Sr. Front-end Developer, 15+ Years of Web Development on HubSpot and Various CMSs
November 22nd, 2019
WordPress is, by far, the world’s most popular content management system (CMS) powering over a quarter of all websites worldwide.
As such, the community of supporting development is huge, as well.
There are currently over 54,000 plugins available to help augment WordPress’ default functionality ranging from very small plugins to help you create a table to robust premium plugins designed and developed to supercharge it.
With all there is to choose from, what are the essentials every business website needs to ensure they’re taking full advantage when it comes to search engine optimization, security, ease-of-use, portability, recovery, etc.?
I decided to focus on the plugins that provide the most value based on my 20+ years of experience using them — for FREE — some enhancing said value for a nominal fee in their PRO versions.
Yoast SEO (Search Engine Optimization) is the #1 WordPress SEO plugin bringing some powerful SEO related features into your content creation practices.
Aside from its numerous under-the-hood technical SEO enhancements, Yoast provides an interface where content builders can see how their content will score against their target keyword, a readability analysis, Google Search result preview -- all right inside the page builder.
Aside from this, there are also a ton of technical SEO enhancements which are automatically added to your pages and posts to ensure that your site is easily consumed by search bots and crawlers by using structured data and schema among other enhancements.
Included for free, you get:
Keyword optimization which gives you an on-page analysis comparing your target keyword against the content you’ve typed into your page.
Schema.org injection which helps tell search engines like Google and social mediums like Facebook and Twitter exactly what your page is about.
For example, it will easily let Google know that your page is an “Article” created by an “Organization” which is factored into the search algorithm returning way more relevant hits.
Google search result preview which lets you see what your article’s search result will say on Google all without having to leave the post editor.
Automatic sitemap.xml and robots.txt creation. Yoast will take an inventory of your site and provide a broken out sitemap by post type. This makes it much easier for you to submit your sitemap to Google Search Console and also makes it easier for Google to crawl through your site.
The plugin is also regularly updated to account for changes in Google’s search algorithm (which changes way more often than you’d think). Without Yoast, WordPress’ SEO capabilities are limited to standard meta information.
One of the major concerns with any open-source (free and publicly available) software is security. Software such as this has to be made easy to use, configure and develop, but there’s a minor tradeoff when it comes to security.
Fortunately, there are web hosting platforms that take care of much of the security for you like WP Engine (among many others) and for the rest there are plugins available to help fill the gaps.
For me, one of the very best is All In One WP Security and Firewall —and it’s virtually FREE!
This is a powerhouse security plugin I’ve used personally for years bringing a TON of features and services including:
Help removing some of the most common security holes in WordPress like the default user name and ID, database prefix, login address, etc. It also offers protection against:
Identical login / display names
Password strength enforcement
User enumeration where bots can discover the user via the author permalink.
Brute Force Login Attack protection. This is so no robot can attack the site sending multiple login requests whilst denying service.
This is my favorite feature because it ironically makes the username the most important security feature for your site.
If a bot or user tries an invalid username when attempting a login, the site will automatically lock that user’s IP address or range for a predetermined amount of time.
This makes it virtually impossible to deny service because the site is overloaded with login attempts. The only way is to back up, change the IP address and try again, making it less attractive to continue gaining access.
A firewall as protection from known blacklisted IP address and ranges.
Database security This allows you to easily change your database table prefix making it way more difficult to inject hack code into your site’s database. This type of hack is the hardest to eradicate.
User Registration Security
This lets website administrators hold new user registrations for moderation to ensure full control over who has access to your site.
Options for Google’s reCaptcha designed to identify and deny access to bots posing as human beings.
This allows you to easily add what’s known as a Honeypot to your registration forms which, essentially, adds hidden form fields that only robots can see. If they’re filled out, the registration is blocked. No human would ever know to fill them out.
Honestly, WordPress is plagued with comment spam. On any given day, there can be hundreds of comments submitted through your post comment areas with spammy ads and even potential hack links designed to comment moderators to click and download malware.
This tool helps weed out many of these comments by running them through an algorithm which looks for common spam language and hidden code.
Malware Scanning (for a fee)
As an added option with this plugin, you can sign up for Malware scanning which will tell you if the site has any known malware already present.
File System Security
With this, you can manage permissions for the key folders on your site and also disallow changes to your site’s PHP code from within the browser as an added protection from hacks.
Aside from these, there are so many more features including a scoring system that lets you see how secure your site is easily based on the recommended score versus the currently enabled security enhancements.
The best part of all of this, for me, is that the plugin does not weigh the site down like a lot of the other security plugins do by bloating the database or requiring a ton of memory to run. You can all this value and can maintain a snappy load time.
So, this is a brand new one for me, but I’m a big fan.
Much like other page builder plugins, it helps content builders quickly assemble sections with columns, images, video and text in minutes. Furthermore, out-the-box, you can save these sections for use on other pages.
