INFOGRAPHIC: Must-Have WordPress Plugins for Your Business

INFOGRAPHIC: Must-Have WordPress Plugins for Your Business

WordPress plugins, add-ons that enhance functionality and optimize your website, are sometimes cited in complaints that WordPress is not perfect. And of course, nothing is. But it’s not the CMS of choice for close to 30% of the internet without reason.

Because WordPress is open-source software, developers are free to create solutions that address any number of website issues. This leads to the overwhelming array of plugins available. How to know what you really need to get WordPress to work at peak performance for YOUR particular business needs?

WordPress dominates the market due to its versatility and the ability to add almost unlimited features. You can create a robust, optimized website using your perfect combination of tools.

The sheer number of plugins available on the WordPress repository (55,241 and counting ) can produce confusion and frustration, though, unless you have a plan. And the candy-store approach might negatively impact your site’s performance if you install too many incompatible plugins.

Please don’t install a treasure-trove of unnecessary plugins! Cut through the clutter and address the most vital issues with these suggestions and the best available solutions to address the needs of your website.

Why WordPress Plugins?

WordPress plugins are essential to enhance the performance of your business website.

WordPress plugins are essential to enhance the performance of your business website.

The multitude of websites is what drives the abundance of plugins. They’ve been designed to solve almost every WordPress website’s needs. Because of this, so many plugins exist that exploring the WordPress plugins repository can seem daunting.

But there are several reasons to stick to the basics, especially during the first stages of your website’s implementation.
1. Don’t overwhelm your site with too many plugins at any one time. Just like themes, disable and remove any that you aren’t using to keep your site clean and optimized instead of bloated and slow.
2. The more unnecessary plugins you install, the more likely you are to experience an incompatibility issue. Again, keep your site lean and clean for optimal performance.

Free vs. Freemium vs. Premium Pricing

With some 643 pages of free plugins, you’re pretty sure to find the perfect solution to your website’s needs at no cost.

These days, though, many plugins and themes are offered under a “freemium” pricing plan. A limited set of functions is available for free, then you’ll pay to upgrade for more capabilities.

Often the premium plan is worth the cost, but a word of caution: Some “free” offerings are so stripped of any real functionality that they are basically worthless.

So always fully investigate any plugins before committing to a solution. Read the reviews, note the number of installations, and be sure the developer offers support and updates.

All About Automattic

No, of course that’s not a typo! Automattic is the development team behind WordPress itself and many of its complementary elements. Their products are prominently featured in the repository, highly rated, and well-regarded in the WordPress development community for a reason.

Always “passionate about making the web a better place,” they have developed a number of options to do just that.

Jetpack offers brute force attack protection, malware scanning, and downtime alerts. Marketing tools include social media sharing and connection to the WordPress ad program. They even offer a WordPress theme marketplace and a helpful blog!

That said, the free and personal pricing levels are, frankly, not comprehensive enough to optimize a small business website. However, the Premium plan, at $9/month or $99/year, is generally a good fit. And it includes integration with the next two tools, too.

Akismet filters out comment spam so you don’t have to do it manually, and works seamlessly with other WordPress plugins as well as Jetpack.

And even if you don’t install Jetpack you can still get Akismet for a reasonable $5 monthly per site, with spam protection and priority support, on their Plus pricing plan.

VaultPress provides an extra layer of security on top of Jetpack and has partnered with Akismet to address spam sitewide. So once you buy a Jetpack Premium plan, you’ll get the complete package of protection.

WP Super Cache is a top-rated plugin for increasing page load speeds and optimizing overall site performance, but unfortunately is not included with Jetpack.

I use the Premium plan and honestly have never needed to call on customer service or support for any issues or problems. In researching this article, though, I’ve learned that I’m not taking advantage of nearly enough of what they have to offer, so I’m setting aside some time to fix that!

Security Plugins

Well that’s all covered above, right? Not exactly. Harden your business website using a variety of tools. To stay ahead of trespassers, here are three more highly recommended security WordPress plugins.

Sucuri offers a free plugin to complement your site’s security, in addition to premium services and pricing. You can also scan your site for issues using their free online SiteCheck tool.

Wordfence Security is a comprehensive suite of security features specifically designed for WordPress. It provides even more protection with premium features and pricing.

All In One WP Security & Firewall is a free security solution offering an extensive feature set.

And best of all, these products give you added peace of mind, knowing that your most valuable business asset is protected from multiple threats 24/7/365.

