tinymcStatistics suggest (March 2016) that almost 25% of the web now runs on WordPress.
With an ecosystem that large, there is an almost endless selection of resources to help you accomplish your online dreams, but the choice of plugins can be a little daunting for beginners (or even veterans).
At Flowji, we set up new WordPress websites every week. In some cases the WordPress install is for a web coaching client and as part of that setup I include the basic plugins I use to manage my own sites.
So here is my list of free plugins – in roughly the same order in which I activate and configure them. This list does not include Premium plugins, which I will cover in a separate post.
The functionality of a number of these plugins is included in the Jetpack by WordPress plugin, but I have not included it, as in the past I have found that it slowed my page load times too much.
I also have not included any Social plugins as most themes I use now include built in Like and Share buttons and I am in the process of evaluating which free plugin I prefer.
1. WPCore Plugin Manager
WPCore is often the first plugin I install when setting up a new WordPress website.
It allows me to manage collections of plugins and then quickly install them on any WordPress website.
You can generate your collections at https://wpcore.com and then import them to your website, saving you having to add each plugin individually.
This is not so important if you are only building a single website, however, you can install existing sets of plugins, including all the plugins listed on this page.
Here is my collection of plugins at WPCore (all featured in this post).
2. Under Construction / Maintenance Mode from Acurax
This is one of the early plugins I activate if I am working on a live domain.
This Under Construction or Maintenance Mode Plugin is a simple and easy to configure Coming Soon Landing Page plugin with great features and customisable options.
There are 5 Responsive Landing Page templates to choose from.
If you are building a new website on a newly registered domain, you may not need to worry about an under construction page, as you may not get any traffic until you do some SEO and start to promote your website.
I like to install Redirection before I start creating content and updating links across the site.
This plugin has been around for years – with over 3 million downloads.
It manages 301 redirections, keeps track of 404 errors, and tidies up any loose ends your site may have.
It is particularly useful if you are migrating pages from an old website, or are changing the directory of your WordPress installation.
4. Webmaster User Role
This plugin adds a new WordPress “Admin” user role between Administrator and Editor.
It is not so necessary if you are the main user and manager of your website. However, if you are building the website for someone else, or have someone working for you and you want to give them some admin privileges, but not others, this is the perfect plugin.
There are other plugins that offer similar capabilities, but I love the simplicity of this one.
In WP-Admin you can:
- Hide / Remove Settings menu
- Hide / Remove Plugins menu
- Hide / Remove Tools menu
- Hide / Remove Users menu
- Disable theme installation
- Disable theme switching
- Hide / Remove Appearance > Editor
- Disable WP core updates
- Hide non-essential dashboard items
5. Duplicate Post
Duplicate Post is one of my most used plugins, allowing me to clone posts, pages & custom post types.
Event websites are one my areas of speciality, with many of my clients using The Events Calendar, and being able to clone events saves them (and me) a lot of time.
I also find it useful when I have worked out a base layout for a post type – events, for example – and want to maintain consistency.
6. Insert Pages
This is another one of my favourite, and most used plugins.
For example, when building the Pulse Brunswick website, the client needed to display the ‘Steps to Booking’ the venue and embedded calendar code on a number of pages, but be able to update it in one single place.
Although Buckets (listed below) supports a similar concept, my preferences for Insert Pages is that the inserted page content can be created with, and maintain the specified layout defined by Visual Composer, one of my favourite Premium WordPress plugins.
Insert Pages lets you embed any WordPress content (e.g., pages, posts, custom post types) into other WordPress content(e.g., pages, posts, custom post types) using the Shortcode API.
7. Post Snippets
Post Snippets works on a similar concept to Insert Pages (above), the main difference being that you can build a library with snippets of HTML, PHP code or reoccurring text that you often use in your posts and pages.
You can use predefined variables to replace parts of the snippet on insert. All snippets are available in the post editor via a button in the Visual and HTML modes.
The snippet can be inserted as defined, or as a shortcode to keep flexibility for updating the snippet. PHP code is supported for snippets inserted as shortcodes.
8. WP Jump Menu
This is a super useful plugin, saving a load of time when you want to move quickly between content within the admin area of your WordPress website.