However based on it's speed, responsiveness and extensibility, Elementor is a page builder like none I’ve seen on WordPress.
We recently started using this plugin for client sites at IMPACT and I have to say it’s a revolution for both our clients and our own content builders.
Here at IMPACT, it’s no secret we’re HUGE fans of HubSpot and their content organization system (COS) and this is the closest to it for WordPress I’ve personally encountered.
That’s saying a lot since I’ve been a huge proponent of using the Advanced Custom Fields (ACF) plugin to easily create interfaces for our clients to control and edit their content while preserving the site’s original design / vision.
The drawback to ACF, however, is that your changes can only be seen after you’ve clicked the preview button. If you see it would work better another way, you have to switch back and make another change — a bit tedious. This plugin eliminates that.
Part of the revolution for us developers is that Elementor can be extended to do some amazing things.
Our proprietary extension allows our clients to pull entire pre-designed sections into their page layouts — all the while seeing their changes come to life -- right on the same screen!
The only snag I’ve encountered as a developer using Elementor is the inability to add something called a repeater within another repeater.
A repeater is, as you might imagine, a repeating entity that has a bunch of options encapsulated inside it.
For example: you might need a Person (Repeater) with Name (field), Title (field), and Image (field) inside of it. Great right?
Well if you want to have multiple social mediums (another repeater) for each person, you can’t. It’s a feature that is currently being sought and I’m confident it will be available in the future but not yet.
That said for non-developers Elementor is perfect because, in many ways, it removes the need for a developer at all.
This is especially true if the users that are building content are trained in things like brand consistency and content style. One can easily build sections or even whole pages, save them as templates and re-use them over and over.
The Pro version brings a ton of other widgets making it even easier for you to build web pages easily, but in my opinion, Elementor’s true value is it’s development extensibility and editing interface.
This will ensure that any existing links on Google, emails, or bookmarks don’t end up as a 404 page not found error.
Nothing dissuades a potential prospect from engaging like not finding what they were looking for when they clicked that link on their favorite search engine.
Redirection (the plugin) makes this super easy to maintain with importing/exporting from CSV (Excel) files so you can set all that up as a spreadsheet and import it quickly and easily.
Without a tool like this, visitors would suffer landing on pages telling them the content isn’t available or you’d have to ask a developer to manually add redirects into your site’s .htaccess file which takes some of the control out of your hands.
One of the biggest reasons most websites load slowly is due to image bloat.
Image size depends a lot on usage, meaning you might expect a hero full-width image is larger than a small article preview image, but it’s typically advised to keep image sizes (not dimensions) lower than 200KB where possible.
I can’t tell you how many sites we’ve analyzed which include the original sized (maximum resolution images from Getty Images, Shutterstock, etc) at a whopping 9MB per image.
Good image optimization is about reducing the file size of your images as much as possible without sacrificing quality so that your page load times remain low.
WP Smush is a plugin that will take care of optimizing your images as you upload them into your WordPress media library.
It’s still a good practice to pre-optimize your images and our official recommendation, but sometimes it’s nice to know you have a plan in place for the images that sneak by.
The free version allows for optimizing your current images, too, but there’s a limit to how many. Also, it will only optimize images that are less than 5MB as the starting point.
Still not bad and you’ll notice the difference when you load your web pages free of those heavy images.
Now, WordPress has some built-in protection for situations like these so it will automatically create smaller versions of your uploaded file automatically, but it depends on the user to select them and most users forget.
Even then , WordPress only crops the image and resizes it; it does not optimize it’s visual quality.
So many others to list here...
There are so many amazing plugins — free ones — in the plugin directory for just about every need or occasion many deserving of a mention here.
Plugins like Woocommerce, Jetpack, Akismet ( all made by Automatic ), W3 Total Cache, Autoptimize, the company responsible for WordPress, but they are mostly for very specific functionality. My goal was to give a quick essentials list that ANY business website could use to get started — cost free.
As with any endeavor, it’s important to research any plugins you plan to use on your site. You want to go with software that is widely used wherever possible to ensure any issues that may arise from updates to core WordPress files will be quickly patched and keep your site up-to-date.
Be on the lookout for the notice letting you know that a particular plugin has NOT been tested with your version of WordPress.
This is super important because if it hasn’t been updated in over 6 months or been tested with your version of WP, then you can’t be sure it won’t completely break your site.
Please remember, when in doubt, consult your nearest professional! What other WordPress plugins do you find useful? Share it with us in IMPACT Elite!
Keep Scrolling to Continue Reading
Watch Liz Moorehead’s opening keynote from the Website Optimization Summit, FREE on-demand inside IMPACT+. Learn how you may be unwittingly undermining the money-making potential of your website and how to fix it!
Here Are Some Related Articles You May Find Interesting