7 Essential WordPress Plugins in 2017

If you are just starting out with WordPress it can be daunting. The huge amount of themes and plugins to choose from is huge, not to mention the learning curve of purchasing a domain name, setting up your hosting, installing WordPress and eventually getting to writing and publishing your website. Adding in more things like plugins can just be too much for some people and lets face it there are plugins out there that are just not worth your time. So if you are just getting started with WordPress or have been using it for awhile and are looking for how to make your day to day use and management of it just a little easier here are my top five WordPress plugins that you should install and use.

Google Analytics for WordPress by MonsterInsights
You want to know how many people are visiting your site and this is still my favorite Google Analytics plugin. It used to be a Yoast plugin I believe but they sold it to MonsterInsights and it has gotten better since then. Two of the things I like best about this plugin is the simple and easy to read dashboard with stats and the fact that you just click a box to have outbound links tracked. Just makes it easy to get Google Analytics up and running on WordPress.

VigLink
We all want to make money and pay the bills from our sites, the problem is creating and managing affiliate relationships and links can be a huge time suck. Especially if you just want to make the odd link to Amazon.com or to the latest product or service that you just bought. VigLink helps take care of all of that for you and helps to monetize all those outbound links that you have on your website. If you are not using CloudFlare(that is a whole other post) then you should sign up with VigLink and install the VigLink plugin.

Redirection
Sooner or later you will need to redirect people from one page or post on your website to the new one that replaced it but messing with htaccess is just not very quick. There are other uses for the Redirection plugin as well. For example the link to VigLink in the paragraph above, did you notice it has /go/viglink.html as the link. I often use Redirection to help manage outgoing affilaite links, not to hide but simple to make it easy to change in the event the merchant closes, or I need to send people to a different page. I like VigLink but if you have long term affiliate relationships or links you want to manage Redirection comes in very handy to help with that as well.

Wordfence Security
Keeping the bad guys out is a full time job but who has time to sit there and monitor your website 24/7 for the bad guys. While there are many different options to prevent brute login attempts, hacking and other types of attacks the free version of Wordfence Security will help you keep your website safe.

All-in-One WP Migration
You might not use this plugin everyday but when you need it, it sure is handy. Although the name of the plugin is about migrating your site from one server to another it is also very handy for making regular backups of your website and then in the off chance that your site is hacked, or you do need to move to a new host you can easily restore it. I regularly use this plugin on sites to make regular backups and download them. It can be automated but that is a post for another day, but even if you manually create your backup and download it you it can save you lots of time. In fact if you do need to move to a new host I would guess you can restore your whole WordPress website between 15 to 30 minutes and be up and running again.

Contact Form 7
You will want a contact form on your website, and Contact Form 7 is awesome. Easy enough for anyone to setup and use, but for those that want to get in there and tweak things you can do that as well. As a bonus if you want to save contact forms straight to your database and be able to export them as a spreadsheet check out the CFDB plugin as well. It is no longer in the WordPress plugin repository but it is a great plugin to have along with Contact Form 7 so you don’t rely on email alone, because email somehow will just disappear.

Anti-spam
Spam, both the food and unwanted comments, suck! We all know it sucks the anti-spam plugin helps to keep it all at bay. Anti-spam will help keep the spammers away or a least stop the spam from actually making it into your comments. They also offer a pro version but for more people the free version is all you will probably need.

BONUS

3 Plugins to Avoid When Starting out with WordPress

I will start out by saying that I love WordPress, it is awesome, but not everything by Automattic is awesome and in fact probably be avoided for several reasons.

Akismet
Now you are probably wondering why would I recommend you use Anti-spam above instead of Akismet, the spam defense by Automattic. The answer is pretty simple actually, Akismet is only free for personal blogs. If you are using WordPress for business, have an ad on your WordPress website, link to any site through an affiliate link then you no longer are a personal blog and you have to pay for Akismet. Pricing in USD starts at $5.00/month/website. If you are just starting out, don’t make a lot of money from your website or are a business you are suppose to purchase Akismet. Is Akismet good at stopping spam, yes, but if you are just starting out or don’t make TONS of money from your website save your money and use Anti-spam. In fact I would say Akismet makes my list of plugins to remove on install.

JetPack
As much as I say I LOVE WordPress, I have the exact opposite feeling for JetPack. In fact I would go far as saying I LOATH JetPack. I dislike JetPack for different reasons that I dislike Akismet. JetPack has some nice features, except for the odd feature that you want to use with JetPack you need to get ALL of JetPack. There are simply other options available. Aside from the fact that I think the user interface for JetPack is horrible, perhaps the biggest reason I dislike JetPack is the fact that is calls home all the time and needs to have access to your site. Sure it makes it easy to administrate your website through WordPress.com, but how often does anyone actually use WordPress.com to administrate their self install version of WordPress? In fact I bet most people never use it.

