We use WordPress because it’s a perfect blank canvas for any website. But out of the box it’s fairly basic.
We start each new site by adding a set of plugins that have proven to work for many of our customers. Without further ado…
1. SMTP Mailer (aka Postman)
By default, WordPress uses our hosting server to send mail. That is find in many cases, but for professional use it’s ideal to use your own mail server, which means for our clients, their Microsoft Exchange account. It’s not a big deal unless your website is generating and sending emails to clients, as an ecommerce site will do. Postman configures WordPress to send all mail from your own account via the SMTP protocol.
2. Yoast SEO
There are only really two main SEO plugins that have stood the test of time and we choose Yoast because it provides the most insight, and guidance, into a site’s SEO performance. We can see at a glance when our pages and posts aren’t setup the way they should be for maximum exposure to search engines. This allows people who are not the web designer to add content with confidence.
3. LiteSpeed Cache
There are a few good cache plugins freely available for WordPress and LS Cache is the one that works best with our hosting environment. You can try that one for yourselves, or give W3 Total Cache.
4. Really Simple SSL
Having a valid security certificate setup on your website is really important these days. Not only is it a non-optional for ecommerce, it lends trust to your content-only site as well. While many web-hosts give SSLs to their customers automatically, WordPress does not automatically use a SSL address. Really Simple SSL ensures that not only your site’s URL, but all locally linked content such as images, resolves to a secure URL. It won’t give you a SSL certificate, but it will make sure your site is setup to work with the one you already have.
While seeing overactive due to the amount it is doing for your website, Wordfence is last but not least. It prevents almost all predictable malicious activity on your site. While the free tier is generously capable, we suggest businesses invest in the premium tier for the most up to date protection.
6. Limit Login Attempts Reloaded
Limit Login Attempts Reloaded will lockout users who use incorrect credentials more than a certain number of times.
Bonus WordPress tips!
- turn of comments in settings if you don’t really want them, you’ll avoid some spam
- Use a username other than “admin” for greater security.
- activate the pre-installed Akismet with a wordpress.com license – it’s an easy process.