Don’t get me wrong: WordPress is awesome, but it’s not perfect. Starting from humble beginnings in 2003 as a fork of some blogging software that powered an estimated 2,000 websites, WordPress has grown to become the most widely used content management system on the planet. At time of writing, WordPress powers over 75 million websites, including nearly half of the top 100 blogs on the Internet. An estimated 22% of all websites on the Internet run on WordPress. Yup. You read that right: a fifth of all websites run on WordPress. One in five. One, two, three, four, WordPress…
One of the reasons that it’s so popular is its near-infinite customisability, due in part to the awesome plugin system baked into its core. Through plugins you’re able to do anything you want with WordPress from something simple like adding share buttons to a blog post or even turning it into a fully functional ecommerce website. And WordPress has a lot of plugins – just over 40,000 and growing daily – so it won’t surprise you to know that whenever we spin up a new WordPress installation we always find ourselves reaching for a few favourites. So without further adieu (and in no particular order) I present our list of Five WordPress plugins that we (quite frankly) couldn’t live without.
Advanced Custom Fields Pro
Go on. I’ll wait.
Done it? Great. Let’s continue. Advanced Custom Fields (ACF) helps you create custom user inputs for the WordPress admin area really quickly; images, datepickers, text inputs and the like are a doddle to create. It’s orders of magnitude faster than using the native WordPress API and sorts out a bunch of stuff like creating meta boxes, saving and retrieving information and other boring things that you’d have to do manually. It also makes it stupidly easy to dictate where your new fields display (i.e. on certain page templates, or only on posts) and it’ll also help you create new fields for users too. But this is just the standard, free version; ACF Pro turns it up to 11.
I’ve got two words for you: repeater field. If you’ve ever wanted to give the user the ability to add as many pieces of similar content as they want (think of a meet the team page where each team member has a picture, name, position and bio) then you need a repeater field. Two more words: options page. This is the one to reach for when you want to create a top-level admin page for site-wide options, and the options that go with them – think site-wide banners or contact details in a footer – and because it’s using the ACF editor, everything can be knocked up super-quick.
Check out all the other amazing features on offer at the ACF website: http://www.advancedcustomfields.com/
WP Migrate DB
Unless you’ve developed the uncanny art of coding straight on to the development server and never, ever making a mistake, you’ll probably employ a workflow that has several different versions of the same website; one locally that’s being actively developed, one on some sort of staging environment and the actual production version of the website. Now we’ve got fantastic tools like Git to help us keep the braces and brackets in check, allowing us to maintain multiple versions of the same code base and making it easy to deploy to our environments, but when it comes to keeping the data in check, we quickly hit a few more snags.
An anecdote: so back in the day when I was kneehigh to a grasshopper trying to scratch a living turning WordPress websites for a dime, I used to think that if I was moving a site from
example.com all I had to do was export the database, do a quick search and replace and hey presto – site migration complete. That was until I built this one real fancy site that used text widgets, all of which promptly disappeared after importing the database. And it was on this most painful of days that I learned about serialized strings, why search and replace just wouldn’t cut it and how nuts it was that I hadn’t come across any errors (that I’d noticed) up until this point. It was also the day that I learned about WP Migrate DB: saviour of serialized data.
WP Migrate DB will search, replace and update the serialized string counts of any string you give it, across all of WordPress’ database tables. The most common use-case is when you want to go from
http://example.com — it’s not only the domain that changes, but there are also references to the local path to certain things, so
c:\wamp\www\example might need to become
/var/www/vhosts/example.com. WP Migrate DB will handle this nice and seamlessly for you and give you a zipped SQL file that you can upload to your next environment. There’s also a Pro version that lets you push and pull directly from site-to-site, saving you even more time. Pro version starts at $90: https://deliciousbrains.com/wp-migrate-db-pro/
Spam is a blight upon society. An unfortunate side-effect of our drive to leverage the power of electronic machines to do good for us and improve lives, is that there are people who would do bad with such power.
People such as spammers.
Spammers are bad people.
And they cost us money. Like lots of money. I’m not kidding; research outfit Nucleus Research estimates that spam costs around $70billion a year in the U.S. alone. Now imagine what a wonderful world we would all live in if companies spent more time creating awesome products and delivering amazing services instead of fighting spam.
The problem with the success of WordPress is that it makes a very big, easily identifiable target for spammers of all kinds, but one of the most prevalent types of spam is comment spam. Whether it’s trying to flog you some fancy trainers, or linking back to some nefarious blog, comment spam is a massive drain on time but luckily there’s a way to take the sting out of managing it.
