To be clear, I’m not a web designer.  I’m not a web developer.  I’m just a marketing guy who has broken my WordPress site … well … a LOT.  Over the years and countless late night, “please help me for the love of god” calls to my savvier friends, I’ve come up with a list of must-have WordPress Plugins.

Installing all/most of these will provide you with a good balance of security, ease of use, stability and peace of mind with some marketing juice for good measure. It will *really* help.

Why so many plugins?
Well, a small biz website is usually designed to help you make money. And comment and contact form spam costs time (and money) to moderate and clean.  And poor SEO makes it harder for your customers to find you (more lost money).  And most importantly, a hacked WordPress site can cost hundreds of dollars and dozens of hours to fix.  Last time I was hacked, it took $150 to hire a programmer and 30+ hours of my time piecing everything back together – manually.

Did I mention these are all free.  Some require sign-up, but I’ve never received any spam from them.  Invest 30-minutes to setup and configure these plugins, and save potentially thousands of dollars, and increase your odds of your site (and content) being found and shared.

How to Install Them. The download links are in the bottom of this post, however, I’d recommend just browsing to your WordPress Dashboard and navigating to Plugins > Add New > Search Plugins to find them (see image below).

1) All in One SEO Pack

This is simple plugin has been downloaded over 12 million times for a reason.  Other than all of the benefits of SEO which would take a lifetime to explain, this plugin fixes that pesky search-engine-friendly URL problem.  It will help change this:

to this:


2) Better WP Security

A great first layer of security. Most of the geekery behind this plugin is all greek to me.  I just know that it works, is a cinch to install and is regularly updated.  See the screenshot below – ridiculously simple and very effective.

3) BulletProof Security

This plugin has saved me from several nasty security attacked.  Specifically its .HTACCESS protection tools are simple to configure and absolutely critical to protecting your site.  The back-end interface isn’t super-intuitive but difficult to break.  If get stuck somewhere, drop me a line in the comments at the bottom of this post.  When you install WP Super Cache (listed below), BulletProof Security will prompt you to take a few more steps.  This is all normal.  I’ve annotated the screenshot below to give you some clues on where to find the buttons and links.

4) BWP Google XML Sitemaps

Sitemap submissions to Google and Bing Webmaster Tools is an often overlooked (but very critical) step in optimizing your site for search.  This plugin dynamically create an XML file (sitemapindex.xml to be exact) that will never have to be updated by you, and will allow Google and Bing to index your site *and* it’s structure more quickly and accurately. The below is an annotated screenshot of the Google Webmaster Tools Sitemap Submission page.

5) Contact Form 7 w/ HoneyPot Add-on

The easiest contact form generator I’ve ever used.  Easily customizable, and comes with a great shortcode generator so you can paste the forms into widgets, pages or posts with no hassle.  The HoneyPot add-on will help keep contact form spam under control.  The annotated screenshot shows what the back-end looks like for this form on my site.

6) Less Than Web Testimonials

All businesses should use testimonials in all of their marketing.  Social proof and referral generation  are still some of the best marketing tactics a small business can use, despite rapid shifts in technology.  This little tool is a great way to save them and display them either in pages / posts or in customizable widgets.

Hint: go to Groups in the left sidebar (annotated below) to find the embeddable shortcodes.

7) Online Backup for WordPress

I’ve tried several back-up plugins for WordPress, and found this to be the easiest and cheapest (free).  It has a free remote back-up service, plus a manual download option that will take all of the sites files AND the MySQL database and place them in an easy to save/manipulate ZIP file.  I schedule my back-ups to run weekly, and do a manual download just in case (it is a free site, so it doesn’t hurt to be careful).  I’ve marked up the screenshot below to show where some of the harder to find links and options are located.  HINT: go to the TOOLS menu in the sidebar, not the Settings section which is usually where you find this kind of stuff.

8) Tiny MCE Advanced

If you are good with Microsoft Word, you’ll love this upgrade to WordPress’ meager page editing button set.  I especially like that you can stop it from stripping <p> tags, and that you can customize the buttons to your preferences. My setup pictured below includes some of my favorites including the Justify and Strikethrough options.

9) WP Super Cache

Easiest way to speed up your site’s loading time.  Some web hosts (i.e. HostGator which we use) are now bundling it with their Quick Install WordPress sites.  I’ve encountered a few small glitches with it on smaller poorly maintained hosts, but for the most part it’s been wonderful.  WP Super Cache is the trickiest plugin on this list … it won’t kill your site not to have it.  Or you can just ask for help in the comments section below and I can walk you through it.

HINT: when BulletProof Security prompts you to edit your .HTACCESS file, go to the link, then select   mod_rewrite and click save (pictured).  This will generate a view that will allow you to press a “Update Mod Rewrite Rules” button (you may need to scroll down to see it).  Click it and hit save, and it should work fine.  *

*** Don’t forget, that when SuperCache is turned on, you won’t be able to see changes to widgets, plugins, etc… until the cache times out or is manually cleared.  I disable it when I’m working on the site so I can quickly preview my changes.***

10) Widget Logic

This one is for advanced users, but is REALLY helpful when you want to control which widgets display on which pages.  I use this a ton for my client TheFilmSchool (a non-profit screenwriting school) especially when posting logos of our sponsors who are advertising specific programs, but no the entire school. This plugin is a “drop-in” and wont’ show up in your sidebar, but can be accessed from your Plugins page.  I’ve encountered a few WordPress themes that don’t behave well with this little gem.

and for active bloggers, I’d recommend these additional plugins:

11) Digg Digg

A must for bloggers, this tool developed by the geniuses over at Buffer App creates that cool floating toolbar you see on the left of this post.  The counts act as effective social proof measures as well.  Installation and configuration is a cinch.

12) Disqus Comment System

Scroll down or click here to see an example.  I just started using this last month and have a massive marketing crush on it.

13) Akismet

A simple tool (requires sign-up but not credit card or any of that craziness). It runs silently and helps keep most of the dodgier spam from your site.

If you have any questions about the listed plugins, or need instructions for installing and configuring them, just drop me a line or leave me a comment below.


All in One SEO Pack
Better WP Security
BulletProof Security
BWP Google XML Sitemaps
ContactForm 7 (Honeypot Add-on)
Less than Web Testimonials
TinyMCE Advanced
WP Super Cache
Widget Logic
Digg Digg
Disqus Comment System
Akismet (Comment Spam Killer)

A very special thanks to Drew and John Dundon for helping shovel me out of countless website quagmires over the years and turning me on to WordPress (and its awesome plugins) years ago. And a shout out to Francisco from SocialMouths whose #mustread blog introduced me to Digg Digg and Disqus.  If you are looking for some more advanced WordPress optimizations, take a look at this must-read article from ViperChill on super-charging WordPress.

photo credit: kk+ via photopin cc

2 Responses