It adds a drop-down “jump” menu to the bottom or top of the WordPress admin area which allows you to select from a list of pages, posts or custom post types and jump right into editing that page. This saves you having to go to the list page or front end of the site to find the content you wish to edit.
- One click and you’re editing!
- Shift+Click and you’re viewing the page on the front end!
9. TinyMCE Advanced
I use this plugin for 3 primary purposes:
- To make the Visual Editor toolbar (Tiny MCE) become sticky – stay at the top of the page when I scroll. This is especially useful for really long blog posts, like this one here, and I don’t want to have to scroll all the way to the top of the page every time I need to.
- Adding Anchor text.
- Adding Superscript text.
Although there are occasions when I use the other features.
You can add, remove and arrange all the buttons on the Visual Editor toolbar.
It includes 15 plugins for TinyMCE that are automatically enabled or disabled depending on what buttons are chosen.
Some of the other features added by this plugin include:
- Support for creating and editing tables.
- More options when inserting lists.
- Search and Replace in the editor.
- Ability to set Font Family and Font Size.
- And many others.
Read the Green Geeks post on Top Reasons Why You Should Install The TinyMCE Advanced Plugin.
10. Drag & Drop Featured Image
Although this plugin has not been updated for some time, it is still a huge timesaver for me (if it does not clash with other plugins).
It saves you time when setting a featured image by replacing the default “Set featured image” metabox with a new one containing a drop area just like the one found in the media uploader.
Since it uses the default WordPress functions it will compress all sizes just as the regular upload method would and it also respects any custom image sizes.
This plugin is one of the top WordPress plugins, developed by Yoast to improve your website’s on-page SEO. Obviously, it will not help you develop quality content an get backlinks, but it is a great foundation for a well optimised site.
Using the snippet preview you can see a rendering of what your post or page will look like in the search results, whether your title is too long or too short and your meta description makes sense in the context of a search result.
This way the plugin will help you not only increase rankings but also increase the click through for organic search results.
12. SEO Friendly Images
SEO Friendly Images automatically updates all images with proper ALT and TITLE attributes for Search Engine purposes. If your images do not have ALT and TITLE already set, SEO Friendly Images will add them according the options you set. Additionally this makes the post W3C/xHTML valid as well.
As well as being useful for blind website users, the ALT attribute is important part of on-page Search Engine Optimization, describing your images to search engine. When a user searches for a certain image this is a key determining factor for a match.
TITLE attribute play lesser role but is important for visitors as this text will automatically appear in the tooltip when mouse is over the image.
13. Simple Universal Google Analytics
This plugin makes Google Analytics tracking easier. If you want to activate universal tracking for your website, all you need to do is enter your tracking ID in the plugin settings.
I love this plugin for its simplicity. Although most sites I work on today have an Analytics tracking code section in the Theme Options, so a separate plugin for Google Analytics is not necessary.
14. Broken Link Checker
Not only do broken links diminish the user experience on your website, but some say that too many broken links on your website can be detrimental to search engine optimisation.
Broken Link Checker will scan your WordPress website for broken links. It:
- Monitors links in your posts, pages, comments, the blogroll, and custom fields (optional).
- Detects links that don’t work, missing images and redirects.
- Notifies you either via the Dashboard or by email.
- Makes broken links display differently in posts (optional).
- Prevents search engines from following broken links (optional).
Loginizer is a WordPress plugin which helps you fight against bruteforce attack by blocking login for the IP after it reaches maximum retries allowed. You can blacklist or whitelist IPs for login using Loginizer.
Features in Loginizer 1.0.2 include:
- Blocks IP after maximum retries allowed
- Extended Lockout after maximum lockouts allowed
- Email notification to admin after max lockouts
- Blacklist IP/IP range
- Whitelist IP/IP range
- Check logs of failed attempts
- Create IP ranges
- Delete IP ranges
- Licensed under GNU GPL version 3
- Safe & Secure
16. Disable Comments
Another favourite plugin of mine that is slowly being superseded by themes with the ability to disable comments built in, this plugin allows administrators to globally disable comments on any post type (posts, pages, attachments, etc.) so that these settings cannot be overridden for individual posts. It also removes all comment-related fields from edit and quick-edit screens. On multisite installations, it can be used to disable comments on the entire network.
