
Best WordPress plugins for optimization and security
WordPress is a wonderful tool that helps people across the world build beautiful websites without having to need extensive coding or design knowledge. Though this opens the door for many people that doesn’t mean everything is running 100% right out of the gate. I’m sure many people who started fresh on WordPress or even just website viewers have experienced a sluggish…terribly slow WordPress based website. This can be for many reasons plugin conflicts for example. I’m here to give you a list of the best WordPress plugins out there that will push your site over the edge in terms of performance.
iThemes Security [Free]
A simple plugin that provides security features that many hackers try and exploit on fresh out the box WordPress websites.
- Hiding your back-end
Without any customization all login URLs for WordPress are wp-login.php and hackers know this, so what do you do? This simple lightweight plugin makes it simple to change that URL. This is not the only plugin that has this feature, but it does this and more in one simple plugin which is why for my clients I use this.
- Disabling XML-RPC
If you didn’t know what “XML-RPC” is it’s a feature that allows external services to access and modify content on your site. The keyword here is “external”. Hackers love this feature and exploit this time and time again. Luckily this plugin has a feature that allows you to disable it. Once again this isn’t the only plugin that has this feature, but it’s one of many features that are packed in one light-weight plugin.
Other useful features of iThemes security
- Changing the content directory
- Brute force login protection
- Changing WordPress Salts
and more…
WP Rocket [Paid]
Many people will argue with you about what’s the best caching plugin available and I believe it varies between a lot of different situations but in the overall interface, functions, and simplicity WP rocket wins for me in most situations.
- Cache preloading
Preloading if you haven’t experienced it from a developers standpoint will allow you to reach amazing load times if your content is good for it. The preloading concept is simple for example Page 1 has content on it and that content is saved and cached by WP-rocket so instead of your users reloading the same content time and time again they are instead visiting a saved preloaded cached page. This way it’s extremely quick and fast for your user, saves your bandwidth and CPU usage.
- File optimization
These features should be used with caution and you should always check if all of your website functions work after enabling any of these, but if used correctly you can increase the load time of your site dramatically. From HTML minification, JS minification, DNS prefetching, CSS minification, JS combining and loading deferred. This plugin is packed with features that will push your loading times to a bare minimum if used correctly.
- CDN compatibility
WP Rocket allows you to connect your CDN from various providers to further relieve your host and improve loading speeds even Cloud Flare!
EWWW Image Optimizer [Free/Paid]
Image optimization is one of the many important things when it comes to owning a website running any software. While plenty of options exist for this task Ewww image optimizer gets my vote with the number of amazing features it has to go along with just image optimization.
- Remove Metadata
There’s a ton of different types of metadata that images can have one type is descriptive metadata. This type is mostly added manually through imaging software by the photographer or someone managing the image. It includes the name of the image creator, keywords related to the image, captions, titles, and comments, among many other possibilities. Effective descriptive metadata is what makes images more easily searchable.
- JPG, PNG, GIF, and PDF optimization
You can choose to have EWWW image optimizer manage and optimize all of these file types automatically upon upload. This includes size, dimensions and etc. You can even choose what quality level you would like images to be 1-100.
- Image conversion
JPG to PNG, PNG to JPG, JPG or PNG to WEBP this plugin can handle quite literally nearly all of your image conversion needs. I’m sure some of you ran into the message from google to use more “next-gen” image formats well this plugin will get it done for you. You can simply set all uploads to be forcibly reuploading as WEBPs while deleting the original.
Async JavaScript [Free]
If you’ve ever been interested in improving the speed of your website you’ve run into the messages from various speed testing sites. A few of those messages may have included set certain scripts to “defer” or “async”. This plugin is built to help people easily get that done.
- Async JavaScript
Easily set specific or all scripts on your website to “async”. The best part about this plugin is that you can easily set specific themes or plugins to be excluded. This is just in case certain parts of your site stop working after setting things to async.
- Defer Javascript
Same as Async but defer
Wordfence [Free/Paid]
Wordfence is one of the best plugins for dealing with an already malware-infected site or preventing infection in the first place.
- WordPress Firewall
Wordfence comes equipped with a firewall that identifies and stops malicious traffic. This plugin has shown me show many different ways attackers try to get into your site. With the plugins built-in live traffic tool you’re able to see exactly what they tried to do as the firewall blocks them.
- File scanner
Wordfence has a filer scanner that based on your settings can either perform a deep or slight scan of your website and its files. From bad URLs, backdoors, SEO spam, malicious redirects and code injections Wordfence makes sure your site stays clean.
- Plugin and theme integrity check
Wordfence can check for changes to plugin/theme original source code and alert you of the change and also repairs. This is an amazing and a favorite feature of mine because one way sneaky WordPress hackers infect your site is adding a modified page of code to your theme or plugins for their own gain.
Conclusion
These are some of the main options we use for optimizing our client’s website when applicable, but not the only ones. WordPress is a huge CMS and used by millions of sites worldwide with this many people using it you can imagine the number of plugins available to test out. Our advice to you? Build up your own demo website import a good amount of content and test a wide variety of optimization techniques and see what works best for you.
Honorable mentions
- WP Smush – Image optimization
- W3 Total cache – Caching and minification plugin
- Autoptimize – Caching and minification plugin