WordPress powers 30% of the top 10 million websites. It controls more than 60% of the of the CMS platform market share.

Needless to say, it’s a popular solution for running a website. WordPress itself is great; but it’s limited in terms of its built-in functionality.

That’s why plugins exist.

What exactly is a WordPress plugin?

It’s essentially an app for your website.

I love how WordPress is designed to be lean out of the box. This prevents code bloat — your website isn’t dragged down by bulky code for things you don’t need or use. The core of WordPress is simple. You can customize it with plugins.

The core of WordPress is designed to be lean and lightweight, to maximize flexibility and minimize code bloat. Plugins then offer custom functions and features so that each user can tailor their site to their specific needs.— WordPress Codex

Installing a plugin to your WordPress site provides you with advanced features that aren’t available with the bare bones version of WordPress.

Where can you get a plugin? There are a number of places, but the primary source is the Official WordPress Plugins Repository.

In-Depth Reviews of the Best WordPress Plugins in 13 Categories

In the official repo you’ll find a plugin for nearly every feature you can imagine. Actually, there are hundreds of plugins for each specific function. As a matter of fact, there are more than 54,300 WordPress plugins. It’s an overwhelming number to say the least.

That’s why I took the time to identify the best WordPress plugins for the most popular categories. I’ve already created extensive guides for each one of these 13 categories. Every guide contains a list of the best WordPress plugins in each segment. And if you’re after something specific, you should check out that post — many of plugins I recommend are for particular use cases.

This my the complete list of my in-depth plugin reviews for…

• SEO
• Google Analytics
• Backups
• Caching
• Security
• Forms
• Popups
• Galleries
• Social media
• Calendar
• Membership sites
• Directory
• Booking

The Best of the Best WordPress Plugins

Each of those posts reviews multiple plugins in each category. But most people don’t need to go that deep. That’s why I made this best of the best list. This is a resource to identify the top must-have plugin for each category.

The plugins on this list are not the niche options; these are the plugins that will appeal to the masses. They’re the WordPress plugins I’d recommend broadly.

Best SEO Plugin for WordPress — Yoast SEO

There are hundreds of WordPress plugins that will help improve your SEO strategy, but one stands above the rest.

Yoast SEO

Yoast SEO is an all-in-one solution for your WordPress SEO needs. With more than five million active installations, it’s one of the most popular WordPress plugins on the market. I’m not saying you should always follow the crowd, but a number that big is a great indication of quality.

Why I like it:

• Create and manage XML sitemaps without having to code on your own
• Identify and avoid duplicate content on your website
• Comes standard with templates for meta-descriptions and titles

Cost: Free; $89 per year for premium

Best Google Analytics Plugin for WordPress — MonsterInsights

Google Analytics gives you in-depth knowledge and insights about your website traffic. By installing a plugin, you can have access to all of your Google Analytics reports without leaving your WordPress dashboard.

MonsterInsights is the best WordPress plugin for Google Analytics. This plugin lets you add your Google Analytics code to your website without any manual coding required. It’s advanced and versatile enough to handle analytics for all websites, including ecommerce shops. No wonder it has two million active installations.

Why I like it:

• Detailed reports about your audience and their behavior on your website
• Helps ecommerce sites track KPIs like conversion rates and average order value
• Identifies your best content and top performing landing pages

Cost: $99.50 for a basic website, $199.50 for ecommerce sites, and $499.50 for agencies and developers — all plans billed annually

Best Membership Plugin for WordPress — MemberPress

The whole concept behind a membership website is to drive recurring revenue with a subscription business model. You can offer premium features and content to your paid members. In order to set this up, you’ll need to install a plugin to manage memberships and payments on your WordPress site.

MemberPress is the best plugin for this category because it makes it easy for you to convert your existing website into a membership site, without having to start from scratch. All you have to do is add the details of your payment gateway and set up your products and content in a members only area.

Why I like it:

• It supports payment gateways like PayPal and Stripe
• Integrates with your email marketing software
• Comes with pricing page templates for membership options

Cost: $129 per year for Basic, $249 per year for Plus, and $349 per year for Pro

Best WordPress Backup Plugin — VaultPress

In the event of a crash or malicious attack on your website, a backup plugin will be there to restore your content and minimize downtime. It will also act as a fail-safe against human error on your WordPress dashboard.

We’ve been using VaultPress here on Quick Sprout since 2011. So naturally, I think it’s the best WordPress backup plugin, or else I’d switch to something else. It’s so easy for you to set up and automatically back up your website content. You don’t need to be a tech wizard to use this plugin.

