There are a few website content management systems (CMS) with great staying power: WordPress, Joomla and Drupal. These systems evolved and changed over the years as users adopted them, tested them and pushed them to their limits. As users’ needs changed, the innumerable plugins, extensions and modules that expand CMS’ functionality multiplied and changed. Today, we recommend WordPress (and WP plugins) for our clients (we also use WP for the Savoir Faire site).
WordPress rises to the top
As systems and plugins changed, so did our process for building a website and selecting the necessary plugins and extensions. Years ago, Savoir Faire started building websites in Joomla.
WordPress was released in 2003 as a blogging solution. Two years later, Joomla was released as a website development tool. Given the purpose and features of these systems at the time, Joomla was a much better platform on which to create multifaceted websites – and therefore our preferred CMS.
Years passed and WordPress developers responded to the needs of users, and developed a full-featured website development tool. We were willing to take another look.
Plugins aren’t one size fits all
Just as we “kicked the tires” on WordPress as a CMS, today we take a close look at the plugins we recommend for our clients’ and prospects’ WordPress sites.
Four years ago, we wrote about four plugins we thought every WordPress site should include. Today, we re-evaluate those recommendations and consider how they currently fit (or don’t fit) in our website planning and development strategy.
For example, we once recommended WordFence for security, Yoast for search engine optimization (SEO), Backup Buddy for backups and redundancy, and MonsterInsights for integration with Google Analytics. We also threw in one more for good measure — Smush for image/speed optimization.
While these are all still great plugins for some sites, they don’t work for all sites. There are multiple plugins available to accomplish what your site needs to do depending on your specific requirements.
Instead of the four plugins above, now we say that every WordPress site should have a tried-and-true, well-reviewed plugin to address each of these five categories:
Security
WordPress is the most popular CMS in the world today. It powers nearly 40% of all websites and 64% of all sites built in a content management system. But its popularity also makes it a prime target of hackers and other ne’er-do-wells.
To protect websites, we previously recommended WordFence. This plugin, offered as a free version and a pro version, works to prevent brute-force attacks and monitors your WordPress site files and plugin files for malware. While still one of the best and most-used security plugins, we found that because it does such a good job preventing potentially harmful site traffic, it may also block some valuable traffic to a website. This is especially important for global organizations who might seek and rely upon traffic from the Ukraine, Russia, China and India.
Instead, for about twice the cost of the pro version of WordFence (or $199/year), we recommend Sucuri.
Sucuri:
- Layers a website application firewall on your site (which is one of the best ways of presenting hacking)
- Scans your site every 12 hours for security issues and malware
- Provides advanced DDoS (Distributed Denial of Service attacks) mitigation and many other security and protection features
- And, if your site becomes compromised, their security experts will remove malware and return your site to working order
If you believe you don’t need all the security features of Sucuri or that the cost gives you pause, there are other plugins available (such as iThemes Security Pro). However, you should consider the cost of rebuilding your website if you are hacked, or the cost of lost business should your site go down or become a threat to your users, prospects and customers.
In addition to plugins and solutions that provide firewall protection, we also like Google Authenticator for WordPress. Google Authenticator provides two-factor authentication (2FA, MFA) whenever you log in to your WordPress website, ensuring no unauthorized access to your website.
This plugin also syncs your logins and authentication across multiple sites you may manage and is compatible with other plugins that may have users and logins (such as ecommerce systems, learning management systems and community/forum systems).
Backups
Backups are necessary when dealing with websites that are updated often (or a potential target of hackers as mentioned above). WordPress issues numerous updates each year, as do plugin and theme developers (either in response to WordPress changes or to make improvements). It is not uncommon for Savoir Faire to update three to five plugins per week on a small site and up to 20 plugins on a large site.
These updates, minor or major, run the risk of creating conflicts or compatibility issues, which can result in display problems or even fatal errors.
Of course, you can perform backups manually before each update by creating a copy of your files and database. But it’s much easier and reliable to have an automated system in place.
We previously recommended Backup Buddy and still do. Backup Buddy allows you to create scheduled backups of your entire site or portions of your site and store those remotely for safe keeping. These backups can also be used to migrate your site to another web host should you ever need to.
That said, Backup Buddy is becoming more and more unnecessary depending on the web host you select. Many popular hosting solutions for WordPress now include daily backups and easy one-click restoration and redundancy through multiple environments for staging, development and production.
SEO
WordPress has always been good at SEO. But good isn’t good enough. To gain better control over SEO on a WordPress site, we previously recommended Yoast SEO.
Yoast allows you to:
- Optimize the technical aspects of your site
- Helps you think carefully about SEO while writing
- Create compelling search result snippets
- Analyze your content for keywords usage and readability
Yoast offers a free version of their plugin which could improve your SEO, and offers a premium version that, especially in the hands of an SEO expert, could be a game-changer for your site.
While Yoast has been one of the top WordPress plugins, with more than 5 million active installations of the free plugin, Yoast’s additional features can add costs. Yoast’s Local SEO plugin, News SEO plugin, Videos SEO plugin, and Woocommerce SEO plugin are each $69. If you need all these in addition to the core plugin, it will cost you $365/year at the current pricing.
With changes in Google’s algorithm over the years, each of these could be important to your site, and for meeting Google’s rules for what is called schema markup.
You may consider another popular plugin (with 2+ million installations), All in One SEO, released in 2007, and possibly considered the grandaddy (or grandmommy) of SEO plugins. Unlike Yoast, the pro or premium version of this plugin includes smart schema markup, local SEO module, Google AMP SEO, WooCommerce SEO, and other advanced SEO modules. But to get it all, this plugin, too, gets pricey.
As such, we have begun to explore a new kid on the block, RankMath. RankMath’s pro plugin offers all these SEO tools for $59/year. If they do what they say, it could become our go-to. However, we are still testing this plugin.
Analytics
Assuming you are still connecting directly with Google Analytics (GA) and not implementing your tracking through Google Tag Manager (GTM), we have changed how we include and manage our GA tracking on websites multiple times. Back in the day, we generated a tracking code in GA, then inserted that code into the website template/theme code. To simplify this, we started using various plugins that only required that we install it, activate it and add our GA ID to the plugin settings. Easy peasy.
But this type of simple integration became insufficient in terms of being able to track website usage effectively. They required far more set up in GA and customization of links or code to create event tracking and conversion tracking.
We eventually started using and recommending MonsterInsights. Not only did it allow us to easily connect websites to GA, it also leverages GA features such as custom dimensions, download and link tracking, and event tracking without needing to create custom URLs or link code.
This plugin remains a good choice for DIYers. But, as GA has evolved, and as our tracking needs have become more sophisticated and our strategies more dependent on much deeper understanding of site data, we have actually gone backward. We abandoned analytics plugins and began inserting GA code into the header and footer of the site again.
Now we do it a little differently, though. We use a plugin called Header Footer Code Manager which allows us to add analytics code (as well as any ad tracking snippets or other integrations) without editing the website’s theme files or code. It also allows conversion tracking to be inserted on specific pages instead of sitewide.
Image Optimization
Last time we tossed Smush into the mix as a bonus plugin. WP Smush is used to optimize images to improve page speed by scanning images on your site and compressing them.
Today, site speed has become more important in search ranking. We would be remiss if we treated this or other optimization plugins as an afterthought. Optimizing for speed includes optimizing images, optimizing videos, optimizing code and utilizing GZIP Compression and Browser Caching.
As part of optimization efforts, WP Smush remains our top plugin for image optimization. Not only can it “lazy load” images and compress PNG files, it can serve images in what is called “next-gen image formats.” These formats (WebP, JPEG 2000, JPEG XR) leverage advances in image processing and compression and can further reduce file sizes resulting in faster image downloads and better user experience.
Selecting a plugin to do the rest, however, is more difficult. We found that some optimization plugins work better than others depending on how the WordPress site is structured (theme, page builder and plugins) and where it is hosted. (Keep in mind some hosts do not allow any optimization plugins to be installed as they already provide many of these features within their hosting.)
For sites hosted with SiteGround, we find their SG Optimizer plugin works well to improve page speed scores. For other sites and hosts, we also use AutoOptimize, W3 Total Cache and Hummingbird – selecting whichever produces the greatest improvement for that particular site.
Conclusion
So, you see, WordPress plugins are not one size fits all. There are multiple plugins available to accomplish what your website needs to do, and the best one for you depends on your specific requirements. Whatever plugins you choose, be sure to consider and address:
- Security
- Backups
- SEO
- Analytics
- Image Optimization
When selecting plugins, pay close attention to whether a plugin is free or paid (which can affect the support you will be able to get), how long it has been since a plugin has been updated (which could indicate a plugin is or is not well maintained), and the number of installations and reviews (this is one scenario where the popularity contest really works!).
We know this is a lot! That’s why we stay on top of CMS’ and plugins to keep our and our clients’ sites running optimally. If you need a little help there, give us a shout.
Keep your site healthy!
Click here for free website build and maintenance ebook.