Plugins that come with your site
A simple and easy-to-use spam-blocker. It does not require any setup, and does not force your users to enter a captcha.
Enhanced Media Library
Adds powerful features to your site’s media library, including the ability to categorize items and add tags, making the management of your media much less meticulous. Other features such as shortcodes and sorting options are included as well.
Nginx Cache (essential)
If you have a managed site, you’re connected to our cache. This plugin clears the cache every time you update your site, ensuring that speeds stay fast without serving old content.
Sermon Manager for WordPress
A helpful tool for uploading, categorizing, tagging, and serving sermons. Built for churches, this plugin makes providing sermons through your site an absolute breeze.
A user-friendly calendar tool that can connect to Google to serve content.
Wordfence Security (essential)
An essential security plugin that blocks malicious users, provides a firewall, and scans for malware, letting us know when there is a security problem so you don’t have to deal with it.
Makes it easy for users to sign in to your site, and makes it easy for you to serve content only to certain members.
Other helpful plugins
Makes it easy to create tables to add to your website. Also consider Responsive Tables for Tablepress, an add-on that will automatically resize your tables based on window size, making designing for mobile a breeze.
Premium form-creating software. While incredibly powerful and easy-to-use, Gravity Forms also comes at a high price. Luckily, we have a license for all of our sites, so you can use it at no extra cost. Consider add-ons such as Stripe or PayPal to increase functionality, such as allowing users to make purchases through your site. Contact us to arrange installation of Gravity Forms on your site.
Advanced Browser Check
If you need to block outdated browsers due to compatibility issues, this plugin makes it easy to choose which browsers to block and what to say.
Need to make essential improvements or take the site down for a bit? This plugin makes it easy to do so, and includes a number of helpful features including a time-frame for construction, multiple themes, and more.
Google Analytics for WordPress
This plugin makes it easy to view Google Analytics information about your site, such as real-time number of visitors, traffic sources, and more.
A plugin for getting the most out of Google. Yoast is a Search Engine Optimization program that helps get your site higher on Google and Bing rankings, pulling in more visitors.
Smart plugin management
This is not an exhaustive list. There are thousands of available WordPress plugins, and many are as reputable and helpful as the ones listed above. But how do you know which ones are safe to use? When should you get rid of a plugin? Below, we’ve listed a few tips regarding WordPress plugins.
Use plugins sparingly.
It’s tempting to reach for a plugin for every bit of functionality you need, but having lots of plugins on your site slows down your site speed, increases security risks, and makes management a pain. Think about if what you’re trying to do can be done without a plugin, and if not, if it is really necessary to have on your site.
Check plugins before you install.
WordPress has user reviews for plugins, just like Yelp or Amazon. Check to see how well a plugin is rated by the community, and how many installs it currently has. A plugin with over 10,000 installs and a 4.5 rating is probably safe to install; a plugin with just over 100 and a 2 star rating might be risky.
Make sure plugins are actively being updated.
Aside from installs and user reviews, a plugin’s page also tells you when it was last updated. If a plugin was last updated over a year ago, it is probably not very secure. The older a plugin is, the more likely it is to introduce security risks to your site.
Make sure you are updating your plugins.
Even if a creator is updating their plugin, if you don’t download and install the update it’s all for naught! Ensure that your plugins are all updated to their most recent version.
Remove old plugins.
WordFence will find plugins that are no longer being updated or that are no longer supported by WordPress. If you receive messages that your plugins appear to be abandoned or have been removed from WordPress.org, these plugins should quickly be replaced or removed.
Why do plugins pose a security risk?
Plugins are not developed by WordPress itself, but by thousands of other people all around the world. While this allows for the impressive amount of plugins we have today, it also means that security is not guaranteed. Each plugin that is installed introduces new possible vulnerabilities, and it is up to the creator of the plugin to keep those security holes patched up. That’s why it’s important that plugins are being updated; old plugins may have vulnerabilities that were never fixed by the developer, or an update to WordPress itself may have introduced new functionality that makes an old plugin vulnerable. When everything isn’t kept up to date and in sync with each other, spammers and hackers are able to find ways inside.
The good news
Luckily, if you’re on Managed Hosting, this is the sort of thing we take care of for you. Managed Hosting customers get automatic WordPress and plugin updates, as well as security scanning to identify any outdated plugins. If your site gets hacked, we’ll work with you to identify how it happened and clean it up as soon as possible.