Why I like it:

• Great for site migrations, restores, and file repairs
• The calendar view allows you to locate and restore content from old backups
• Built-in file scanning and spam defense helps reduce chances of malware, viruses, spam, or a malicious attack

Cost: Plans range from $39 to $299 per year

Best WordPress Cache Plugin — WP Rocket

Adding a cache plugin to your website will help you speed up your page loading times. Out of more than 900 cache plugins available, one stands out as the best.

The WP Rocket WordPress plugin is extremely versatile. It’s simple enough for beginners to figure it out, but has advanced features that can meet the needs of developers with more technical experience.

Why I like it:

• Quick setup and simple navigation
• Image on request feature (images are only loaded when the scroll depth is reached)
• Minifies JavaScript, CSS, and HTML files to speed up loading times

Cost: $49 per year for one website, $99 per year for three websites, and $249 per year for unlimited websites

Best WordPress Security Plugin — WordFence Security

Roughly 90,000 websites get hacked every day — 83% of those websites use WordPress. Clearly, security needs to be at the top of your priority list. You can install a WordPress plugin to help beef up your website security.

More than two million WordPress websites are currently using the WordFence Security plugin as a security solution. The plugin fights against malware, spam, and other threats in real time. It’s a great option for those of you who don’t have a background in IT or cybersecurity. You’ll still be able to secure your website with WordFence Security.

Why I like it:

• Block attacks from specific regions that are known for cybercrime
• See trends and reports about any attempted hacks on your website
• Firewall blocks and brute force attack protection comes standard

Cost: Free; premium version starts at $99 per year with other add-ons available for purchase

Best Form Plugin for WordPress — Ninja Forms

Website forms are crucial for collecting information. It’s the best way to get your website visitors to sign up for something, like your email subscription list.

Ninja Forms is great because of its seamless integration into your WordPress dashboard. Once you have this plugin installed, you can create your first form in just minutes. That’s why it’s no surprise that more than one million websites use Ninja Forms.

Why I like it:

• Can integrate with your email marketing software
• Collect payments with Stripe, PayPal Express, and Elavon
• Export and analyze the data that’s submitted through forms

Cost: Free; $99 per year for Personal, $199 per year for Professional, $499 per year for Agency. Add-ons range from $29 to $129 per year.

Best WordPress Gallery Plugin — NextGEN Gallery

WordPress has a basic image gallery. However, I wouldn’t recommend using it because it’s so limited. For truly improving the visual appeal of your website, you’ll need something extra. A gallery plugin is ideal.

NextGEN Gallery is one of the best WordPress plugins because you’ll have so many different gallery options to choose from. Other plugins just give you a couple of basic templates for adding images. It’s a great option for photographers and artists.

Why I like it:

• Customize slideshows with effects, transitions, and timing
• Add watermarks and hotlink protection to your images
• Ecommerce integration for selling images on your site

Cost: Free; paid versions available for $79, $99, and $139 per year

Best Social Media WordPress Plugin — Super Socializer

Your website needs to be integrated with your social media profiles. Otherwise, you’re not maximizing the potential of your social media. WordPress plugins can help you increase the exposure of your website content on social media.

There are so many social media WordPress plugins designed for specific features. But Super Socializer is more of an all-in-one solution. So if you don’t want to install multiple social media plugins, I’d definitely recommend Super Socializer.

Why I like it:

• Site visitors can use their social login information to create an account on your website
• Add social sharing icons to your pages
• You can get more blog comments by enabling social comments

Cost: Free

Best WordPress Calendar Plugin — EventON

Every business needs to stay organized. Calendar plugins can help you manage events, tasks, and bookings on your website. Some of these plugins are more advanced than others, but overall, there’s one that shines above the rest.

EventON allows you to create calendars that will “wow” your website visitors. We’ve all seen websites with boring calendars that look like they were designed a decade ago without any updates. That definitely isn’t be the case here. EventON has modern designs that are visually appealing and fully functional.

Why I like it:

• It can manage events lasting for multiple days, weeks, or months at a time
• Add images to your event listings and integrate them with Google Maps
• Sell event tickets with Woocommerce support

Cost: $24; add-ons sold separately

Best WordPress Directory Plugin — Directories Pro

Directories are extremely versatile. Whether you want to add a directory to your site for internal purposes or create a global platform of business directories, the right WordPress plugin can help you meet those needs.

No matter what type of directory you want to add to your website, the Directories Pro WordPress plugin will make it possible. This plugin is highly responsive and uses caching to boost your website’s performance. Make sure to enable reviews for your directory to enhance the content. You can even integrate listings with Google Maps.

Why I like it:

• Drag-and-drop editor makes it easy for you to customize the directory without coding
• Include an option for websites to claim their listing in your directory
• Add paid listings to your directory

Cost: $39

Best WordPress Popup Plugin — Layered Popups

Do you want to add popups to your website? Popups can be great for getting email subscribers, driving downloads, generating sales, or enticing other actions on your website. Regardless of your intention, you’ll need a WordPress plugin to make it work.

Layered Popups is great because you can create popups that are visually appealing, so you have a chance to get creative. These popups will clearly stand out to your website visitors. It’s a chance for you to make unique popups compared to what people are used to seeing on other websites.

Why I like it:

• Integrates with 56 of the most popular email marketing platforms
• Run A/B tests to fully optimize the performance of each popup
• Multiple options for triggering popups (such as exit intent or scrolling depth)

Cost: $21

Best WordPress Booking Plugin — Bookly

Booking plugins are necessary for any website that takes appointments or reservations. Online booking systems will optimize your process on the back end while simultaneously improving the customer experience. If you’re not allowing online bookings, you’re ignoring the preferences of the majority of your customers — 70% of people prefer to book appointments online with service providers.

Bookly has a sleek and modern design on both the frontend and backend. Booking options are completely customizable and fully responsive. You’ll definitely want to install Bookly if you’d like to take your customers through a quick and easy booking process.

Why I like it:

• Custom pricing and availability for different employees (such as trainers at a gym)
• Option to process payments or collect deposits at the time of booking
• Customers can set up recurring appointments or get added to a waiting list

Cost: $89; add-ons sold separately

Conclusion: What’s the best WordPress plugin?

These are the best overall options for each of the essential categories. Keep in mind, I identified these as the best because they appeal to the widest possible audience. Some of you may want plugins that have more specific features and functionality within each category.

For example, you might want an SEO plugin that specifically helps you identify relevant keywords while you’re blogging. Or maybe you want a social media plugin that just adds your Instagram feed to your website.

Do you want a Google Analytics WordPress that’s made for tracking specific events on your website? There’s a plugin for that too.

There are caching plugins that are better for things like the cloning and migrating content between servers. The list goes on and on.

So I’d definitely recommend reviewing the individual guides for each category as well. That way you’ll know for sure that you’re installing a plugin that meets your specific needs.

More WordPress Plugin Guides

• Best SEO Plugins for WordPress
• Best Google Analytics Plugins for WordPress
• Best Membership Plugins for WordPress
• Best WordPress Backup Plugin
• Best WordPress Cache Plugin
• Best WordPress Security Plugin
• Best Form Plugin WordPress
• Best WordPress Gallery Plugin
• Best Social Media WordPress Plugin
• Best WordPress Calendar Plugin
• Best WordPress Directory Plugin
• Best WordPress Popup Plugin
• Best WordPress Booking Plugin

Source link

Your website is at risk.

I’m not saying this to try and scare you, but that’s the reality of the world we live in. More than 50,000 websites get hacked each day.

You can’t have the “it won’t happen to me” mentality. I encounter businesses all the time who feel this way. They think hackers have bigger fish to fry and don’t have any reason to target their website. That’s simply not the case. In fact, 43% of cyber crimes are against small businesses.

Roughly 54% of companies worldwide say they have experienced at least one attack within the last year. Just 38% of businesses say they’re prepared to handle cyber attacks.

I don’t have a magic crystal ball or some way to see into the future, but my gut tells me that cyber criminals aren’t going to just wake up one day and decide to stop hacking websites. So you need to take steps to improve your website security.

That’s what inspired me to write this guide. I’ll show you what needs to be done to secure your website today, in 2019.

Common website security threats

There isn’t just one way that websites get attacked. So before we proceed, I want to give you a brief overview of some of the most common threats to your website security. These are the things that you’ll want to avoid and be prepared for when taking security measures.

Spam

Usually, we perceive spam as something annoying. We all get spam emails delivered to our inbox or see the occasional spam popup when we’re browsing online.

However, sometimes spam is more malicious. Spam in the form of comments is extremely common on websites. Bots can hammer the comments section of your website with links to another site as an attempt to build backlinks.

While those types of comments are annoying and don’t look good on your website, they aren’t always damaging. But, some of those links might contain malware, which can harm your website visitors if they click on them.

Furthermore, Google’s crawlers can often detect malicious URLs and penalize your website for hosting spam. This will crush your SEO ranking.