Additionally, comment-related items can be removed from the Dashboard, Widgets, the Admin Menu and the Admin Bar.
17. Wordfence Security
With so many of the world’s websites running on WordPress, it is incentive for hackers to find ways to get inside and create havoc!
Before any site goes live, I configure my SEO, security and caching plugins.
I am still exploring various security plugins and switch quite freely between WordFence and iThemes Security, however, with over 12 million downloads, this security plugin claims to provide ‘free enterprise-class WordPress security’, protecting your website from hacks and malware.
It starts by checking if your site is already infected, then does a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins. Then Wordfence secures your site and makes it up to 50 times faster.
The plugin is 100% free and open source, however, there is a Premium version offering Premium Support, Country Blocking, Scheduled Scans, Password Auditing and more.
This is a brief introductory video for Wordfence:
- Real-time blocking of known attackers. If another site using Wordfence is attacked and blocks the attacker, your site is automatically protected.
- Block entire malicious networks. Includes advanced IP and Domain WHOIS to report malicious IP’s or networks and block entire networks using the firewall. Report security threats to network owner.
- Rate limit or block security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.
- Choose whether you want to block or throttle users and robots who break your security rules.
- Premium users can also block countries and schedule scans for specific times and a higher frequency.
- Sign-in using your password and your cellphone to vastly improve login security. This is called Two Factor Authentication and is used by banks, government agencies and military world-wide for highest security authentication.
- Includes two-factor authentication, also referred to as cellphone sign-in.
- Enforce strong passwords among your administrators, publishers and users. Improve login security.
- Checks the strength of all user and admin passwords to enhance login security.
- Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise security.
- Scans for the HeartBleed vulnerability – included in the free scan for all users.
- Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.
- See how files have changed. Optionally repair changed files that are security threats.
- Scans for signatures of over 44,000 known malware variants that are known security threats.
- Scans for many known backdoors that create security holes including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more.
- Continuously scans for malware and phishing URL’s including all URL’s on the Google Safe Browsing List in all your comments, posts and files that are security threats.
- Scans for heuristics of backdoors, trojans, suspicious code and other security issues.
- Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.
- See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Enhances your situational awareness of which security threats your site is facing.
- Real-time traffic includes reverse DNS and city-level geolocation. Know which geographic area security threats originate from.
- Monitor your DNS security for unauthorized DNS changes.
- Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service.
- Wordfence Security for multi-site also scans all posts and comments across all blogs from one admin panel.
- WordPress Multi-Site (or WordPress MU in the older parlance) compatible.
- Includes Falcon Engine, the fastest WordPress caching engine available today. Falcon is faster because it reduces your web server disk and database activity to a minimum.
- Wordfence includes two caching modes for compatability and has cache management features like the ability to clear the cache and monitor cache usage.
- Fully IPv6 compatible including all whois lookup, location, blocking and security functions.
Free Learning Center
- The Wordfence website includes an in-depth WordPress Security Learning Center.
18. WP Super Cache
I tend to use a number of caching plugins, including W3 Total Cache, WP Super Cache and the premium plugin, WP Rocket on my more important sites (including Host Greener).
I have tended recently towards W3 Total Cache, due to the integration with CloudFlare, however, I recommend WP SuperCache to new users, due to its simplicity and because it is maintained by Automattic.
This plugin produces static html files, so that your webserver will serve that file instead of processing the comparatively heavier and more expensive WordPress PHP scripts.
19. Contact Form 7
My preference for a forms plugin is Formidable Pro, however, if this type of advanced functionality is not needed, I usually recommend Contact Form 7.
It can manage multiple contact forms, allows you to customize the form and the email contents with simple markup.
It supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and there is a range of plugins that provide further functionality and integrations.
and one extra plugin for good luck…
20. Black Studio TinyMCE Widget
If you don’t know how to write HTML – or like me, often cannot recall the exact code required, then putting a link, or image or formatted text into the default WordPress widget can be a journey.
With Black Studio TinyMCE Widget – The visual editor widget for WordPress, you can:
- Add rich text widgets to your sidebars and edit them using visual editor
- Switch between Visual mode and HTML mode (including Quicktags toolbar)
- Insert images/videos from WordPress Media Library
- Insert links to existing WordPress pages/posts or external resources
It makes adding formatted text t a widget easy!