guess you got a bonus one :smile:

Simple Comment Editing - It gives anonymous users the ability to edit and/or delete their comments for a period of time.

Jetpack because I use a lot of the stuff in it

Akismet just because

Public Post Preview because it’s the simplest way to give someone a private link to review a post that hasn’t been published yet

Publish Confirmation because I can get trigger happy with the publish button

Google Analytics From Yoast so I’m not adding the code to the theme.

(Jeff C) #4

By the way, I think browsing around sites like https://wpcore.com/ where you can view public plugin collections is neat.

(Brian Ross) #5

Have you played with the new free version in the repo?

(Jeff C) #6

I too love WP Migrate DB Pro because it automatically does the search and replace for you during the creation of the database.

(Leland Fiegel) #7

Let’s see…

Always gotta go with Yoast SEO. Mainly just for the custom title and meta description features. Occasionally set up the OpenGraph stuff.

I like Spam Destroyer for blocking botspam, which I’ve found to be extremely effective. Akismet is great too, but I’d rather not waste my API key on a site that’s not specifically targeted by more sophisticated spammers yet. Even brand new sites with absolutely no real people traffic are immediately hammered. I find that amazing.

I try to keep my plugin footprint light, but depending on the site, I might install a few of these:

Subscribe to Comments. The old school Mark Jaquith version. Essential for keeping commenters engaged. I considered using Jetpack for this, while they handle the email delivery…I think some audiences would find the WordPress.com branding confusing. I’d consider it (even for a premium hint hint) if they let us customize the logo or something. I personally feel sketchy sending emails from my own server, would rather somebody else handle email delivery.

MailChimp for WP. I’ve found this to be better than the “official” MailChimp plugin, which I use it for my newsletters.

I’ve never used it before, since my WordPress sites tend to be pretty light on images, but I would definitely consider using Jetpack’s Photon module as a free image CDN. I think that’s an insanely valuable feature.

(Olaf Lederer) #8

I’m very surprised that I didn’t see so a cache plugin so often, here is my list:

  1. WP Super Cache (no comments)
  2. Wordpress SEO by Yoast (it’s so complete incl. Google Sitemap, breadcrumbs, etc.)
  3. Redirection (it’s not only good for redirecting, but also monitors them and reports 404’s)
  4. WP Mail SMTP (Use always a SMTP server for all your Wordpress mail messages)
  5. Smart WYSIWYG Blocks Of Content (Don’t get scared, it’s not updated for years and it’s still goed. A basic concept and a huge time saver)

Okay and #6 is a pretty new one, which I will use almost on any future website :smile:
Ajax Contact Form by finalwebsites

(Olaf Lederer) #9

Hi Leland, Spam Destroyer sounds interesting. But it looks like to me that the spam bot can still access your site right?
Actually, I like to keep spam bots outside like the way with cloudflare.

(Leland Fiegel) #10

That is correct. I have heard good things about Cloudflare, but never used it before. I agree, it would make more sense to block them at the DNS level rather than basically just honeypotting them at the comment submission.

(Olaf Lederer) #11

I used Cloudflare several times, but I don’t like the idea to connect my websites by a network that gets the most attacks a day on the internet :smile:
If you have a website where you can’t handle the traffic, try cloudflare (great if your site wil get mentioned on national television)

(Thomas Hoefter) #12

Here is what I currently use on most blogs:

  1. WordPress SEO by Yoast.
  2. WordPress Simple Firewall - has just replaced Akismet for dealing with spam and I like it very much so far.
  3. Clean and Simple Contact Form - I only need a basic contact form for each site and this plugin does a good job for that.
  4. ImageInject - is my own plugin but I do honestly use it on every site to quickly find featured images for new posts now.

(Niels van Renselaar) #13

I almost always start with Limit Login Attempts. Just because I know how many bruteforce attempts are done daily. As a hosting provider I notice thousands of requests to wp-login.php every hour. Next up is WordPress SEO followed by Akismet. For almost every project I’d like to use Gravity Forms. Last up is mostly TinyMCE Advanced to clean up that bar and disable removal of empty P.

(Cullen) #14

These are awesome. This thread is doing exactly what I wanted which is introducing me to new plugins. I hope you all feel the same.

@MacManX - I’m definitely going to check out Authenticator. Since they’ve added two-factor to VIP, I’m really hoping it gets worked into core.

@Jeffro - Public Post Preview and Publish confirmation look like they will be making it into my installs. wpcore.com is awesome too!

@est73 - I haven’t yet, but now I’m going to. I love that plugin.

@finalwebsites - Redirection is one of my favorites. The 404 logs are great.

@thoefter - ImageInject sounds awesome. I’m going to be trying it out shortly.

@nielsvr - I forgot about Limit Login Attempts. I’ve used that quite a bit in the past. Unfortunately I’ve had too many clients that forget their password and then end up locking themselves out. I have to be a little more cautious of which sites I put it on.

Thanks everyone! Can’t wait to see more.

(Jeff C) #15

Regarding limit login attempts, you should check out a free plugin/service called BruteProtect. Why fight the problem alone when you can crowdsource it!

(Olaf Lederer) #16

I block access to wp-admin and wp-login.php by using deny/allow in htaccess. This is the best solution for most websites (with only a few user accounts)

(Leland Fiegel) #17

No idea how I haven’t heard of this before. What a great idea! Like Akismet for bruteforcing.

I was going to ask what their monetization plan is, it looks like they have some “pro” features which seems like a ManageWP/WPRemote like service.

What do you think of services that block these sorts of brute force attacks at the DNS or server level? I’d rather this traffic not even reach my login page (this was sort of mentioned above with Akismet/CloudFlare).

Speak of the devil, Automattic acquires BruteProtect
(The Dragon) #18

I prefer to use services like CloudFlare or Incapsula to block higher up. It’s just one part of their offering. And depending on the service, you can configure it to show CAPTCHAs or not.

(Niels van Renselaar) #19

I’m familiar with BruteProtect and believe I spoke with one of the developers at Wordcamp Europe last year. I’ve used it sometimes, but it has not yet replaced the lightness and simplicity of LLA.

(Kakoma) #20

Very interesting discussion. I’ve never used some of the plugins mentioned; discussions like these help a lot
Mine are:
Disqus For a great commenting experience that supports user sign-ins with a host of other social media platforms
Yoast Because it’s amazingly good at strong-arming SEO
and because new users can’t have more than 2 links in a comment (newuser-cist ), I’ll add the rest in another comment