Yoast SEO
I am going to pick on the Yoast SEO plugin because it is one of the most popular, but any SEO plugin is really not needed anymore. In fact of all the sites I help manage these days there are only a few that still have Yoast SEO or any SEO plugin installed. Has traffic changed on those sites? Nope. In fact if anything traffic has improved, not because the SEO plugin is no longer there but because of other SEO factors improving like better hosting.

Spam, Spam and More Spam

Some WordPress Spam

As long as there has been the ability to leave comments on websites there has been spam. I recall creating a guestbook for a client once and even though the guestbook used a captcha it did not take long before it started to become overwhelmed with spammy comments. Fighting spam has become so difficult in fact that it can start to distract you from what you need to be focused on with your website in the first place, creating good content, attracting leads and making sales. If spam has become a constant battle with your WordPress website here are some ideas and tools that might help turn the tide on the battle.

Turn Off Comments

Depending on the purpose of your website you might not need or want comments in the first place. By turning comments off altogether your spam problem can be virtually eliminated over night. Even if you run a popular blog you can still turn off comments, much like Copyblogger did last year. I you do turn off comments altogether you might also want to add a redirect on the WordPress wp-comments-post.php file. Many spammers simply post to that WordPress file and never actually visit your website. By redirecting it using .htaccess or some other redirect you can simply send the spammer off to some location where they will do no harm.

Use Another Commenting System

There are several other commenting system that are available that can help cut down on the amount of spam you receive. Services like Disqus, Facebook Comments and IntenseDebate all offer the ability to host comments for you. Depending on your needs they might be just want you are looking for. They certainly can help in reducing the amount of spam your comments receive.

Use an Anti-Spam Plugin

If you do decide to keep comments on your website making sure you use a decent anti-spam plugin is essential. Many people will simply tell you to use Akismet, and while I would say Akismet is certainly a good plugin, if your website uses any ads or is for any kind of commercial use AT ALL then you should honestly stay away from Akismet unless your website has grown to the point of being able to earn enough money to be able to afford the Akismet monthly rates.

Thankfully Akismet is not the only anti-spam plugin available. Some of the more popular plugins include Anti-Spam, WP-SpamShield Anti-Spam and one I have been testing on some sites, Spam Destroyer. There are even some that use Google’s new “No Captcha reCaptcha” like this plugin Google’s No Captcha reCaptcha.

Use Cloudflare

One of the best ways to keep spam off your website it to not let them get to your website in the first place. Some people dislike Cloudflare but it can help a great deal in reducing the automated spam from bots. You can even create a special page rule to protect the wp-comments-post.php file to increase the checks done no the people and bots trying to post a comment. This can make it much easier to keep the bots away and by even just making it a little slower to try and post a comment to your website.

What is your favourite anti-spam technique on your website?

Blocking WordPress Blog Spam with .htaccess

While I am a fan of Monty Python’s Spam skit, I am not a fan of automated WordPress spam, and it seems to be getting worse every day. Of course the large majority of WordPress comment spam is just automated comments posting directly to the WordPress wp-comments-post.php file. I have used different methods in the past but recently came across a way to help keep the spammers away.

While there are many very good plugins available for WordPress to help keep spam down, sometimes the best method is to use your we server to block it in the first place. Thanks to a very helpful post on the V7N forum here is a way that you can block a large portion of automated comment spam using your .htaccess file.

Before you add these six lines of code to your .htaccess file on the root of your WordPress installation be sure to make a copy, just in case something goes wrong. The wp-comments-post.php file is located in the root of your WordPress install so you need to add this code to the main .htaccess file. If you have pretty permalinks turned on you probably will not need the “RewriteEngine On” line, since pretty permalinks already turns that on.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]

Anyways the code basically does this. It checks for someone posting directly to the wp-comments-post.php file, which automated spam bots do, and if the referrer is not your domain it redirects that request back to the IP address of of where the request came from.

I have been testing this out for a few days now and I am pleased to say that the amount of spam that has made it through is significantly down. It is not all gone, and there is still some making it through, but the percentage has decreased significantly. You will still need to run Akismet to catch the spam that is done by real people but this can help lower the load on your WordPress site from the automated spam bots.

If spam has your WordPress website swamped give this a try and see if it helps to turn the tide in your favour a little bit.

After you have done that take a break and enjoy the Monty Python Spam skit.

Keep the Comment Bots at Bay

Space Invaders - Found at: http://www.sxc.hu/photo/191111It does not take long after your blog opens before the automated comment spam bots start to invade your beautiful creation. Dealing with comment spam is a daily task for every blogger, and if the automated comment spam bots have you on their list of blogs to attack it can be an over whelming task. There are many different methods that you can use to keep them from attacking your blog with a barrage of bad and often non-sense comments. You can try to ban the ip addresses using your htaccess file, you can install different types of captcha plugins and add in hidden comment fields to stop the bots. The method I prefer is to use Javascript to redirect a real person leaving a comment from an automated comment spam bot leaving a comment.