Backup Plugins

How would your business recover should your website be damaged or compromised? Always have a complete backup available. Try any of these three top-rated WordPress plugins for backups:

All-in-One WP Migration does double duty. Store a complete site backup in your choice of locations. Premium selections include Dropbox, Google Drive, and more. This nifty plugin can also migrate a complete clone of your site from one environment to another. Clone a site and download it to staging, then upload it to the URL to give a seamless redesign.

Updraft Plus WordPress Backup Plugin is quick, simple, and safe. It backs up to more cloud services at no charge than some plugins and can restore as well as back up your website even on its free plan.

BackUpWordPress is super simple to use and backs up your entire site on a schedule that you decide. It also supports offsite storage to Dropbox and Google Drive, among others, at no extra charge.

Having a complete, pre-disaster backup of your site in case of disturbances is sure to help you sleep better at night.

Search Engine Optimization Plugins

SEO is the first improvement most people think of to maximize their website’s overall performance. That’s because being easily located by search engines gains importance every day.

Yoast is probably the best-known WordPress plugin when it comes to SEO, and for good reason. Their free version is quite robust and can help your site rank higher in Google, Yahoo, and Bing searches. The premium version is even more comprehensive and might be worth checking out for your website at $89 for one site for one year, with free updates and support during that period.

Google XML Sitemaps is another solution in the marketplace. It creates sitemaps to help Google, Bing, Yahoo, and even better index your site. It also notifies major search engines when your site creates a post about new content. Google XML Sitemaps is completely free on personal and commercial sites.

All in One SEO Pack provides video tutorials on its downloads page to walk you through every aspect of configuring its general settings through performance options. The Pro feature set includes advanced support for WooCommerce.

Optimization Plugins

W3 Total Cache enhances your SEO tactics and mobile responsiveness by increasing page load speeds.

Smush Image Compression and Optimization reduces image sizes to meet the same goal if your site is image-heavy.

WP-Optimize automatically keeps your WordPress database clean and functioning at peak performance.

Analytics Plugins

Google Analytics for WordPress by MonsterInsights, Sumo Analytics, Slimstat Analytics and Google Analytics Dashboard for WP are all superior alternatives for understanding website traffic.


This brief round-up should give you a good idea of the most essential WordPress plugins you will need to begin optimizing your website.

WordPress plugins work for every business goal and enable every website to perform at its highest level. Take some time to review your company’s needs and decide how using some of these solutions might improve your bottom line for the better.

Which WordPress plugins have helped your business website excel? Let us know in the Comments!

Click infographic to download and view full size!

Essential WP plugins for business.

Essential WP plugins for business.

How to Recognize and Repair a Hacked WordPress Website

How to Recognize and Repair a Hacked WordPress Website

A broken or hacked WordPress website has to be an online business owner’s worst nightmare come true. Watching your revenue plummet because of missed or frustrated visitors is bad enough. But if your infected site spreads malware or discloses personal information, your credibility could take a devastating hit. Some businesses never recover.

How can you recognize a hacked website? What distinguishes a malicious attack from an administrator’s backend bumbling? There are several key differences, and we explore them here.

Broken Websites

What are the symptoms of your WordPress site’s disorder? Is it an error message? A wacky redirect? The dreaded “white screen of death”?

In any case, your first thought is probably “OMG, my site’s been hacked!”

More than likely, though, it was probably unknowingly broken by another administrator.

BTW, that’s one more reason to limit the number of persons with admin access to your site. Allowing just anybody to mess with your website’s backend is a sure-fire invitation to disaster.

Limit access to your website’s sensitive administrative functions to trusted personnel experienced with WordPress. Monitor security, backups, and updates yourself, or allow modifications by well-qualified professionals only.

Most of the common WordPress errors are easily fixed if you can access your site’s admin dashboard. Otherwise, you will need to communicate with your broken website using an FTP/SFTP client program.

Here’s what to do about the three most common WordPress errors.

White Screen of Death

It’s as if your site has ceased to exist! Where your snazzy design and compelling content once lived, there’s now literally NOTHING. A blank screen with no information. Why, and what to do?

This usually happens when a plugin or theme compatibility issue causes an error in the PHP code or the database.

If you have access to the admin dashboard, immediately deactivate all your plugins. Then reactivate them individually so you can determine which one is causing the problem. You’ll then need to deactivate, remove, and replace that plugin with a better solution.

No plugin issues? Check your site’s theme for concerns, especially if you learn that someone else has recently activated an update. Just reactivate the default WordPress theme instead to verify that it’s your theme that’s at fault. Again, you’ll want to remove it and use a different theme.

If the theme’s directory is missing or has been renamed, you’ll see an error message on the site’s front end. If you can log in to the dashboard, switch themes.

Quite frankly, though, you will probably not be able to access your admin dashboard in any of these scenarios. Using an FTP/SFTP client will give you access to the appropriate folders (wp-content/plugins or wp-content/themes) or directory to rename them.

Once the suspected folder/directory is disabled, you can follow up with the suggestions above.

Internal Server Error

You’re trying to log in but instead get an onscreen “Internal Server Error” message. There could be any number of reasons for this, including a corrupted .htaccess file. In that case, simply rename it “.htaccess-old” and reload the site. Resetting your permalinks will generate a new .htaccess file, and the old one can be deleted.

Again, plugin/theme incompatibility could be at fault. Deactivate your plugins or reactivate the default theme as above.

You’ll need to increase PHP memory if you don’t have enough. Although there are several methods for handling this, I’ve been successful by adding the following line to the wp-config.php file using a code editor: “define(‘WP_MEMORY_LIMIT’, ‘256M’)” or whatever number you need the new limit to be.

If corrupted wp-admin or wp-includes folders are the cause of your site’s issues, re-upload the appropriate file from a fresh WordPress install.

Error Establishing Database Connection

The onscreen message “Error establishing a database connection” is usually caused by a problem with your wp-config.php file. Use your FTP/SFTP client to confirm that the database name, username, password and host are all correct.

Also, check with your web host. It could be that their server is down, or your database is suffering a quota overage.

Or they might confirm the unimaginable: Your site was disabled due to infection.

Recognize a Hacked WordPress Website

Most likely, a hacker won’t announce their presence. They don’t want you to know they’re using your compromised website as a Trojan Horse to redirect your users to spam sites, secretly steal their credentials and private information, or other nefarious activity.

So how can you tell that your site’s been hacked?

Most browsers will display a warning page to deter users from accessing the site. You’ll also need to be on top of your website’s usual traffic and analytics to help determine if your site’s been compromised.

A change in traffic patterns could signal that your visitors are being redirected elsewhere. If your site seems unusually slow or is often unresponsive, you could be suffering brute force attacks. Suspicious user accounts are another clue to unauthorized activity on your site.

So despite your best efforts, a malicious actor has somehow gained entry to your site and hacked it up.

First of all, don’t panic! Your content can likely be salvaged. And taking the following action steps will substantially increase your chances of recovery.

Repair a Hacked WordPress Website

Take a deep breath and dive right in.

Start with an incident report documenting all the issues you’re experiencing and every step you take to repair it. Don’t neglect to include the results of each action.

Then use Sucuri’s SiteCheck, a free website scanner, to check for known malware, blacklisting status, website errors, and out-of-date software. Also run a virus check on your computer to be sure it wasn’t compromised in the attack on your website.

Next, check in with your web host. If you’re sharing space with other websites, you may not be the only one affected. Your provider can let you know what’s going on if that’s the case.

Before going any further, reset all your passwords and enable two-factor authentication. Use a trustworthy security plugin like WordFence or Google Authenticator from the WordPress repository. In addition to your wp-admin, be sure to generate new strong passwords for FTP/SFTP, cPanel, and MySQL.

Then, if you can, reinstall a recent backup. This is probably the first and best choice in any hacking scenario. If you have content that will be lost, though, you may prefer to remove the hack manually.

In either case, delete unused/inactive plugins/themes, and disable any plugins you hope to continue using.

Recognize and repair a hacked WordPress website with this easy-to-follow guide.

Recognize and repair a hacked WordPress website with this easy-to-follow guide.

Locate the hack via malware scan if it hasn’t already been detected. It will generally be found in your theme/plugin directories, uploads directory, wp-config.php, wp-includes, or .htaccess file. Also check index.php, header.php. footer.php and function.php for malicious code.

Go ahead and replace the corrupted files with the original theme/plugin or WordPress core file (except wp-content, where your content resides). Delete any suspicious users you found, or update all user permissions as needed.

Now that your site is clean, change all those passwords yet again! This protection is especially vital  moving forward. And, most importantly, implement additional security measures to prevent future attacks.

Request a Google site review to clear your site’s good name and remove any red flags that were set up to discourage visitors from using it.

Check out the WordPress support forums for more details and answers to specific questions that weren’t addressed here.


According to Google, compromised passwords, missing security updates, and insecure themes/plugins are among the top ways sites get hacked. So monitor your website’s security, use strong passwords and change them frequently, and only install reputable plugins and themes to help harden your website.

Has your website ever been hacked? How did you handle it? Let us know in the comments below!

WordPress Website Security: Best Practices 2018

WordPress Website Security: Best Practices 2018

It’s true that WordPress website security is a concern. Because the content management system of choice is so commonly used, it’s much more attractive and therefore vulnerable to malicious actors.