Viruses and malware

For those of you who don’t know, malware stands for “malicious software.” So malware and viruses are essentially the same thing. Malware is arguably the biggest threat to your website. As much as 230,000 malware samples are created each day.

According to Statista, these are the most common types of malware used in cyber attacks across the world:

As you can see, malware comes in all different shapes and sizes. That’s why it’s such a big threat to your website.

These types of viruses are often used to access private data or use server resources. Criminals also use malware to make money with ads or affiliate links by hacking your website permissions.

With malware, both you and your website visitors are at risk. Someone visiting your site could click a link that downloads a malicious file onto their computer. It’s your job to keep your website secure and prevent that from happening.

WHOIS domain registration

Buying a domain name is like buying a house. The company that sells the house must know who they’re selling to and be able to contact them. This becomes public record.

The same goes for buying a website. Depending on the country you’re in, you’ll be required to release some information about yourself that’s recorded on WHOIS data. Outside of your personal information, this also contains information about your URL nameservers.

Hackers can use this information to narrow down the location of the server that you’re using. They can use this as a gateway to access your web server.

DDoS attacks

DDoS attacks deny access to users trying to visit a specific website. Basically, the hacker uses spoof IP addresses to overload servers with traffic. This essentially takes the website offline.

Now the host needs to scramble to get the server back up and running as fast as possible, which leaves the server vulnerable for malware.

Search engine blacklists

Technically, this isn’t a security threat. However, if your website isn’t properly secured, it can impact your SEO rankings.

According to a recent study, 74% of hacked websites were attacked for SEO reasons.

I briefly mentioned this earlier when we were discussing spam comments. If search engines detect malicious content on your website, your SEO ranking will suffer.

If lots of users are reporting your site as spam or unsafe, you could be added to a search engine blacklist. Once you’re on that list, it’s extremely difficult to get off.

How to keep your website safe

Now that you’re familiar with some of the most common security threats, it’s time to prevent them from happening.

You can’t just assume that your website is secure. If you haven’t done anything to beef up the security, it’s probably vulnerable for attacks. These are the steps you need to take to improve your website security in 2019.

Use HTTPS protocol

If your website isn’t currently using HTTPS protocol, it needs to jump to the top of your priority list. This essentially tells your website visitors that they’re interacting with the proper server and nothing else can alter or intercept the content they’re viewing.

Without HTTPS a hacker can change information on the page to gather personal information from your site visitors. For example, they could steal login information and passwords from users.

HTTPS protocol will also improve your search ranking. Google is rewarding websites that use this security measure.

This is comforting to people who visit your website as well. When they visit your site, they’ll see this next to the URL:

It’s secure and trustworthy. Now, compare it to a site that’s not using HTTPS protocol. The URL in the web browser will look like this:

Do you feel safe when you’re browsing on a website and see this? I don’t.

Furthermore, you can improve this security measure even more by combining your HTTPS with an SSL (secure sockets layer) certificate. This is required for ecommerce websites since users are submitting sensitive information like credit card numbers, names, and addresses.

While SSL certificates don’t necessarily prevent an attack or distribution of malware, it encrypts the communication between the server and the user’s web browser. Even if you’re not selling anything on your website, I strongly recommend using HTTPS protocol and adding an SSL certificate to add security.

Update your software

Any software you’re using on your website needs to be kept up to date. You need to update WordPress software, plugins, CMS, and anything else that requires an update.

Why?

In addition to fixing bugs or glitches, software updates typically come with security improvements. No software is perfect. Hackers will always be looking for ways to take advantage of their vulnerabilities.

Lots of cyber attacks are automated. Criminals use bots to just scan websites that are vulnerable. So, if you’re not staying up to date on the latest software versions, it will be easy for hackers to identify your site before you can do anything about it.

Choose a safe web hosting plan

In theory, if your web hosting provider has security on its servers, you’ll benefit from those same levels of protection. However, that’s not always the case.

Going with a shared hosting plan might be appealing because of the price, but it’s not the most secure choice you can make. As the name implies, you’re sharing servers with other websites if you choose this type of hosting plan.

If one of those other sites gets attacked, a hacker can gain access to the server that you’re using as well. I’m not trying to steer you away from a shared hosting plan, but if you want to boost your website security, you’ll be better off with another option.

Check out my list of the best web hosting services, which can help guide you in the right direction.

Change your password

Change your password! I can’t stress this enough.

All too often I speak to people who have the same password for everything they own, and it’s something they’ve been using since they were in college ten years ago.

