Last updated on September 3rd, 2024 at 05:45 pm
WordPress security and performance plugins are such a big topic.
There are so many opinions online suggesting what you should use, and now, mine is one of them, lol.
Note: If the topic of WordPress maintenance is still foreign to you, check out WordPress = Prime target for cyber attacks? & What to do about it? and Secure website = Eco-friendly website? | Environmental benefits of keeping your site secure. And you will understand why web maintenance matters, especially for self-hosted WordPress sites.
I understand it can be difficult to pick one plugin over another because every website is unique. But knowing that you can always change your mind will give you more freedom to experiment with the plugins you’re eyeing and either keep them or remove them later.
Let me share with you the plugins (free and paid) I use for my WordPress sites and my clients’ that help improve the site’s speed, security, and sustainability—combined with regular maintenance, of course. Without a maintenance routine, they wouldn’t work in your favor much.
[Read about how I use these tools in My *SIMPLE* web maintenance routine: less than 30 mins/week (if no errors)]
I’ll also share the price, where to get them, and resources to configure them for your site.
For added security layers, scanning, and monitoring:
Tool#1: WP Umbrella – a game-changer tool that lets me manage and do web maintenance for multiple websites in one place. I use it to update plugins, themes, and WordPress core, clear cache, scan the sites for vulnerabilities, and monitor site performance. If you manage multiple websites, I highly recommend WP Umbrella. It saves you so much maintenance time.
- Price: 14-day free trial and then $1.99/site/month
- Plugin website: https://wp-umbrella.com/
- Download plugin from repo: https://wordpress.org/plugins/wp-health/
- Tutorial: Getting Started with WP Umbrella: A Comprehensive Guide
Note: Although WP Umbrella has a site backup function, for me, it seems to take forever to create one backup. That’s why I stick with UpdraftPlus (Tool #5) for backing up the sites.
Tool#2: Patchstack – a tool that detects vulnerabilities in plugins, themes, and WordPress core and patches them before letting them compromise your site’s security. You can also monitor and patch multiple sites all in one place.
- Price: Free to use as a detector for vulnerabilities and pay to get them patched for $5/site/month
- Plugin website: https://patchstack.com/
- Download plugin from repo: https://wordpress.org/plugins/patchstack/
- Tutorial: Patchstack Introduction
Tool#3: Sucuri – I use a free version of this tool to help check whenever WordPress core files are modified or a new file is injected in my database. The plugin also offers other full-on security features such as security activity auditing, remote malware scanning, website firewall (paid), etc.
- Price: free to use as a vulnerability detector. Pay to get them patched for $5/site/month
- Plugin website: https://sucuri.net/
- Download plugin from repo: https://wordpress.org/plugins/sucuri-scanner/
- Tutorial: How to Use the WordPress Security Plugin
Tool#4: WPS Hide Login – I use this plugin to hide the login page on all my sites and clients’. You can simply create a custom login URL e.g. “/redcarpet” to replace the default, easy-to-guess “/wp-login.php”.
- Price: Free to use.
- Plugin developer website: https://www.wpserveur.net/
- Download plugin from repo: https://wordpress.org/plugins/wps-hide-login/
- Tutorial: How to Use WPS Hide Login to Protect the WordPress Admin Page
For backing up:
Tool#5: UpdraftPlus – an easy-to-use backup tool that can make a backup of your WordPress files and database. You can also select if you want to transfer the backups to your remote storage or keep them on your server.
- Price: Free to use. I use only the free version. Advanced features available in the premium version (starting at $70/maximum 2 sites/year).
- Plugin website: https://updraftplus.com/
- Download plugin from repo: https://wordpress.org/plugins/wps-hide-login/
- Tutorial: How to backup your WordPress site with UpdraftPlus
Tool: WP Umbrella – If WP Umbrella’s backup function works well for you (doesn’t take forever to build a backup), you don’t need UpdraftPlus. Using this plugin to back up your site along with other security and maintenance features is a good way to keep your site lean.
For file caching:
Caching plugins help reduce page load time tremendously by serving data from previously stored memory. Watch this video to get a simple explanation of what caching is and how it works.
Before choosing a caching plugin, you should understand what type of web server your web host uses for your site.
In the past, I used W3 Total Cache on all the sites I managed. One day, I discovered that it didn’t improve one of my client’s site speeds, no matter how I configured it. Eventually, I reached out to the web host support team and learned that the server uses a different caching technology that requires a different caching plugin. Therefore, I switched to LiteSpeed Cache. Her site speed instantly became blazing fast.
To check what web server your site is using, on the WordPress dashboard > Tools > Site Health > Info Tab > Server > Web server.
Tool#6: W3 Total Cache – is recommended if your site is hosted on Apache or Nginx.
- Price: Free to use. I found that a free version is enough for my website. Advanced features available in the pro version (starting at $99/site/year).
