The free WP Health Check plugin is a relatively new arrival, having been introduced a few months ago by “The WordPress.org community”. It has a remarkably polarized set of user reviews – divided almost exclusively between 5s (“Works great!”) and 1s (“Warning! Broke my site!”). The authors strongly urge to backup your site before installing and using this plugin – always a good idea.
This is my point of view on which popular, free WP plugins are essential for me. Choice of plugins is dependent on the needed functionality as well as personal preference. There is no list of essential plugins that is right for everyone. In general I try to limit my number of plugins, and use only those that I very much need.
That being said, most sites benefit – or would benefit – from some sort of …
Update 2020-08-28: Auto-updates for plugins and themes is now built into WP 5.5 and later.
The vast majority of hacked WordPress sites were compromised due to outdated plugins, themes, or WP core. I need to keep my site updated. But should I update manually, or automatically? If I choose automatic, updates will be more timely but there is always a small chance that an update will break something. If I update manually, I can make a full site backup first, and restore if anything breaks – but I am at more risk of a hack occurring in between my manual updates.
I chose my web host carefully. My sites are hosted on a LiteSpeed web server, so I am able to use the remarkable free LiteSpeed Cache (LSC) plugin. LSC provides much more than just lightning-fast server-side caching. In also includes a suite of optimization tools such as: Database optimization; Image optimization – which seems to be equal to or better than the paid/premium versions of competing plugins; Connection to Cloudflare so I can put CF in development mode or purge the CF cache; and Miscellaneous settings like ‘Remove query strings from static resources’.
Using my two favorite website speed checkers, WebPageTest.org and GiftOfSpeed.com …
Death to WP slider plugins? I find a lot of support for the sentiment among WP experts, for example:
I am fond of the friendly “Howdy, Kenny” greeting at the top right of my WP dashboard. But for sites that allow users to register, I might want to provide a more professional, funnier, or otherwise richer user experience depending on the nature of the site.
As I said in another post, I believe the very popular Wordfence Security plugin to be an excellent security solution for most WP users. Even if Wordfence isn’t the right solution for you, I recommend subscribing to their excellent email list, for timely and informative updates on WP security issues.
My Wordfence quibble: I installed and it and tried it out for awhile, decided in spite of its ample merits it is not for me, deactivated it. I promptly received an email from the Wordfence mother ship, alerting me in somewhat inflammatory language that Wordfence had been deactivated from my site by – my secret admin user name! I keep my admin user name private, and use a public nickname – a minor but sensible security precaution, I think. Wordfence not only harvested my secret admin user name, it reported my admin name to the mother ship, presumably stored it, shared it with – who knows? – and sent it to me in a plain text email. I have no way to know what other private information, if any, Wordfence stole.
