My list of plugins that I recommend. I have divided them into two categories: Highly Recommended and Recommended. The highly recommended plugins can be used successfully by most WordPress based websites. The recommended plugins provide additional functionality which may be useful in in your site.

404 Error Monitor Captures 404 errors. This is useful if you have changed your permalink structure, so you can redirect your visitors to pages they are looking for. Akismet Akismet protects your site from comment, and trackback spam. It is one of the best solutions for spam prevention.

  1. Click the “Activate” Link
  2. Sign up for an Akismet API key
  3. Go to your Akismet configuration page, and save your API key.

Jetpack by WordPress.com Provides functionality found on WordPress.com to your WordPress site. This has several features, and is worth using. Page Comments Off Please This plugin is installed on all new WordPress sites. Quick Cache WordPress advanced cache plugin; speed without compromise! Quick Cache comment garbagecollector Add-on for Quick Cache. Will regenerate single page/post caches if a comment has been placed Web Ninja Auto Tagging System This plugin will automatically make tags. WordPress SEO This is my favorite SEO plugin. WP Smush.it Reduce image file sizes and improve performance. BulletProof Security Website Security Protection. This is my current perferred security plugin.

Blogroll to Page Create pages of links using the WordPress blogroll functionality. MailPoet Newsletters Create and send newsletters. Import and manage your lists. Add subscription forms in widgets, articles and pages. Syndicate Out Syndicates posts made in any specified category to another WP blog using WordPress’ built in XML-RPC functionality. Easy Digital Downloads Serve Digital Downloads Through WordPress. Easy Digital Downloads - Bitcoin Currency Adds Bitcoin (BTC) currency in Easy Digital Downloads Easy Digital Downloads - Free Download Bypass Checkout Mechanism For Free Download Layered Pop Create multi-layers animated popup. Syntax Highlighter ComPress Syntax Highlighter lets you add different highlights to text. Ultimate Tag Cloud Widget This plugin aims to be the most configurable tag cloud widget out there. MailPoet Newsletters Manage mailing lists, and send mass emails, like newsletters. Meteor Slides Create Slideshows. Summary: Excerpt Extraction Creates summaries of your posts. Ultimate Noindex Nofollow Tool II Allows you to set noindex and nofollow on specific pages, posts, and archives. WP Post Series Adds a new taxonomy of a series of posts.

Theme Recommendations

Weaver II Yoko Twentyfourteen zeeBizzCard

(Education, Tutorials, Documentation, Support) learn.wordpress.com - Tutorials codex.wordpress.com - Documentation wordpress.tv - WordPress Related Videos wordpress.com/support - Support Forums

http://codex.wordpress.org/WordPress_Lessons http://codex.wordpress.org/Combating_Comment_Spam http://codex.wordpress.org/Hardening_WordPress - How to Secure a WordPress based Website http://thematosoup.com/tips/wordpress-security-htaccess - Securing WordPress http://searchenginejournal.com/just-say-no-to-hackers-how-to-harden-your-wordpress-security/63685

Securing WordPress

http://www.gtmetrix.com - Test website for optimization of site http://sitecheck.sucuri.net/scanner/ - Online malware scanner http://www.ip2location.com/blockvisitorsbycountry.aspx - Tool to Allow you to create .htaccess code to block based on country https://codex.wordpress.org/Combating_Comment_Spam/FAQ https://managewp.com/wordpress-categories-tags-seo

Security Advice

Securing a WordPress site can be complicated, but there are two items which can help dramatically each day:

Change the Admin Username away from admin Change the database table prefix to something other than wp_

This is one of the first things I do when I make a brand new site, but if you have an established WordPress site you can make use of Better WP Security to do this.

WordPress like all database driven websites is vulnerable to attack through vulnerabilities in the code. Since WordPress will always have vulnerabilities it is important to keep WordPress, the plugins you use, and themes updated, and your passwords secure. One part of securing a password is to use a strong password (8-12 characters long with at least 1 uppercase letter, lowercase letter, number, and symbol). Steps to Secure a Site

Remove files you are not familiar with. Keep code updated Remove unused scripts Monitor file permissions Hide configuration files In the php.ini file make the following changes: Set register_globals to Off. Set display_error to 0 or Off.

Remember to confirm all user inputs. Items on Forms, in URLS and so on. Remember to make use of access Control. Keep users away from admin areas, and other places they do not need to be.

Make use of .htaccess to block known bad users, or the IP ranges of countries that you do not want accessing your website. Better WP Security is able to add some black list ips to your .htaccess. You can also make use of some free services create code for the .htaccess file to block access to certain countries. This may be useful if you see attacks coming mostly from certain countries and you do not need traffic from those countries this can be a useful tool to protect your site.

Increase Speed and Efficiency of WordPress

Occasionally when your site gets a large number of simultaneous visitors the site could appear down due to the overwhelming number of php processes running on the server. There are a couple of ways that you can combat this. You can install a caching plugin, like Hyper Cache or Quick Cache. You can also use CloudFlare with or with out a caching plugin to improve the loading speed of your site. Securing WordPress

Using a pre-existing subdirectory install

If you already have WordPress installed in its own folder (e.g., http://example.com/wordpress), then the steps are as follows:

Go to the General panel. In the box for Site address (URL): change the address to the root directory’s URL. Example: http://example.com Click Save Changes. (Do not worry about the error message and do not try to see your blog at this point! You will probably get a message about file not found.) Copy (NOT MOVE!) the index.php and .htaccess files from the WordPress (wordpress in our example) directory into the root directory of your site-the latter is probably named something like www or public_html. The .htaccess file is invisible, so you may have to set your FTP client to show hidden files. If you are not using pretty permalinks, then you may not have a .htaccess file. If you are running WordPress on a Windows (IIS) server and are using pretty permalinks, you’ll have a web.config rather than a .htaccess file in your WordPress directory. Move (DON’T COPY) the wp-config.php file to your root directory. Edit your root directory’s index.php. Open your root directory’s index.php file in a text editor Change the line that says:

Countries with Lots of Hackers

WordPress Database Information

The options table will tell you the SiteURL, the template and stylesheet used. You can change the theme by changing the stylesheet and template line.

What are your WordPress tips?