While everyone’s WordPress site is different, there are a few things that every site needs regardless of what niche it’s in or how sophisticated it is.

Every site should have the following 5 fundamental areas covered:

  1. Security
  2. Backups
  3. SEO
  4. Spam
  5. Speed

Unfortunately, WordPress doesn’t take care of these things the way it probably should straight out of the box.

And so for that reason we turn to plugins.

For each area mentioned above, we’ll recommend a plugin that covers it for you.


1. Security | WordFence



Security is something everyone should worry about.

Of course keeping plugins and themes up to date helps a lot. And having strong passwords helps a lot too.

But sometimes you still need more.

The WordFence plugin could be that more you’re looking for.

When it’s first installed, it does a check of your site to see if there are any problems to begin with. It then goes about helping to protect you in the future.

Here are the areas it addresses:

  • Blocking – Blocks known attackers, blocks malicious networks, blocks or limits aggressive crawlers, etc.
  • Login Security – Lets you set up two-factor authentication using both your password and your phone, checks strength of all passwords, etc.
  • Security Scanning – Scans files for issues, lets you see how files have changed, scans for backdoor hacks, etc.
  • WordPress Firewall – Firewall to block popular threats
  • Monitoring – Lets you see traffic in real time, including robots, monitors DNS security, monitors disk space, etc.
  • Caching – Includes caching
  • Multisite Security – can be used with Multisite


2. Backups | UpdraftPlus



Backups can be crucial, of course.

They are so important that there are a number of services and premium plugins offering backups at a pretty penny.

But UpdraftPlus is free. And it does a lot of what the premium plugins do.

UpdraftPlus lets you make manual or scheduled backups. It lets you store them on your server, on a third party site like Dropbox, Google Drive, S3 and others, or it lets you download them to your computer.


3. SEO | Yoast SEO



Even if you don’t care about trying to get traffic from search engines, it certainly doesn’t hurt if you do.

And most people actually do care, of course. And so an SEO plugin is key.

Anyone with any WordPress SEO experience at all knows that the Yoast SEO plugin is considered the gold standard.

There are other SEO plugins out there, and some may prefer them for different reasons, but whenever I’ve checked out other plugins to see if they might be better, I’ve always found myself coming back to Yoast.

The plugin can be a little overwhelming for a novice, but there is documentation on the Yoast site and in other places on the web that can help.

The box it places on each individual post or page can be very helpful as well. It lets you do things like put in an “SEO title” that the search engines see while still keeping your original title on the page itself for visitors on your site. (Note: people searching in the search engines will see the “SEO title,” so make sure it’s still human readable and click-enticing.)


4. Spam | CleanTalk Anti-Spam



Ah, spam. Everybody’s favorite. You think you’ve turned everything off or configured your settings in such a way as to block the spammers, but there they are again, as regular as the sunrise.

The CleanTalk plugin helps to stop spam in the following areas:

  • Comments
  • Registrations
  • Contact forms
  • Orders
  • Subscriptions
  • Widgets

Spammers are constantly changing their tactics, of course. And it seems the plugins that are considered the “best” spam plugins seem to change with the seasons. Currently CleanTalk gets great reviews.

Of course Akismet is also very good. It’s made by Automattic, i.e. essentially the same people behind WordPress itself (for the most part). But the deal with Akismet is that it’s free only if you’re running a non-commercial site. If it’s a commercial site, then you have to pay monthly.


5. Cache | W3 Total Cache



Speed is important both for your visitors and for the search engines.

One of the best ways to help a site improve its speed is to use a caching plugin.

W3 Total Cache is one of the best and has been around for years.

Getting the settings right on a caching plugin is not always so easy. There are lots of tutorials on the web for how to do it, but sometimes even following a tutorial will break your site. (I’ve always found it was easy enough to “unbreak” the site again by simply unchecking a setting that I had checked.)

In any case, before using a caching plugin, it’s probably a good idea to do a backup. And then you can test things to see which settings work for you. The theme and plugins you’re using will affect what works best for you, so there’s really no one-size-fits-all configuration to follow.


Covering the Basics

Those five areas above should probably be covered on every site you make.

You may want to go with different plugins than those above, but those mentioned all have great reputations and some history behind them.