I like WordPress a lot – it’s my #1 tool for simple web sites. We use it for The Barking Seal Blog (this site!), but I also use it for a variety of more traditional sites, including the TechFest website, and even my personal wedding web site!
WordPress isn’t everything, and if you’re looking for a CMS with the longest feature list, don’t bother trying it. But if you want a reasonably-customizable web site that almost any end-user can update, I endorse it. Try WordPress.com if you’re not comfortable managing your own web server.
For the technical folks in the audience, it’s easy to install the free WordPress.org version on any server that supports the LAMP stack (Linux, Apache, MySQL, and PHP). It is infinitely customizable (if you know PHP, HTML, and CSS), but will probably meet most your needs “out of the box”.
If you do use WordPress.org, there are a few plugins that are worth installing… here are the ones that I think every WordPress.org administrator should consider:
Security essentials:
Event Logging for WordPress: WPSyslog2
Without WPSyslog2, WordPress does a poor job of tracking important security events. This plugin logs critical issues (failed login attempts, article posts/deletions, password resets, etc.), so you have half a chance of figuring out what happened in a security incident. The logs are sent to your server’s “syslog” – check in /var/log/messages if you can’t find them. It’s sad WordPress doesn’t have reasonable auditing/logging internally – pretty much everyone should install WPSyslog2!
See: http://www.ossec.net/main/wpsyslog2
Free, invisible SPAM protection: NoSpamNX
Comment SPAM is a nightmare – for every thoughtful comment to your blog post, you’ll get tens or a hundreds of SPAMs. If you use the WordPress.com edition, you get great comment spam protection by default. For websites using the WordPress.org edition, you can either pay for the Akismit license, or try NoSpamNX. It works great for us!
See: http://wordpress.org/extend/plugins/nospamnx/
Quick Security Self-Check: WP-Security-Scan
WordPress is a secure web site platform, but only if it’s configured correctly. This plugin will check a number of important security issues, such as file permissions and database security, and warn you if you need to make changes. Although the plugin offers a few extra features if it’s left installed, I prefer to install it, run the security scan, fix the problems, run one more scan, then uninstall the plugin.
See: http://wordpress.org/extend/plugins/wp-security-scan/
Performance essentials:
Prepare for the horde: WP Super Cache
If you expect to get a lot of traffic, you should configure the built-in WordPress caching support. Rather than dynamically rendering every web page for every visitor, it allows WordPress to remember, or “cache” identical requests to they can be replayed to future visitors. If you need to squeeze even more performance out of your WordPress installation , try this plugin!
See: http://wordpress.org/extend/plugins/wp-super-cache/
Usability essentials:
Post Editor for Adults: Tiny MCE Advanced plugin
The standard WordPress in-browser post editor is pretty weak – only a handful of formatting options are exposed. In fact, this is the number one problem designer-types have with WordPress. Install the Tiny MCE Advanced plugin and your web site editors will have a bounty of formatting options!
Before TinyMCE Advanced:
With TinyMCE Advanced:
See: http://wordpress.org/extend/plugins/tinymce-advanced/
Secure Form Handling: Dagon Design Form Mailer
Even the most simple web sites need a “contact us” form (it’s never a good idea to post an email address, or a “mailto:” link, on a web site – spammers will discover it quickly). We have had great luck with this plugin – it has reasonable security controls and is flexible enough to support a diversity of forms – much more than simple contact forms. (If you’re collecting sensitive information, you probably need a more secure solution!)
See: http://www.dagondesign.com/articles/secure-form-mailer-plugin-for-wordpress/
[ I've never used it, but I've heard lots of good things about: http://www.deliciousdays.com/cforms-plugin ]
Search Engine Optimization (SEO) essentials:
URL management: All in One SEO Pack
I’m not an SEO expert, and WordPress does a pretty nice job of making search-engine “friendly” sites by default. Still, it doesn’t hurt to make sure you’re not accidentally breaking one of the many “SEO rules” – the All in One SEO Pack is a great choice. It ensures you don’t have “duplicate content” (where multiple URLs point to the same page contents), and allows you to customize user-friendly URLs.
See: http://wordpress.org/extend/plugins/all-in-one-seo-pack/
Alternatives include the Permalink Redirect plugin, which offers much more bare-bones functionality – it meets my needs most of the time. The most powerful, free plugin is the Platinum SEO Pack – I have not used it but it boasts some crazy features.
Sitemaps – on the road to the “holy grail”: Google Sitemap Generator
Modern search engines so a remarkable job of discovering pages on the world wide web. Still, it doesn’t hurt to help them along. Generate a sitemap with this plugin, prioritize the pages you really care about, and it will automatically submit your sitemap to all of the top search engines!
See: http://wordpress.org/extend/plugins/google-sitemap-generator/
Good luck!
This list is “missing” many content-focused plugins, such as post ranking, similar posts, integration with “web 2.0″ sites, etc. – I personally have the most experience with the “back-end” part of web sites, so that’s more the focus of these plugins.
![[Slashdot]](/wp-content/plugins/slashdot.ico){kind=small}
![[Digg]](/wp-content/plugins/digg.ico){kind=small}
![[Reddit]](/wp-content/plugins/reddit.ico){kind=small}
![[del.icio.us]](/wp-content/plugins/delicious.gif){kind=small}
![[Technorati]](/wp-content/plugins/technorati.ico){kind=small}
![[StumbleUpon]](/wp-content/plugins/stumbleupon.ico){kind=small}
Leave a Comment