Getting Optimized and Securing Your WordPress for Beginners

When you're searching for plugins in WordPress the number and variety that exist can be intimidating. For example, looking for a cache plugin yeilds 3,382 results. Below are some of the best wordpress plugins for 2018 that we reccomend for optimizing and securing your WordPress site. If you want to speed up WordPress site and make sure it's secure, then check out the plugins below.

General Configuration

  • Contact Form 7: One of the most popular contact forms for WordPress is Contact Form 7. In the settings you can enable reCAPTCHA as an integration to reduce spam.
    google-reCAPTCHA-web-design
  • Contact Form CFDB7: Never miss a contact form submission. This plugin stores all contact form submissions in an easy-to-navigate database.
  • Insert Headers and Footers: Among other uses, Insert Headers and Footers allows you to add HTML tags to the header for the purposes of verifying your website with Google Webmasters Tools.
  • Under Construction: This plugin will put your website behind a construction wall while you work on it or make updates. You must turn it on after activation. In the settings menu you can choose from a variety of custom themes and configurations.
    under-construction-website-design-wordpress
  • Post Tags and Categories for Pages: This plugin allows you to add WordPress tags and categories to your pages, which is useful for both navigation and SEO purposes.
  • HTML Page Sitemap: The HTML Page Sitemap plugin creates an HTML Sitemap which can be shown with a shortcode. Place shortcode provided by the plugin with a new page and link to that page in your footer.

WordPress Optimization

  • WP Fast Cache: Enable this in the plugin settings after activating. WP Fast Cache has a very quick and straightforward setup.
  • Yoast: One of the most important plugins for making sure your website has properly done SEO. Check out this tutorial for a guide for configuring Yoast. With this plugin, making sure your your meta descriptions and titles and on-page SEO is fully optimized.
  • Smush Image Compression and Optimization (aka 'WP Smush'): Straightforward setup. Turn on image scaling in settings for further image optimization. There's not purpose in serving an image that is 6000 pixels wide when the average monitor is 1280 x 1024.
  • Heartbeat Control: Reduce or disable WordPress heartbeat. Turn this feature on in plugin settings. Learn more about WordPress heartbeat here.
  • Beter Search Replace: We use this tool to replace instances of "http://" with "https://" to make sure we always get the green padlock.
    greed-padlock-ssl-firefox-webdesign

Design

  • Page Builder by SiteOrigin: Our favorite page builder.
  • SiteOrigin Widget Bundle: Essential plugins for the SiteOrigin Page Builder..
  • Better Font Awesome: Better way to install font awesome, allowing for simple placement of social media icons, etc.
    font-awesome-social-media-icons-open-wave-digital
  • Custom CSS and JS: Our favorite plugin for adding custom CSS and Javascript. Simply navigate to the Custom CSS and JS menu items to start adding custom code.
  • Ultimate Shortcoses: add buttons, tabs, menus, and accordions with ease with this list of shortcodes. No configuration necessary.

WordPress Security

  • WordFence: Essential security plugin. Follow installation steps in settings. Turn off real-time monitoring for help on performance issues.
  • WPS Hide Login: Nice plugin that allows you to change the default login page making it more difficult for bots and crawlers to locate and attempt to brute force login on your site.
  • Security Ninja: This plugin makes sure your bases are covered with some often overlooked security flaws.
  • BBQ: Blog Bad Queries: Security plugin that blocks supecious queries such as attempted SQL injections. No configuration necessary.
  • Google Captcha (reCAPTCHA) by BestWebSoft: Add reCAPTCHA to your login page, comments section, reset password, etc. Configuration necessary.
  • Disable XML-RPC: Unless you are using 3rd party apps to post or connect with wordpress, you likely do not need the XML-RPC function. As this file is a common target for malicious actors, it is sometimes a good idea to disable it.

MISC Plugins

  • All-in-one WP Migration: Very useful for making backups and migrating your database if need be.
  • WPcore: After you finish installing your plugins, check out WPCore to save your collection for installing on other sites.

Bonus: Optimizing for Speed and SEO

  • GTMetrix: GTmetrix is an awesome free online resource for seeing what's slowing down your website, and gives suggestions for how to speed it up.
  • SEM Rush Free Version: SEM Rush is a popular tool used by SEO experts that provides SEO analysis, as well as some other useful tools, which will get your better placement on Search Engine Ranking Pages (SERPs).

With these plugins and additional tools, you should be well on your way to building an awesome WordPress site.