A list of useful WordPress plugins (all free) that I’ve used at times with various websites I’ve developed.

  • Analytics – simple integration of your website with Google Analytics.
  • Antispam Bee – prevents/reduces comment spam.
  • Automatic Plugin Updates – ensures your plugins stay up-to-date to minimise security risks.
  • BackWPup – backs up complete website to e.g. DropBox, S3, etc on a scheduled or custom basis.
  • Block Specific Plugin Updates – useful if you want to explicitly prevent plugins being automatically updated (e.g. if you have enabled auto-updates via Jetpack/Wordpress.com integration).
  • Contact Form 7 – very flexible, can create custom forms or simple forms.
  • Contact Form Database – stores Contact Form submissions in your WordPress database in case of any issues with sending emails
  • JetPack – this is actually a whole suite of plugins really. Includes uptime monitoring, simple stats, plugin and site maintenance across multiple sites. Essential.
  • Postman SMTP – solid integration with GMail, etc, which allows your site to send authenticated emails from your own domain. Also integrates well with transactional email services such as Mailgun.
  • Really Simple CAPTCHA – useful for preventing spam if you’re using Contact Form 7 above.
  • Really Simple SSL – if you have an SSL cert for your domain (and you should, especially when they’re easy to acquire these days thanks to e.g. LetsEncrypt), this simple plugin forces browsers to redirect to the HTTPS variant of your site.  Alternatively, you should configure your webserver (as we do) to redirect non-secure (i.e. http) requests to the appropriate secure (i.e. https) equivalent.
  • Testimonials Widget – provides features such as simple rotating slider (example at the bottom of the main page here) of testimonial-type posts, tables of testimonials (example here), etc.
  • Text Replace – useful for auto-replacing text in post/page content. One example privacy-related use-case is to enter a child’s name in post content, but have that replaced in the published content with their initial, the advantage being that while the full name will be hidden from search engine spiders, if a reader searches for the child’s full name, your site will still find the article for them. Alternatively it can be used to expand a short code (e.g. a TLA) to e.g. a hyperlink.
  • Two Factor Authentication – for all the tinfoil hat wearers out there, this adds MFA to your WordPress logins.
  • User Role Editor – complete customisation of role capabilities.
  • Wordfence – essential WordPress WAF, even as the free version. Blocks and reports on vulnerabilities, outdated plugins, etc.
  • WP Maintenance Mode – useful for displaying simple but fully customisable “coming soon” page, with optional countdown timer, email subscription options, etc.
  • WP Super Cache – caching engine for WordPress.
  • XML Sitemap & Google News feeds – automates production of a sitemap.xml file which can be submitted to Google and other search engines.
  • WP eCommerce – shopping solution for WordPress.  Integrates with PayPal for accepting payments, provides a reasonable amount of customisation of taxes, shipping rates, etc.  The free version has some limitations (e.g. around product listings, number of product photos allowed, etc), but is pretty capable anyway for a free offering.  Used on the Craigieburn Trails website for map sales and donations, etc.  If you’re a developer, it’s set up to be reasonably customisable; for example, I customised the printing of packing slips.
  • WP Mailto Links – if you have mailto links on your site, this attempts to “hide” them from spambots.

I also have a little experience of writing WordPress plugins, having put together a simple plugin providing a status widget for the Craigieburn Trails track network (as displayed in the sidebar on The Doug’s Tracks page here).

If you’re not already using WP-CLI with your WordPress installation, you should be.