1. Yoast SEO
Yoast SEO does everything in its power to please both visitors and search engine spiders. A dedicated team of developers, testers, architects and SEO experts works daily to improve the plugin with every release. Yoast SEO offers:
- Title and meta description templating for better branding and consistent snippets in the search results.
- A state-of-the-art Schema implementation helps search engines make sense of your site and increases the chance of those coveted rich results.
- The most advanced XML Sitemaps functionality at the push of a button.
- Full control over your site’s breadcrumbs.
- Automatically set canonical URLs to avoid duplicate content.
2. W3 Total Cache
W3 Total Cache (W3TC) improves the SEO and user experience of your site by increasing website performance and reducing load times by leveraging features like content delivery network (CDN) integration and the latest best practices.
- Compatible with shared hosting, virtual private/dedicated servers, and dedicated servers/clusters
- Transparent content delivery network (CDN) management with Media Library, theme files and WordPress itself
- Mobile support: respective caching of pages by referrer or groups of user agents including theme switching for groups of referrers or user agents
- Accelerated Mobile Pages (AMP) support
- Secure Socket Layer (SSL) support
- Caching of (minified and compressed) pages and posts in memory or on disk or on (FSD) CDN (by user agent group)
- Caching of feeds (site, categories, tags, comments, search results) in memory or on disk or on CDN
- Caching of search results pages (i.e. URIs with query string variables) in memory or on disk
- Caching of database objects in memory or on disk
- Caching of objects in memory or on disk
- Caching of fragments in memory or on disk
- Caching methods include local Disk, Redis, Memcached, APC, APCu, eAccelerator, XCache, and WinCache
- Minification of posts and pages and RSS feeds
- Minification of inline, embedded or 3rd party CSS with automated updates to assets
- Defer offscreen images using Lazy Load to improve the user experience
- Browser caching using cache-control, future expire headers and entity tags (ETag) with “cache-busting”
- Import post attachments directly into the Media Library (and CDN)
- Leverage our multiple CDN integrations to optimize images
- WP-CLI support for cache purging, query string updating and more
- Various security features to help ensure website safety
- Caching statistics for performance insights of any enabled feature
- Extension framework for customization or extensibility for Cloudflare, WPML and much more
- Reverse proxy integration via Nginx or Varnish
Akismet checks your comments and contact form submissions against our global database of spam to prevent your site from publishing malicious content. You can review the comment spam it catches on your blog’s “Comments” admin screen.
Major features in Akismet include:
- Automatically checks all comments and filters out the ones that look like spam.
- Each comment has a status history, so you can easily see which comments were caught or cleared by Akismet and which were spammed or unspammed by a moderator.
- URLs are shown in the comment body to reveal hidden or misleading links.
- Moderators can see the number of approved comments for each user.
- A discard feature that outright blocks the worst spam, saving you disk space and speeding up your site.
4. Contact Form 7
Contact Form 7 can manage multiple contact forms, plus you can customize the form and the mail contents flexibly with simple markup. The form supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and so on.
With the default configuration, this plugin, in itself, does not:
- track users by stealth;
- write any user personal data to the database;
- send any data to external servers;
5. Wordfence Security
THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER
Wordfence includes an endpoint firewall and malware scanner that was built from the ground up to protect WordPress. Our Threat Defense Feed arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.
- Web Application Firewall identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.
- [Premium] Real-time firewall rule and malware signature updates via the Threat Defense Feed (free version is delayed by 30 days).
- [Premium] Real-time IP Blacklist blocks all requests from the most malicious IPs, protecting your site while reducing load.
- Protects your site at the endpoint, enabling deep integration with WordPress. Unlike cloud alternatives does not break encryption, cannot be bypassed and cannot leak data.
- Integrated malware scanner blocks requests that include malicious code or content.
- Protection from brute force attacks by limiting login attempts.
WORDPRESS SECURITY SCANNER
- Malware scanner checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.
- [Premium] Real-time malware signature updates via the Threat Defense Feed (free version is delayed by 30 days).
- Compares your core files, themes and plugins with what is in the WordPress.org repository, checking their integrity and reporting any changes to you.
- Repair files that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.
- Checks your site for known security vulnerabilities and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.
- Checks your content safety by scanning file contents, posts and comments for dangerous URLs and suspicious content.
- [Premium] Checks to see if your site or IP have been blacklisted for malicious activity, generating spam or other security issue.
- Two-factor authentication (2FA), one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service.
- Login Page CAPTCHA stops bots from logging in.
- Disable or add 2FA to XML-RPC.
- Block logins for administrators using known compromised passwords.
- Wordfence Central is a powerful and efficient way to manage the security for multiple sites in one place.
- Efficiently assess the security status of all your websites in one view. View detailed security findings without leaving Wordfence Central.
- Powerful templates make configuring Wordfence a breeze.
- Highly configurable alerts can be delivered via email, SMS or Slack. Improve the signal to noise ratio by leveraging severity level options and a daily digest option.
- Track and alert on important security events including administrator logins, breached password usage and surges in attack activity.
- Free to use for unlimited sites.
- With Live Traffic, monitor visits and hack attempts not shown in other analytics packages in real-time; including origin, their IP address, the time of day and time spent on your site.
- Block attackers by IP or build advanced rules based on IP Range, Hostname, User Agent and Referrer.
- Country blocking available with Wordfence Premium.