To understand how this method works you need to know a little bit about how WordPress processes the comment form. If you look at the source code of a WordPress comment form you will see the form tag. It should llook something like this:
<form action="http://www.yourblog.com/wp-comments-post.php" method="post" id="commentform">
WordPress uses the wp-comments-post.php file to handle the processing of comments. Automated comment spam bots know this so all they do is add your blog to their list of sites to target and their software goes to work spamming your blog by posting directly to the wp-comments-post.php file. You can try to simply rename the default WordPress file for handling comments but that will only work for a little while until the bot does read the actual html form and adds the new url and file name to their database.

Automated comment spam bots so far have one flaw that we can still use to our advantage. They don’t read external Javascript files very well. What we simply do is hijack the normal comment form action using Javascript and send the real person to the correct comment processing script and let the bot go ahead and post to the default WordPress comment file. Here is how you do it.

Warning: This requires the editing of core WordPress files. You are reminded to make a backup of your blog before doing this just in case or at the very least copies of the files you are going to edit.

Step 1
Create a copy of the wp-comments-post.php file from the root of your WordPress blog. Give the copy of the wp-comments-post.php file another name, one that is hard to guess would be best, but it should be something different from wp-comments-post.php. I often use a randomly generated file name created from a password generator, but something as simple as nospamcomments.php should work. This copy of the wp-comments-post.php is going to become your new comment form processing file, so make a note of the file name you will need it later.

Step 2
Now that you have a copy of the wp-comments-post.php file you can go ahead and edit the wp-comments-post.php file. What we want to do is keep the wp-comments-post.php

I edited it down to just this:

<?php
if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) {
header('Allow: POST');
header('HTTP/1.1 405 Method Not Allowed');
header('Content-Type: text/plain');
exit;
}

require( dirname(__FILE__) . '/wp-config.php' );

$location = ( empty($_POST['redirect_to']) ? get_permalink($comment_post_ID) : $_POST['redirect_to'] ) . '#comment-' . $comment_id;
$location = apply_filters('comment_post_redirect', $location, $comment);

wp_xhzlub_redirect($location);

?>

Save the file.

Essentially what we want to do is just redirect the submitted form from the bot to the post that the bot says it came from without actually doing anything.

Step 3
We need to create a way to direct real users to the correct comment form processing script. We do this with a little bit of Javascript. In your text editor create a new file and add the following Javascript:

function nospamaction(theForm) {
theForm.action="http://www.yourblog.com/nospamcomments.php";
return true;
}

Save the file as nospamaction.js (it can be named something different if you want, it is up to you).

Step 4
If you have been editing these files on you home computer you will need to upload the new files to your web server. If you have been editing/creating new files on your web server using your web server control panel then you can skip this step.

Step 5
Once you have the files uploaded to your web server you can login into your WordPress admin panel and login. You need to make two small edits to your theme files. Go to the Presentation tab and choose Theme Editor. Select your header file first. The javascript file you created needs to be added to the header. Add the following line between the head tags. If you don’t know where that is just place the line just before the closing head tag (</head>).

<script language="javascript" type="text/javascript" src="http://www.yourblog.com/nospamaction.js"></script>

Update the file header file and then edit the comments file. You need to find the form tag for the comment form. The default one looks like this from the Kubrick theme:
<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">

To make the form submit to the proper file to process the form we need to add a Javascript event to the form. Add the onsubmit event handler to the form tag and call your Javascript function to redirect the form output to the correct comment handling file.
<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform" onsubmit="return nospamaction(this);">

Update your comments file.

Step 6
Go and test your comments form on your post. Make sure you clear your web browser cache and if you are using wp-cache or Super cache turn them off. Try your new form with Javascript turned on first to make sure it redirects properly to your renamed wp-comments-post.php. If you get a new comment posted then you know if worked. Then try your form with Javascript turned off. You should be redirected right back to your post and no comment will appear in your admin.

Pros
This method can help prevent automated comment spam from overwhelming your blog.
Lets automated comment bots think they successfully posted.

Cons
Requires Javascript be turned on in your readers browser. Most have this turned on.
Edits a core WordPress file. When you upgrade your WordPress install you will need to redo steps one and two again and upload the files.

Conclusion
I have used this simple Javascript hijack to prevent comment spam on several WordPress installations and it has cut down considerably on automated comment spam. The comment spam that does get through will be trackback spam and spam from real people actually visiting your blog and filling in the comment form. I have used this method on other types of comment and contact forms as well and it continues to work on several high profile sites that I have worked on in the past. This is only one solution to comment spam. If you are not comfortable editing WordPress files you might want to have someone that is do it for you, or try some of the other techniques that are available. The sooner you don’t need to worry about dealing with comment spam the sooner you can do what you love, writing great content for your blog!