A 2016 study showed that of more than 11,000 infected websites analyzed, 75% were on the WordPress platform. Over 50% of those websites were out of date.

It has also been reported that 73% of WordPress sites are vulnerable to attack.

But if you’ve bought into the hype that WordPress is inherently insecure, then you’re missing out on all the great things WordPress has to offer, for no good reason.

You can easily put a range of simple enhancements to your website security in place that will ease your mind while keeping your site safer.

Don’t let security concerns keep you from enjoying the flexibility and power of WordPress

WordPress sites do get hacked, but the fact is that they are no more dangerous than other php-based websites. And it is by no means the security risk some people would have you believe.

The problem is that WordPress is open source, which means that anyone can read the code — even the bad guys who spend all their time looking for vulnerabilities they can exploit.

Couple that with the enormous popularity of WordPress, and it’s easy to see why you hear about hacks on a regular basis.

But that doesn’t mean WordPress is unsafe. Your site’s chances of being attacked are substantially minimized when you implement just a few security best practices.

Good Website Security Practices Help Protect Your Site

Every time you drive a car your risk of having an accident is increased, but that doesn’t mean you don’t drive. You simply take steps to reduce your risk instead. WordPress is no different.

With a few security measures in place, your danger of being hacked is nearly non-existent.

To start:

  • Choose a secure hosting environment.
  • Keep your site and its themes and plugins up to date.
  • Use strong passwords and change them often.
  • Limit login attempts.
  • Add two-factor authentication.

Be Smart About Your Hosting

Unlimited domains! Infinite space! Limitless bandwidth! And all for around $8 per month. You’ve probably seen the claims and may even have a hosting account with one of these companies.

Here’s the problem. This type of shared hosting is inexpensive only because they overload their servers with thousands of websites.

Just as close proximity in crowded classrooms allows human viruses to quickly spread, the close proximity of websites on a shared server means one infected site is a risk to all the others.

Choose a host that allows you to isolate each site on its own cPanel, rather than looking for the least expensive (and possibly riskiest) hosting option. Doing so will greatly improve the security of your website.

Keep Your Site Up to Date

This is by far the biggest hazard when it comes to security. New vulnerabilities are discovered in WordPress and its plugins and themes on a regular basis, so if your site is out of date, it is at risk.

Most hacked sites are running old versions that are not optimized for protection against vulnerabilities, and are therefore more easily compromised.

Hackers actively search for outdated websites they can attack, so make it a point to keep your site up to date. That includes plugins, themes, and the WordPress software itself.

The WordPress security team regularly releases security patches and core updates to counteract weaknesses, continually strengthening the overall stability and safety of the platform.

Use Strong Passwords

Second only to out-of-date installations when it comes to inviting hackers, weak passwords are regularly exploited with a technique called a “brute force” attack.

Simply put, a hacker sets a computer program (or “bot”) to repeatedly attempt to login to your site using thousands of the most commonly used passwords and what are known as “dictionary” words.

This type of vulnerability can be easily avoided just by choosing good passwords. Ideally, your passwords should:

  • be longer than 12 characters
  • never be used for more than one site
  • contain upper and lower case letters, numbers and symbols
  • never be stored in plain text on your computer
  • never be sent by email
  • be changed often

Also, consider using a password manager such as LastPass to generate and securely store good, strong passwords. You’ll never have to worry about remembering your passwords, and you’ll greatly reduce your risk of being hacked.

Limit Login Attempts

It goes without saying that you should never use easy usernames like “admin” that are the first choice of malicious bots attempting a brute force attack on your site.

Another good defense is to limit the number of login attempts allowed before a visitor is blocked out. This is easily done with the use of any number of available security plugins.

Add Two-Factor Authentication

Requiring users to authenticate their credentials a second time prevents nefarious programs from entering your site in the event that your username and password are compromised in a brute force attack.

In addition to something the visitor knows (username and password), this system calls for identity to be proven again by something ONLY that visitor has. This is commonly a dynamic passcode generated specifically for the visitor to input before continuing to enter your website.

Again, this is easily implemented using one of many excellent website security plugins available at the WordPress repository.


In the end, the safety and security of your site and its data is entirely up to you. Keep your software up to date, use good passwords, and choose a secure hosting environment, and you’ll be well ahead of the curve.

And while this is by no means a comprehensive article covering every aspect, these actionable tips can ensure that your WordPress website security is, if not impenetrable, at least so difficult to hack that it’s simply not worth the try.

Do you have favorite plugins or processes to help protect your website? Let us know in the comments below!