Recommended WordPress Plugins

Here are the plugins I use regularly and the ones I consider to be the best. I recommend them and have used many of these plugins for years. Some are free, some are paid (premium) and some are ones we've written ourselves.

There's also a huge choice of plugins written specifically to enhance Oxygen. I've bought a couple of these and didn't get on with the ones I bought, so abandoned them. The sites I build are pretty straightforward and I haven't found the need to use any premium third party Oxygen plugins so far. If I do, I'll let you know.

Also, be aware that the Oxygen team keep improving the product so some features that I may have been tempted to obtain through third party addons, are no longer required.

Best Premium WordPress Plugins

Advanced Custom Fields

LinkAdvanced Custom Fields Pro
DescriptionUse when you want to control what data is inputted to posts. For example if you are wrting posts about rescue dogs, you may always want to include the dog's name, breed, date of birth, and background history. Advanced custom fields can help to make complex data entry easier for users of the site.

All In One Google Drive Extension

LinkAll-in-One WP Migration Google Drive Extension
DescriptionThis plugin allows me to backup my WordPress sites to Google Drive. I love this plugin. ServMask - the people that developed it, have developed a number of different extensions. I chose to buy the Google Drive extension. I have a huge amount of storage via my Google Workspace account, so using Google Drive for backups made sense. If you prefer another storage facility then you'd buy a different extension. For example they have extensions for Amazon S3, pCloud and more. It has to be used in conjunction with their free plugin.

Best Free WordPress Plugins

All-in-One WP Migration

LinkAll-in-One WP Migration
DescriptionThis plugin will exports WordPress sites including the database, media files, plugins and themes to a file which you can then use to move your site to another location.

Code Snippets

LinkCode Snippets
DescriptionCode Snippets provides the mechanism for you to place all extra Javascript and PHP code snippets that you may need to add to your site. It's convenient and helps you keep your sanity by maintaining all these bits of code in one place.

Enjoy The Article? Leave A Comment

We welcome your comments, but please do not use ALL CAPS when providing your name, email or comment or we cannot guarantee your comment will make it through our comment system. Your email address will not be published.

3 comments on “Recommended WordPress Plugins”

  1. Hi Liz,

    Just wondered if there is a security plugin you would recommend? I have used Wordfence (free version). It seemed good in that I have never had a site hacked. There are many security plugins out there though.

    Your thoughts would be appreciated.


    1. Hi Lesley - this is a really hard question. If you ask 10 people you will get 10 different answers. But here is mine. There is nothing that can prevent a site hack ultimately as someting can will get through at some point, somehow. But you can make the task of hacking a lot more difficult. I don't use WordFence nor any similar plugin.

      Security plugins are typically very late to the party. If a security plugin prevents something, then the hacker or the bad actor has already arrived at your site. He is already in it, or trying to get into it. If theses probes and prods are made constantly (they are), the plugin is doing the security work 24/7, right at the door of your site.

      If your host provides security facilities such as brute force login protection, firewalls etc, then it is more efficient to use those instead of a plugin. Plugins are more compute intensive and you will have already allowed the intruder to get up close to your site before they're challenged.

      So it's important to put something in place way before a hacker reaches your site in order to fend the worst and most persistent attacks off.

      We recommend using CloudFlare which gives you a free web application firewall (WAF) that eliminates a lot of bot and malicious traffic. This way your hosting bandwidth is protected. Using CloudFlare can eliminate most of the traffic that WordFence alone would have to deal with.

      You could use high quality hosting that offers protection built-in, rather than leaving it all for plugins to handle. For example hosting with Gridpane you get significant general security for your websites out of the box. They also provide other options which you can choose to add in addition to those provided by default. Here's a list.

      1. You alway get the most up to date PHP on a new site
      2. You set your own default username and password on a new site
      3. They install the latest version of WordPress on new site builds
      4. They disable directory browsing and system files access is disabled
      5. They automatically block requests to maliciously uploaded PHP files in WordPress directories.
      6. They keep wp-config files hidden and protected.
      7. Security headers are set to ensure vulnerabilities such as cross-site scripting and clickjacking are automatically prevented.
      8. SFTP and SSH access are enforced - so secure server connections. No exceptions.
      9. They limit requests to wp-login.php to 1 hit per second to protect against brute force attacks. They also implement a slightly less strict rate limit on the admin-ajax endpoint.
      10. They provide a web application firewall
      11. They make it easy to achieve website isolation through system users to keep each site isolated from the others. So if one is infected it cannot hurt the others.
      12. They provide Fail2Ban integration both at server and site level.
      13. They provide several web application firewalls that you can choose from.
      14. They provide a malware scanner
      15. You can disable XML RPC which can make your site vulnerable
      16. They supply instructions on site hardening via Nginx
      17. You can implement a content security policy
      18. On server hourly backups, with off-server (say to S3) backcups in beta
      19. A+ Grade SSL certificates

      After that, it's up to you, the webmaster to never use dodgy, badly supported plugins, and to do frequent off server backups. Google Search Console provides a free Security Issues report which will tell you of any malware it finds on your site.

      1. Hi Liz,

        Thanks very much for your thoughts on this. I will look into hosting options.


linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram