One of the great things about WordPress is the wide range of plugins available to be installed to add, modify, or remove core functionality. There are over 25,000 plugins freely available in the WordPress.org repository and thousands more premium plugins. There are plugins for SEO, discussion, social media, integration with third party services, and almost anything else you can think of.
Not all plugins are built equally, though; some live at the perfect intersection of form and functionality that make them a pleasure to use. Other plugins are kludgy heaps of unorganized, uncommented code that are neither maintained nor supported. These low-quality plugins can cause unexpected behavior throughout and can even compromise the security of your WordPress site.
Generally speaking, it’s considered best to avoid installing a ton of plugins on your site. WordPress core is typically better tested than third-party plugins. Core bugs still happen (and if they do you should report them to the core development team) but chances are when something breaks on a WordPress site, it’s either in the theme or a plugin. It’s always a good idea to research a plugin before installing it – WordPress.org offers reviews and there’s usually some chatter on social media about plugins that cause trouble.
Below are some of my go-to WordPress plugins that have proven themselves time and again to be useful and effective:
Advanced Custom Fields
I could write an entire blog post about how awesome Elliot Condon’s Advanced Custom Fields plugin is (oh wait, I already have). I started using ACF on a project about two years ago and the plugin completely changed how I’ve gone about building WordPress sites. ACF gives users (mostly developers since displaying the data requires some theme editing) an intuitive interface for creating complex custom field arrangements. Want a second WYSIWYG for each tab on a page? An image gallery? A theme options page? All of these otherwise arduous tasks are a breeze with ACF.
Ajax Thumbnail Rebuild
If you’ve ever rolled out a new theme on an existing WordPress site, you know what a pain it can be dealing with new or changed image sizes for existing media. Ajax Thumbnail Rebuild is my go-to utility for regenerating this content when specifications change. You’re able to specify the [registered] image sizes you wish to regenerate and can optionally limit the regeneration to featured images, which is especially useful on sites that use large, eye-catching banners at the top of each post.
Akismet of one of two plugins that come pre-installed with every installation of WordPress. Developed and managed by Automattic (the company behind WordPress.com), Akismet is the de-facto spam filter plugin for WordPress. It’s simple to set up as there’s practically no configuration: just register for an API key through Akismet.com, follow the prompts you receive after activating the plugin, and your comment moderation time drops dramatically.
CMS Tree Page View
One feature that’s missing from vanilla WordPress that’s common among many other content management systems is the ability to see, on one screen, the hierarchy of your site. CMS Tree Page View creates this sort of view for you and (perhaps my favorite feature) allows you to simply drag your pages around the tree to reorganize them.
One of the few premium plugins on this list, Gravity Forms is widely considered to be the best form plugin for WordPress. It’s intuitive UI makes it simple to create simple and complicated forms alike. The plugin also has a rich API that allows third-party developers to develop add-ons without editing the core plugin files.
Speaking of third-party add-ons, I’d also recommend installing Buckeye Interactive’s own Gravity Forms Duplicate Prevention. This add-on will prevent you from receiving multiple submissions when an impatient user clicks the submit button multiple times before the form has finished submitting.
Limit Login Attempts
This is a newer addition to my plugin tool-belt but it’s quickly won me over. If you haven’t been following WordPress news, there’s currently a botnet (a network of compromised machines being controlled remotely) attempting to brute-force access to a large number of WordPress and Joomla! sites using common administrator credentials. Out of the box, WordPress doesn’t lock out users after a number of failed logins but the Limit Login Attempts plugin adds in this much-needed feature. You can also specify how many attempts are permitted before lockout, how long lockout should last, and whether you’d like to receive notifications when users are locked out.
Any time you change your site’s URLs structure it’s important to create proper redirects from the old location to the new. Not only does it enhance user experience (nobody likes clicking a link to your site only to arrive at a 404 Not Found error page), Redirection allows you to easily create redirects manually when you’re getting started and will automatically create redirects of URLs within your site change. The plugin also supports wildcard URLs, several different redirection methods, and a host of other dev-friendly advanced features.
Joost de Valk, a.k.a. Yoast, is a developer and SEO consultant held in high regard within the WordPress community. His WordPress SEO plugin is easy to get started with. It’s extremely powerful and highly effective. One part of his plugin that I really like is the ability to set default templates at a site level but override them as needed on a per-post basis.
WP Password Generator
Full disclosure, I’m the lead developer on the plugin. WP Password Generator simply adds a “Generate Password” button to the user add and edit screens that allows site administrators to quickly generate a random password. This is particularly useful when you’re creating a bunch of users at one time, decidedly less useful when you’re running a site with only one or two users.
A final note
There are several of plugins used frequently for managing custom post types, taxonomies, and user roles/capabilities. It’s one thing if these need to change regularly, but if the custom post types are just being registered once and left alone after launch, I’d highly recommend you move those custom post types into the codebase rather than in plugin settings.
There are some excellent generators available that will generate the code for you – just drop it into your theme’s functions.php (or create a custom plugin that registers settings if you’re switching between themes a lot) and stop worrying about someone messing up your carefully orchestrated custom post types: