WordPress is the most popular content management system ever released! It powers over 25 million self-hosted websites as of April 2015 and on average each website will use around 17 plugins. The plugin repository at WordPress.org has thousands of plugins to choose from and is a daunting task for WordPress beginners, so what should a beginner look for when downloading a WP plugin?
- Yoast SEO
- Contact Form 7
- Toggle wpautop
- CYAN Backup
- Optimize Database After Deleting Revisions
- DevBuddy Twitter Feed
Picking the right plugins
I’d say whenever picking a plugin you should always consider:
- Last Updates: When was it last updated? Out of date plugins can cause security issues
- Regular Updates: How often is the plugin updated, regular updates can indicate that the author is serious about the plugin and much more likely to have the latest security patches against WordPress vulnerabilities
- Reviews: Read through the reviews and find out what other webmasters think of the plugin
- Support: Check out their forum support… is the plugin active and well supported?
- Features: Does the plugin do what you need it too do? Does the plugin do more? Sometimes you may not want more! More can sometimes lead to security risks
Ideally you should always aim to use as few WP plugins as possible because the more code you have the more potential code you have that could be exploited. Also, don’t get sucked in with the myth that disabled plugins means you don’t have security loop holes, this is not entirely true. Your find lots of information regarding how to harden your WordPress online, heres a similar question I read a few years ago on the WordPress Development Stack.
A plugin that has security holes is a problem, whether or not it is activated. So here are some reasons why it is often recommended to remove plugins that you aren’t using.
- If you have plugins that you aren’t using, you often don’t care about keeping them updated. As a result, they won’t get any security updates, and that will be a vulnerability on your site. People often think that a plugin that is not running can’t negatively affect your site, but in the case of security, an attacker can exploit a security hole in a plugin that is installed, even if it is not activated.
- Think about why the plugin is not running in the first place. If it is a plugin that you use regularly, and you just turn on and off as needed, that is fine. However, it could be a plugin that didn’t work right, or is no longer being maintained. This second category of plugins are especially a problem for security, as they are often the source of security holes.
If your deactivated plugins are actively maintained and are kept updated, they aren’t a problem. But if you have plugins installed that aren’t being used and aren’t being updated, it is best to remove them.
Lets Plugin and GO!…
Enough with the introduction let’s take a look at the best plugins recommended by BYBE.
I strongly believe that the best free WP plugin available to date is Yoast SEO, why? Simply because it’s awesome! But don’t just take our word for it just yet. WordPress out of the box is pretty good at handling SEO when compared to other content management systems like Joomla, but sadly there are many missing SEO features.
Yoast’s plugin will give you new features and better SEO control on the features already offered by WordPress core. This plugin will add open graph to your WordPress install which is supported by Facebook, Pinterest, Linkedin, Twitter and Google Plus. It will also allow you to force titles and meta descriptions with ease. Other wicked features include XMP Sitemaps, breadcrumbs, RSS handling and much more!
One of the best WP plugins around is Contact Form 7 (CF7), this plugin is absolutely awesome for any website that requires a contact form. Takayuki Miyoshi authored Contact Form 7 many years ago and now has a whopping 1+ million installs. CF7 allows site administrators to easily add a contact form to their WordPress install. What we love about this plugin is the ability to easily add, remove and create input fields.
Out of the box CF7 is pretty awesome! And will play nicely with most responsive frameworks. Using Bootstrap, Skeleton or ZURB you can simply add the form input fields into your grid. A superb ZURB Foundation 5 example would look something like this:
<div class="row"> <div class="medium-4 columns show-for-medium-up">Your Email:</div> <div class="medium-4 columns">Your Name:</div> <div class="medium-8 columns">[text* text-420 placeholder "John Doe"]</div> <div class="medium-4 columns show-for-medium-up">Your Email:</div> <div class="medium-8 columns">[email* email-178 placeholder "[email protected]"]</div> <div class="medium-4 columns show-for-medium-up">Mobile Tel:</div> <div class="medium-8 columns">[tel* tel-899 placeholder "07771234567"]</div> <div class="medium-12 columns">[textarea* textarea-223 placeholder "How can we help you today?"]</div> <div class="medium-12 columns">[submit class:right class:button "Send"]</div> </div>
We designed our unique minimalist contact page using Contact Form 7 and highly recommend this plugin. Should you want any tips on styling your forms then please don’t hesitate to leave a comment.
Next up we have Toggle wpautop on our list, simply because we use it on every WordPress website design project. WordPress uses wpautop by default basically which adds a filter that changes double line-breaks in the text into HTML paragraphs on both the content and the excerpt.
Because we often code WordPress themes using a responsive framework in an HTML editor such as Sublime Text, when we copy and paste page content in… WordPress can mistakenly attempt to correct our code when in fact it doesn’t need correcting. Toggle wpautop allows us to disable filter on posts and pages where wanted or needed.
So why not just disable wpautop using this code in your functions.php?
remove_filter( 'the_content', 'wpautop' ); remove_filter( 'the_excerpt', 'wpautop' );
Simply because this will disable wpautop on the entire site, we want our customers to be able to blog and wpautop is absolutely great for people with little to zero knowledge about HTML.
CYAN Backup is a superb WordPress plugin because it makes backing up WordPress easier without having to constantly login to phpMyAdmin, SFTP or your web hosting control panel. Greg Ross authored CYAN Backup and was originally a fork of Total Backup.
Surprisingly CYAN Backup only has 2,000+ installs and a handful of reviews, but it’s fairly new and I’d expect this number to dramatically improve in the coming months. The great thing about CYAN Backup is that you can schedule your WordPress backups and other great features include:
- Artifical delay
- Disable ZipArchive
- Split DB backup file
- Backup Pruning
- Number of backups to store being pruning
- Remote backup to FTP or SFTP servers
- Email notifications
Rolf van Gelder from the Netherlands released this awesome plugin and this tiny plugin will help you optimise your WordPress database with just one click (after initial setup). It can revisions, delete trashed items, spam items, unused tags, pingbacks and trackbacks.
An awesome feature of Optimize Database after Deleting Revisions is that you can schedule your clean ups, simply choose from hourly, twice a day, daily and weekly from the dropdown box. I highly recommend that you do keep some page revisions (I personally keep 5).
Twitter has actually released their own official Twitter WordPress plugin but I find to limited in features. The DevBuddy Twitter Feed WP plugin is coded by Eji Osigwe has more features. This plugin will allow you to embed tweets within your widgets, posts, pages and template files.
You will need a Twitter developer account to use this plugin, because you will need to use Twitter’s REST API which requires a customer Key (API Key). To sign up as a developer on Twitter you will need to confirm your mobile number, so do so before trying. Simply create a new app and Twitter will then allow you to create an oAuth/API key.
All plugins on this page are or have been used on our web design projects