Here’s the problem. Let’s say you’re a foodie. So you have an account with a popular restaurant review website that requires your email address and password to write reviews. If that platform gets compromised, hackers have access to your username and password. If they find out you own a certain website, they can try that same password and login to your administrative settings.

Shockingly, 25% of passwords can be hacked in just three seconds.

The information from this graph was obtained using an open source software called John the Ripper. Anyone can use this tool to crack passwords.

If software like this can figure out 53% of passwords in just two hours, I can promise you that the best hackers are cracking passwords even faster.

That’s why you need to constantly update your password. You can use a password manager like 1Password to help you generate long passwords with special characters that are nearly impossible to solve.

Furthermore, you should pick a web host that’s using two-factor authentication. This will add an extra layer of security for password protection. If your web host doesn’t offer this, there are other ways for you to enable it on your own using apps or third parties.

Secure your personal computer

Don’t allow your own devices to threaten your website.

There is malware out there injects malicious files into websites by stealing FTP logins. It’s easier for a hacker to accomplish this if they target your personal computer as a gateway into your website. So make sure your computer has antivirus software. Surprised that antivirus software is still a thing — it’s especially important if you use a PC or are downloading files online. You might unintentionally install malware onto your machine without knowing it.

The last thing you want is to be careless while you’re browsing online and have that mistake end up hurting your own website. Scan your machine on a regular basis.

Use tools to monitor your security

You can’t manually prevent attacks on your website. Instead, look for online tools and resources that will monitor your site’s security for you. I highly recommend looking at my guide on the best WordPress security plugins.

The plugins on this list add a firewall to your website while simultaneously fighting malware, spam, and other threats in real time. You can run security audits that will highlight your vulnerabilities so you can take preventative measures to stop an attack before it happens.

Limit user access

Don’t blame yourself, but 95% of cyber security attacks are the result of human error.

The best way to prevent this is to limit the number of humans who can make an error. Not every employee of your business should have access to your website.

If you’re hiring an outside consultant, designer, or guest blogger, don’t automatically give those people access to change settings on your website. Implement the principle of least privilege, also known as the principle of least authority or minimal privilege.

Let’s say you assign a project to someone that requires a certain level of access to your website. By applying this principle, you only give them access for the time it takes them to complete the task. Once complete, the person goes back to their regular access abilities.

Make sure each user has their own login credentials. If multiple people are sharing a username and password, it doesn’t give them any accountability. Your team is much more likely to be careful with sensitive information if an error or change can be traced back to them.

Backup your website

When it comes to securing your website, you should always prepare for the worst. Obviously, you never want to be in a situation where your website is compromised. But in the event that something goes wrong, your life will be much easier if your content is completely backed up.

So try using a backup plugin, like BackupBuddy, to make sure you don’t lose anything on your website as the result of an attack.

BackupBuddy is one of the five best WordPress backup plugins that I reviewed for this year. So check out the full list to see which option is best for your situation.

Some of these backup plugins also come with built-in security measures as well, which can help you prevent an attack.

Adjust your default CMS settings

As I said before, so many attacks these days are automated. Hackers program bots to find sites with default settings. This way they can target a wider range of websites and gain access using the same type of malware or virus. Don’t make it so easy on them.

Once you install your CMS, make sure you change some of the default settings:

• Comments settings
• User controls
• Visibility of information
• File permissions

These are all examples of some of the settings that you can change quickly and right away.

Restrict file uploads

Letting website visitors upload files to your website can be risky. That’s because any file could potentially contain a script that exploits vulnerabilities on your website when it’s executed on the server.

In some instances, the nature of your website might require file uploads. For example, you may want users to add photos of your products when they’re writing a review. In this case, you should still treat all uploads as a potential threat.

You could also set it up so that any files that get uploaded are stored in a folder or database in another location. You can create a script that will fetch those files from a private and remote location to deliver them to a browser.

This will require some coding and is a bit complex to set up, so I won’t go into too much detail on this right now. The simple solution is to avoid file uploads altogether, or at least restrict the types of files that can be uploaded to your site.

Conclusion

Website security needs to be one of your top priorities.

If you haven’t taken any steps to secure your website, you’re currently at risk while you’re reading this.

It’s nearly impossible for any website to be 100% safe and secure — hackers are always going to find new ways to attack websites and steal information. But you can make this difficult on them by taking the security measures that I’ve outlined above.

At the end of the day, if cyber criminals are having a tough time hacking a website, they’ll just move on to other sites that haven’t implemented the website security tactics that we talked about. You don’t want your website on that list.

Source link