There are 59,592 plugins listed on WordPress.org at the moment of writing this blog post. That is a lot to sift through! This is the unordered, non-exhaustive list of my favourite plugins that I use as a developer just about every day, and maybe you’ll find them useful too — at the very least this will save you some time searching through a lot of defunct, irrelevant and poorly maintained plugins. I’m a huge fan of open-source software, so all plugins on this list are free to use or have a free version.
1. FakerPress by Gustavo Bordoni
FakerPress is great for when you just need to populate a staging or local environment with fake posts and content for testing purposes. You can even fake users (which can be used with the User Switching plugin). It will also download and set featured images for you. The best part is when you are all done or need to reset the data, you can bulk delete anything that was generated by FakerPress.
2. Instant Images by Darren Cooney
Instead of using the same boring placeholder images over and over again during development, give Instant Images a go. You can import free & royalty-free images directly from Unsplash into the media library. It even fills out the title, caption and alt text for you (English only). I use this primarily for development, but there's no reason why it couldn't be used in production either. Having relevant images at your fingertips helps the client (and yourself) visualize what the site could look like on a staging site or save you the hassle of having to search for relevant images in another tab in your browser.
3. WP Mail SMTP by WP Mail SMTP
Sometimes you need to get email working in your dev environments without the headache of setting up PHP’s mailer. WP Mail makes setting up email a straightforward process with its wizard. I like to use Mailtrap.io for email testing. A single testing inbox is free and works with WP Mail with the SMTP settings. Using this plugin will ensure that emails sent from your site, such as password resets, will be delivered.
4. FileBird by Ninja Team
This plugin creates folders/tags within the native media library. It has a beautiful UI and is extremely useful for keeping your media library organized, especially when you have a lot of files. It doesn’t alter the uploads directory either, so if you do decide to remove it, it won’t leave a mess. While this is handy during testing, it's also nice to have in production as well.
5. User Switching by John Blackbourn & contributors
If you are working on any kind of membership site or a site that has multiple users and roles, I strongly suggest using this plugin to test what the various users on your site can access and see. You can easily "switch" to appear logged in as different users on your site. I would not recommend this plugin be installed in a production environment, but it's certainly handy during testing.
6. WP Help by Mark Jaquith
Add some documentation right into the admin dashboard. Useful for keeping documentation for yourself, or helpful notes for the admins of the site. The only downside is that the documentation is stored in the database, making it difficult to migrate the documentation only from one site to another or commit it to a repository. (This is a bit of annoyance for me as I tend to use the same documentation over and over again with slight tweaks.) There is a feature to link documentation, and all changes made from the source will be mirrored on any linked sites which is handy for multisites. Barring that, it's a lifesaver for fielding potential questions from clients.
7. Password Protected by WPExperts
Does your host not allow basic auth or make it difficult to set up? Try Password Protected. This sets up basic auth for your WordPress site in minutes. You may even add IPs to an allow list so that you are not constantly pestered by the password prompt. This plugin was recommended to me by Pressable, and it's now part of my developer arsenal.
8. Query Monitor by John Blackbourn
If you need to pull back the curtain and see what WordPress is doing in the background or want to improve the performance of your queries, try Query Monitor. It will give you an overwhelming amount of query data that can be used to fine-tune or debug your queries. This plugin hooks deeply into WordPress, so make sure you disable it in production.
9. Debug Bar by wordpress.org
This plugin adds debugging information right to your admin bar so you can quickly see logs for queries, caches, and other useful debugging info. Query Monitor can be overwhelming at times, however, this plugin is a bit more manageable. I would also recommend that this plugin not be used in production environments.
10. Advanced Custom Fields by WP Engine
ACF is an essential plugin if you want to add custom fields to the CMS quickly and with ease. There is a free version of this plugin, but I would recommend getting a license, as it unlocks considerably more features, including the ability to build blocks without any React knowledge. It has a host of useful functions and filters that can be leveraged to make overall WordPress development less of a headache. I’m particularly fond of the get_field()
and acf_slugify()
helper functions. It’s a powerhouse of a plugin.
11. Limit Login Attempts Reloaded By Limit Login Attempts Reloaded
You’ve put a lot of work into your new site, you put it live and bask in its glory. Wouldn’t it be a shame if something happened to it? It doesn’t take long at all before some bot or hacker tries to brute force their way into your backend. This is a simple plugin that will block multiple attempts to log into your admin area. By default, any more than 3 attempts, and that IP will be blocked for 20 mins from trying to log into your site. That’s usually enough to stop a hacker in their tracks, as most are looking for easy targets, especially fresh installs. There is a pro version that allows you to do things like block IPs from entire countries, but the base version does a pretty good job with basic features.
12. SMNTCS Disable REST API User Endpoints by Niels Lange
Now with security in mind, did you know how easy for someone to find a list of every single user on your site? Very easy, just hit this endpoint on your WordPress site /wp-json/wp/v2/users
, and you’ll get the whole list, and that’s how hackers can probably deduce which user is an admin, and which accounts to target. This lightweight plugin disables that endpoint, so as long as you don’t need it for anything else, you can rest easy knowing that you’ve given potential nere-do-wells one more obstacle to deal with. There are ways to disable this with code, but this plugin is handy for the no-code approach.
Update Oct 11, 2024: ACF download link has been updated, as it is no longer in the wordpress.org plugin directory due to the ongoing dispute.
Top comments (4)
Around 60,000 plugins are available for the users currently. The list you share cover most of the aspects in enhancing the performance and security for your WordPress website. Though, many users do not understand that many of the plugins effect your site performance too, making it slow. You shared these plugins from your personal experience and it will help a lot of people out there. But, if someone wants to secure and optimize their WordPress website I suggest, Managed WordPress hosting can cater their needs. From optimizing, updating and managing to security, it will cover all the aspects, and eliminate the need of some of the unwanted plugins.
The idea of FakerPress is good, but it's unbelievably slow. Seems it's a single-threaded process.
I concur that it is on the slow side. I'll generate a batch of test posts, enough so that I can test things like pagination (about 30-50). I'll wait it out, and not really use it again until it's time to clean up. I have not found a plugin that does it better, but I'm open to suggestions!
You can also generate content with wp-cli, which is faster, however there's no easy way to clean up the test data that's as convenient as FakerPress.
I had started to write a plugin that was specialized in creating many posts to bring WP to its limitations. I think it produced about 100.000 posts in about a minute. The code combined multithreaded JavaScript and aggregated SQL insert statements.
FakerPress and that (planned) plugin have different goals and a different audience. Maybe I'll resume the development.
Some comments may only be visible to logged-in visitors. Sign in to view all comments.