- Plugin website: https://www.boldgrid.com/w3-total-cache/
- Download plugin from repo: https://wordpress.org/plugins/w3-total-cache/
- Tutorial: How to Configure W3 Total Cache Settings for Your WordPress Site
Tool#7: LiteSpeed Cache – is recommended if your website is hosted on a LiteSpeed server.
- Price: Free to use.
- Plugin website: https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration
- Download plugin from repo: https://wordpress.org/plugins/litespeed-cache/
- Tutorial: The Beginner’s Guide to LiteSpeed Cache for WordPress
For optimizing database:
Tool#8: WP-Optimize – a plugin I use once in a while to optimize the database and bulk clean post revisions, trash posts, etc. Once I completed the tasks, I removed it.
- Price: Free to use. Since I use it for a few operations, the free version is more than enough for me. Advanced features available in the premium version (starting at $49/maximum 2 sites/year).
- Plugin website: https://getwpo.com/
- Download plugin from repo: https://wordpress.org/plugins/wp-optimize/
- Tutorial: WP-Optimize Plugin: How To Use It (Complete Settings)
For optimizing images:
Tool: LiteSpeed Cache – Besides caching functionality, it offers a superior-level image optimization by replacing original images with the WebP version for free. WebP image file sizes are much smaller than PNG or JPG. As a result, they load faster and take up less space. This is why I now use this tool for both caching and image optimization to reduce plugin redundancy on some of my websites.
- Price: Free to use.
- Plugin website: https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration
- Download plugin from repo: https://wordpress.org/plugins/litespeed-cache/
- Tutorial: Image Optimization from LiteSpeed Documentation
Tool#9: Smush – I have used Smush on my sites and clients’ sites for several years before switching to LiteSpeed Cache (for the sites compatible with LiteSpeed Cache). I still use Smush on some of my client sites. Although it doesn’t offer a WebP image version for free, it’s still a solid image optimizer that is amazing at compressing and lazy-loading images.
- Price: Free to use. I use only the free version. Advanced features available in the premium version (starting at $3/site/month).
- Plugin website: https://wpmudev.com/project/wp-smush-pro/
- Download plugin from repo: https://wordpress.org/plugins/wp-smushit/
- Tutorial: How to Optimize and Compress Images in WordPress
For optimizing content:
Tool#10: Yoast SEO – Honestly, SEO work is always a beast to master. But setting fundamental SEO practices for each blog post and the entire site is always better than doing nothing. I use Yoast to set a focus keyphrase, and meta descriptions, and improve keyword usage on blog posts whenever I can.
- Price: Free to use. I use only the free version. Advanced features available in the premium version (starting at $99/site/year).
- Plugin website: https://yoast.com/wordpress/plugins/seo/
- Download plugin from repo: https://wordpress.org/plugins/wordpress-seo/
- Tutorial: The beginner’s guide to Yoast SEO
For blocking spam:
Tool#11: Akismet – If your site needs a comment section for your readers to engage with your content, use Akismet to filter out spam. But if your site doesn’t need a comment section, turn off the comment function, and remove Akismet from your site.
- Price: Pay as little as you want for personal use. Advanced features available in the premium version (starting at $9.95/site/month).
- Plugin website: https://akismet.com/
- Download plugin from repo: https://wordpress.org/plugins/akismet/
- Tutorial: How do I activate the Akismet plugin?
Tool#12: Advanced Google reCAPTCHA – A Google spam blocking service you can use on your login page, registration page, and comment form. It has a way of differentiating human and bot interactions and allows only legitimate interactions to be submitted.
- Price: Free to use. I use only the free version. Advanced features available in the premium version (starting at $49/site/year).
- Plugin website: https://getwpcaptcha.com/
- Download plugin from repo: https://wordpress.org/plugins/advanced-google-recaptcha/
- Tutorials (from my blog): reCAPTCHA 101 & How to set it up for Contact Form 7 and How to add reCAPTCHA to the login page and the comment form
For easy access to web files on the Dashboard:
Tool#13: WP File Manager – This tool saves you time from having to access your web files through the web host or FTP. You can directly go to your file from the WordPress dashboard. If you disable file editing from the dashboard, you can only view the files. Otherwise, you can both view and edit them from there.
- Price: Free to use. I use only the free version. Advanced features available in the premium version (starting at $25/site/lifetime).
- Plugin website: https://filemanagerpro.io/
- Download plugin from repo: https://wordpress.org/plugins/wp-file-manager/
- Tutorial: How to Set Up File Manager in WordPress
Lastly…
It’s important to learn how to configure these plugins properly to make sure they integrate well with your site and improve its speed and security. Fast and secure websites are a good sign of a well-maintained and well-optimized site. As a result, your site becomes more sustainable.
Have you tried any tools I mentioned here? What’s your favorite? Let me know!