All of these plugins are free (as in cost) and are plugins I have used on my sites or client sites.
I’m doing this as a reference for myself but also as a way to provide information to you. If you are looking for a plugin to do a specific job you can check here first to see what I use for that.
This is not to say I’m some kind of “expert” regarding which plugin is the best. There are probably well over 1000 plugins out there and I hardly know them all.
Important point – more plugins make your blog slower. Try to keep them to a minimum. I went nuts with plugins when I starting using WordPress. Now I look to remove any plugins I don’t feel are required. If a plugin isn’t doing something really important for your site – get rid of it. If it’s only serving as eye candy then it’s probably not important.
Additionally, any plugins or themes you are not using create an additional security risk for your site. If you are not using it don’t only turn it off, delete the files as well.
I will be modifying this list over time.
Plugins I recommend for use with WordPress:
Versions numbers listed below are current at the time I’m updating this page. Latest update was in February 2013.
Ad Injection – Injects any advert (e.g. AdSense) into your WordPress posts or widget area. Restrict who sees the ads by post length, age, referrer or IP. Cache compatible. – Version 18.104.22.168 | By reviewmylife | Visit plugin site
Akismet – Used by millions, Akismet is quite possibly the best way in the world to protect your blog from comment and trackback spam. It keeps your site protected from spam even while you sleep. To get started: 1) Click the “Activate” link to the left of this description, 2) Sign up for an Akismet API key, and 3) Go to your Akismet configuration page, and save your API key. – Version 2.5.7 | By Automattic | Visit plugin site
Google XML Sitemaps – This plugin will generate a special XML sitemap which will help search engines like Google, Yahoo, Bing and Ask.com to better index your blog. – Version 3.2.9 | By Arne Brachhold | Visit plugin site
Jetpack by WordPress.com – Bring the power of the WordPress.com cloud to your self-hosted WordPress. Jetpack enables you to connect your blog to a WordPress.com account to use the powerful features normally only available to WordPress.com users. – Version 2.1.2 | By Automattic | Visit plugin site
Online Backup for WordPress – Online Backup for WordPress can automatically backup your WordPress database and filesystem on a configurable schedule and can incrementally send the backup compressed (and optionally encrypted using DES or AES) to our online vault where you can later retrieve it. Backups can also be emailed to you or produced on-demand and downloaded straight to your computer. You can view the current status and change settings at “Tools -> Online Backup”, or by clicking the “View Status” link next to the plugin name in the Plugins list. – Version 2.2.18 | By Jason Woods @ Backup Technology | Visit plugin site
SI CAPTCHA Anti-Spam Adds CAPTCHA anti-spam methods to WordPress forms for comments, registration, lost password, login, or all. This prevents spam from automated bots. WP, WPMU, and BuddyPress compatible. – Version 22.214.171.124 | By Mike Challis | Visit plugin site
WassUp Real Time Analytics – Analyze your visitors traffic with real-time stats, charts, and a lot of chronological information. Includes a sidebar widget of current online visitors and other statistics and an admin dashboard widget with chart. For WordPress 2.2 or higher. Caution: don’t upgrade when your site is busy! – Version 126.96.36.199 | By Michele Marcucci, Helene Duncker | Visit plugin site
Yet Another Related Posts Plugin – Returns a list of related entries based on a unique algorithm for display on your blog and RSS feeds. Now with Now with thumbnail support built-in! – Version 4.0.4 | By mitcho (Michael Yoshitaka Erlewine) | Visit plugin site
Additional Security Notes:
- Your login name should not be the same as your display name.
- Use a strong password.
- Go into your main directory and delete the files wp-config-sample.php, readme.html and license.txt
- Delete install.php in the wp-admin folder. Each time up upgrade WordPress it will create a new one. Either delete it each time or replace install.php with a blank file named install.php.
AntiVirus – Security solution as a smart, effectively plugin to protect your blog against exploits and spam injections. – Version 1.3.3 | By Sergej Müller | Visit plugin site | Flattr plugin | Follow on Google+
BulletProof Security – Website Security Protection: BulletProof Security protects your website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. One-click .htaccess WordPress security protection. Protects wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html with .htaccess security protection. Security Logging. HTTP Error Logging. One-click Website Maintenance Mode (HTTP 503). Additional website security checks: DB errors off, file and folder permissions check… System Info: PHP, MySQL, OS, Server, Memory Usage, IP, SAPI, DNS, Max Upload… Built-in .htaccess file editing, uploading and downloading. – Version .47.9 | By Edward Alexander | Visit plugin site | Forum – Support | Upgrade | Flash Movie
Login LockDown – Adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. Distributed through Bad Neighborhood. – Version v1.5 | By Michael VanDeMar | Visit plugin site