How to pick safe plugins for WordPress
You got your WordPress site up and running, and now you are ready to rule the web. But WordPress would not be what it is without its endless plugins. How could you possibly know which of plugins available are safe to be installed, and which could eventually turn out to be a Trojan horse? In this article, I will dedicate the first part on tips on how to check if a plugin is safe, and the second one on some recommended useful plugins for your site.
Here is my short list of tips on how to evaluate if a plugin is safe and useful:
- First decide what functionality you need to add to your WP site and then visit the official WP plugins page located at http://wordpress.org/extend/plugins/ . You can find plugins on other sites as well, but it is highly recommended (and safer) to always install your plugins from the WP official page.
- Check the ratings of the plugins available – and like with every feedback oriented decision, make sure that you read through the lines. Look for ratings 4.0 or higher and make sure that enough people have commented on a specific plugin. After all 2 comments who have rated a certain plugin with 5.0 are not really statistically reliable factor to make your decision.
- Check the authority of the author – perform a quick research whether or not the authors of the plugin have created other plugins. And sure thing, review the ratings of these plugins as well. On a separate note just because a developer only has created one or two plugins, it doesn’t mean that the plugin is bad, indeed there are some very good and safe plugins created by developers that have previously developed just a plugin or two. But in case the plugin ratings, number of downloads, or last update date do not look too convincing dig further and try to find out more about the author of the plugin.
- As you probably already know that ‘update’ is a key word for WordPress (and not only), another indicator for a “safe” plugin is how often the plugin is updated – you can check when the plugin was last updated directly via your admin account or from the official WP site. If the plugin hasn’t been updated recently, there is a real possibility it will not be compatible with your site, thus it is preferable to avoid it.
- Check whether the plugin has been tested with the current WP version – for most plugins this information is provided on the official WP plugin site, and could be easily accessed on the main description page of the plugin.
- Number of downloads – though not a metric you should solely rely on, the plugins with high download count are in most of the cases safe plugins to be implemented on your site.
- ‘Word of mouth’ – if you have friends operating WP sites, that you believe are experienced enough then you can check for recommendations or feedback on specific plugins.
- Once you have narrowed down the plugins of interest, Google them! Many people are discussing WP security, so search for phrases such as ‘wp plugin security’, ‘wp plugin security issues’, ‘wp plugin security breach’ (replace plugin with the name of the plugin you are researching about). If a specific plugin is insecure, chances are there will be traces in the net explaining why and how, and all the information that you need in order to make safe and wise decision.
With all the above being said, you should be able to select the right and safe plugins for your site. As we were writing this article we have decided to evaluate couple of plugins closely.
You can refer to the plugin list below as our Top 10 Editorial Choice:
- Exploit Scanner – This plugin will scan all your files, posts, and comments for anything that will look as a malicious code. In case there are hidden spam links (for example via CSS), Exploit Scanner will find and report these links.
- WordFence Security – As its name suggests, its main function is to secure your content. This is done via firewall, anti-virus scanning, malicious URL scanning, and it also scans original files against WP repository versions and in case there are any modification, they will be detected and reported. Another really cool feature is the login attempt limiter. You can set your own number of unsuccessful login attempts after which the visitor will be blocked from login in your WP site. This can be extremely helpful especially due to the nowadays increasing number of brute force attempts against WP sites.
- nrelate – This plugin shows related content on your posts page. Your readers will be provided with relevant information easily digested. You are given a vast choice of styles to pick from, and if you prefer to make your own, you could do this as well.
- Akismet – in case you receive get a lot of “spam comments”, Akismet is your savior. This plugin checks each comment and automatically rejects any spam like comments – saving you a lot of time and resources. For personal blogs the plugin is free, but for Businesses and commercial sites, a paid subscription is required.
- JetPack – This plugin connects your WP site with WordPress.com. It includes features such as the WP.me URL shortener; simple concise site stats; integration with and automatic posting to social media platforms such as Twitter, Facebook, LinkedIn, mobile theme and many more. The plugin includes also grammar, and spell check.
- W3 Total Cache – this plugins aims at your site’s performance. Te main focus is on improving server performance, caching every aspect of your site, and overall contributes to the load time of your site.
- WordPress SEO by Yoast – This plugin will assess your blog posts – the same way the search engines will see your blog, whether your posts are too short or too long, and will provide you with useful SEO optimization tips. It also provides you with Page analysis which will check your meta description, XML SiteMaps, RSS optimization, Social Integration, etc. Overall this is a must have plugin for your WordPress Kit.
- WPtouch – with the increasing usage of mobile phones for site browsing, it is very important to make your site user friendly for all mobile devices. This plugin helps you exactly with this task by transforming your regular site into a mobile version by giving it a mobile ‘touch’, still allowing your customer to choose if they prefer to see the site’s regular theme.
- NextGEN Gallery – With more than 6 million downloads, NextGen Gallery is one of the best gallery plugins. You can easily upload, manage, edit, and display your image galleries, add watermarks, re-size thumbnails, create slideshows styles and many more.