Antispam Bee (see what I did there?) is a free and open source solution which silently checks all incoming comments on your website and accurately detects and marks the spam messages appropriately. Just download, install and activate to start enjoying the benefits of whatever magical trickery the guys and gals over at Pluginkollektiv use to determine the spamminess of comments. It’s also the closest thing that I’ve seen to a zero-configuration plugin. This thing just starts working straight out of the box. I can’t remember ever having to go to the settings page to configure this, but I’m assured that it’s got tonnes of features like excluding trackbacks and IP address validation.
The plugin is available on the WordPress plugins repository, and actively developed on GitHub: https://github.com/pluginkollektiv/antispam-bee
Remember those spammers that I was talking about earlier? Well they’re not just trying to push designer sunglasses or virility enhancing medicinals on the masses. They’re clever people, often with expert levels of programming knowledge. Comment spam is arguably the most visible output, but the same techniques that can be used to post 1,000 spammy comments to your blog can also be used to post 1,000 usernames and passwords to your login script, or try and exploit an older plugin with a security hole. Any of these situations are bad news for your server and your websites: even if they’re unsuccessful in guessing your username and password, for instance, the amount of junk traffic that your server is trying to deal with – all those ‘login failed’ responses – take up valuable server resources and reduce your server’s capacity to respond to legitimate traffic, meaning that your website stops responding to your regular users.
Whilst there’s a lot of defensive measures that can be implemented on the server itself, there’s a bunch more that can be done within the application itself, such as limiting login attempts, running a software firewall to maintain IP block lists and scanning your website for vulnerabilities. This is where WordFence comes in: it provides a comprehensive suite of defensive, preventative and proactive security measures which you can use to protect your WordPress website. One of my favorite features is the plugin and installation scanner, which will scan your WordPress installation files and plugins and check them against the clean repository versions to detect whether anything has been changed unknowingly (which is great for detecting backdoors that have been injected into regular installation files). WordFence also allows you to limit the number of login attempts that can be made to your website, and set ban times on offending IP addresses that break this rule. Crucially it will keep you updated with alerts for various events, like whenever someone with admin access logs into your website, or whenever a user is locked out.
WordFence Security is a must-have for any website, and with a bunch of premium features available such as Remote Scanning and Cell Phone Sign in you really can’t afford to be without this plugin on your site.
Check out WordFence security here: https://www.wordfence.com/
Ever since Google stopped trusting people to write honest, accurate descriptions in their meta tags, started cracking down on link farms and penalising keyword stuffing, website owners have had to work increasingly hard to produce content that has even the slightest hope of getting read by someone online; Google seems to think that people are mostly interested in new, relevant, engaging and constantly updated content. This gives them a vested interest in updating their engine algorithms to bring users the newest, most relevant, engaging and up-to-date content. The better they are at doing this, the more we use their services, the more they can show us adverts.
Now whilst this works well in theory, there’s a little bit of information asymmetry here: Google have a perfect knowledge about what factors, and with which weightings will cause their algorithm to rank website ‘A’ higher than website ‘B’. The rest of the world does not. Google is so good at keeping the specifics of its search ranking algorithms a secret that trying to figure it out and exploit it has become a multi-billion pound industry, with experts the world over selling their knowledge on best practices for effective ranking on Google, analysing and improving a website’s search performance and even producing content that makes Google smile upon your site. These are the Search Engine Optimizers and Marketers. These are the Gods of Google.
However, us mere mortals need a little help from time to time, and this is where a plugin like Yoast SEO give us a much needed boost, and points us in the right direction so that we may reach our search engine optimized utopia.
One of the most visibly useful features of Yoast SEO is its content traffic-lights system. This reads the content that you’ve written in a post, page or otherwise and marks it for search engine-friendly goodness. Get a little red light and you might want to consider improving your article; amber is OK, but there’s room for improvement; green means that you’re hitting all the right notes, and your page or article has a good chance of ranking well. It also has a search engine results page preview, which allows you to finely craft both your page titles and their meta descriptions so they don’t get truncated when they show up in the search results.
Yoast SEO also handles a bunch of behind-the-scenes stuff: it creates sitemaps for all your site content whilst conveniently missing out useless things like tag archives, it will automatically insert OpenGraph data and Twitter cards which instantly makes your site look better when it’s being shared on social and it will also do extra little things like cleaning up your URL structure and removing a bunch of unnecessary stuff from the source code of your site.
Check out Yoast SEO here: https://yoast.com/wordpress/plugins/seo/
Now you’ve got this far, do me a favour: promise me that you will never launch another website without these five plugins installed. Ever.