The Plugins That Power

6 March 2018: Updating this post to cross out plugins I’m no longer using.

A Blown Up Version of the WordPress Plugin Plug IconI meant to write this post eons ago, but then CSS-Tricks beat me to it and gave me some motivation. I’m going to encourage fellow Seattle WordPressers to do the same, and if any do, I’ll add those to the end of this article.

I hope this gives you a sense of the components I use to build on top of WordPress. I install many of these on almost every site I build.

Note: I’ve appended “[Geek Alert]” to any plugins that are potentially confusing or scary to set up for someone who doesn’t know what they’re doing.

Security, Spam, Performance, & Backups


Akismet blocks comment and form spam, and it’s included in the default download of WordPress for good reason.

BulletProof Security & WordPress Firewall 2 [Geek Alert]

I installed these two at the recommendation of Seattle WordPress security guru, Andrew Villeneuve. They take care of two different kinds of security. BulletProof Security locks down the files that run WordPress while WordPress Firewall 2 blocks malicious site visitors.

Update 11/28/12: Ian Dunn was kind enough to point out that WordPress Firewall 2 is no longer actively maintained. It hit the two-year official abandonment mark one-week before I posted this! Ian—who I trust quite a bit on these sorts of things—recommended Wordfence or Better WP Security. I’ll probably switch to one of those quite soon.

Login Security Solution

I blogged a while back about Limit Login Attempts and why you shouldn’t have a user account with “admin” as its username. Since then, I’ve switched to this plugin at the suggestion of another Seattle WordPresser, Ian Dunn. Login Security Solutions doesn’t just block certain types of malicious login attempts; it also imposes more-stringent password requirements and some additional user-security features. Make sure not to panic when you get your first email with the subject line (I kid you not) “ATTACK HAPPENING TO {Your Site}.”


This is a commercial plugin for which I own a developer’s license. BackupBuddy lets me schedule regular backups, send them to my email and Dropbox accounts, and quickly move or restore my site should anything bad happen. You never know when a site could get hacked or a plugin could explode. BackupBuddy gives me the peace of mind to hit “Update” (after hitting “Upgrade,” that is) and breathe easy.

W3 Total Cache [Geek Alert]

W3 Total Cache does more things than I can list to improve site performance. However, be forewarned that “W3TC” conflicts with a lot of other plugins and takes time, knowledge, and some experimentation to get the full benefits from.


Jetpack gets its own category and follows on the heels of the “foundational” plugins. It’s made by Automattic, the makers of and seeks to facilitate “feature parity” between and self-hosted WordPress. If you haven’t used, they offer extra features like blog email subscriptions and search engine new post notifications.

On this blog, I use the spell checker, comments and subscriptions, the sharing buttons, and a few other “modules.” Other useful modules include Twitter and Facebook widgets, visitor statistics (not as good as Google Analytics), a really nice image “carousel” for showing galleries, and a simple contact form builder for those who don’t want to buy Gravity Forms (see below).


Google Analytics for WordPress

This is a simple plugin that integrates Google Analytics into WordPress. Though I could easily install the script on the site myself, Google Analytics for WordPress adds some really nice extra settings to quickly setup more advanced types of tracking.

Gravity Forms

Gravity Forms builds all the forms on my site (mostly, just the Contact Form), and then takes care of storing the submissions and sending notifications. It’s an amazingly-powerful plugin. Some people even consider it the best commercial plugin for WordPress (if that’s a meaningful designation), and I tend to agree. On other sites, I’ve used Gravity Forms to setup simple PayPal donation forms or even content submission forms.

Killer Content


I have a habit of going off on tangents in my blogs posts. To let me do this but keep the articles on track for readers, I add footnotes to many blog posts. WP-Footnotes works great for this (despite its age), and it’s even better when combined with a “smooth-scrolling” script to take you down and back up the page. Try it! => ((This is a footnote. Click this to go back up. =>))


WP-Testimonials is a simple old plugin I use to manage and display the testimonials you see in the sidebar. To be honest, if I were redoing this site now, I would implement my own custom testimonial management system in a more WordPress-friendly way or find a better plugin, ((I would replicate the testimonials setup using custom post types and a shortcode if you were wondering.))  but this does work.

Cleaner Gallery

Cleaner Gallery is one of the first plugins I ever used. It takes the still sub-optimal gallery output and makes it use a “lightbox”-style script. JetPack’s new “carrousel” gallery display now competes with this, but Cleaner Gallery has earned a right to a shout-out. ((WordPress 3.5 is also completely overhauling the media and gallery management. It’s possible that Cleaner Gallery will simultaneously break and become irrelevant when this is released, but I haven’t actually checked.))

Advanced Custom Fields [Geek Alert]

I recently learned that my friend Grant Landram also loves this plugin! That made me happy.

Advanced Custom Fields requires a lot of technical know-how to make work, but—if you know how— it allows quick creation of complex data-entry forms for large websites. “ACF” was integral to the recently-launched Visit White Center website. Take a look at a couple business profiles and notice all the different pieces of information we individually store about each business. ACF makes it easier to maintain consistent data entry on a complex site and makes more involved and interesting layouts easier to implement.

WordPress SEO

WordPress SEO is the gold-standard of search engine optimization plugins. Even if you have an “SEO” optimized theme, you should ignore all of the settings and use this plugin instead.

SyntaxHighlighter Evolved [Geek Alert]

You only need SyntaxHighlighter Evolved if you want to post code snippets on your website, like I did when showing how to use It lets you do things like this:

[php]<?php echo ‘Hello, World!’; ?>[/php]



Redirection lets me redirect links to my old site to the correct page on the new site. It also tracks how frequently those redirects are used so I can drop them when they become obsolete.

The Flyout Posts Menu with Post Status Menu Items
My “Post Status Menu Items” plugin lets you manage your posts with fewer clicks. Look useful? Check it out!

Post Status Menu Items

Post Status Menu Items is nearest and dearest to my heart because I made it! I track ideas for blog posts, rough drafts, final revisions, and published posts all in WordPress, so being able to quickly see only the articles that are “Pending Review,” for instance, is really nice. It’s a simple plugin, but it saves me a lot of clicks!

My Custom Functions Plugin

On every site I make, I include a “functionality plugin” that makes tweaks to the site that I think should continue to apply to the site even if it gets a new theme. My functionality plugin for this site includes some tweaks to the WYSIWYG editor, general code cleanup, and preventing comments on pages.

Widget Logic [Geek Alert]

I have yet to find a user-friendly plugin that works well to let non-techies limit which widgets appear on which pages. However, Widget Logic allows PHP statements to do that quick easily. For me, that works.

Talk Back

So what plugins do you use? If you’ve got a blog, post them there and then leave a link in the comments. If you think I made the wrong choice or am missing out on the greatest plugin since sliced bread, tell me about it!

2 thoughts on “The Plugins That Power”

  1. Hi Mark- Useful info.. What right now May 2013 are using for wordpress security plugin etc? As a new update on your info plugin post on BulletProof Security & WordPress Firewall 2


    1. Hi Jenny, Great question!

      I’m still using BulletProof security (though the interface is atrocious, still). After using WordFence for a while, I wasn’t really happy with that either. It seemed to be eating a lot of resources and throwing a lot of unnecessary warnings. So, after looking around a lot, I’ll be moving to Sucuri, a paid plugin, in the near future.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.