Post-Install Plugins to Enhance & Protect WordPress

Read the full post

WordPress is a fantastic, easy to install application that’s packed full of useful features. It’s all ready to rock straight out of the box, but there’s a few easy customisations you can make with a cocktail of plugins that will enhance the functionality as well as offer crucial protection. This is my collection of post-install plugins that I immediately add to every WordPress install I work on – There’s no fancy gallery plugins here, just back-to-basics additions to improve speed, SEO and security.


Akismet is so crucial to a WordPress blog it even comes pre-installed. All you need to do is sign up for an API key from in order to activate the plugin.

What does it do?

Akismet works on the front line in the battle against spam. It picks out spammy comments from your blog and helps protect your site against those pesky spam bots.

Download the plugin

All in One SEO Pack

Changing your Permalink structure is the first step you should take to a more optimised blog. The second step is to install the All in One SEO pack to allow complete customisation of every post and page to squeeze out the best search optimisation you can.

What does it do?

The All in One SEO pack makes a few important SEO improvements to your WordPress blog, such as canonical URL redirection and reconfiguration of page titles. More importantly it gives you complete control over the page title, meta description and keywords for every post and page so you can completely optimise your site.

Download the plugin

Google XML Sitemaps

After settings up your permalinks and installing the All in One SEO pack, all that’s left to do to completely SEO’ify your blog is to provide the Googlebots a sitemap to feast on. The Google XML Sitemaps plugin does exactly what it says on the tin…

What does it do?

The Google XML Sitemaps plugin creates and regenerates an XML based sitemap file that lists every page of your site in order of popularity. This allows the bots to easily crawl your pages, as well as quickly update changed pages in the search index.

Download the plugin

Login Lockdown

Brute force attacks are one of the most common ways blogs are hacked. One way to protect against this is with the Login Lockdown plugin, which provides a sturdy security wall between your site and the bad people by limiting the number of login attempts and blocking out IPs that exceed this set amount.

What does it do?

The Login Lockdown can be configured to allow X number of login retries. Once these retries have been exceeded, that particular IP will be locked out for a period of time (also configurable). The plugin also allows you to mask login errors, so WordPress will no longer give hackers a clue if they correctly guessed your username.

Download the plugin

W3 Total Cache

I’ve played around with just about every caching plugin out there, but W3 Total Cache definitely gets my recommendation. Caching is one of the most important additions to any WordPress blog. The W3 Total Cache plugin not only provides page caching, but also has database caching, object caching and a minify system built right in – All with customisable options.

What does it do?

W3 Total Cache speeds up your WordPress site by caching pages. Instead of WordPress making multiple calls to the server upon every visit, it displays a ready-made static file or reuses queries from the cache. This provides a huge speed increase and eases the load on your web server.

Download the plugin


Regularly taking backups of your WordPress database is as important as remembering breathe. There’s a good selection of ‘scheduled backup’ plugins out there, but my favourite is WP-DBManager. Not only does this plugin provide useful scheduling options, but it also allows you to browse, restore and optimize your database directly in WordPress.

What does it do?

WP-DBManager allows you to browse your database tables, restore existing backups, automatically optimize your database and set regular scheduled backups at interval of hours, days or months.

Download the plugin


The images you upload to your WordPress blog will account for a large portion of the load your server deals with. Smushing these images strips out the meta data, optimizes compression and removes unused colours from JPEG, GIF and PNG files, which in turn reduced their size by a couple of percent. This change isn’t huge on a per-file basis, but it all adds up when calculated across the whole site!

What does it do?

WP automatically sends all the images you upload via the WordPress media uploader through the API to optimize the images. You can even go back and Smush all your existing images using the handy button in the media browser.

Download the plugin

Free web shadows pack for every subscriber

Join the mailing list to have new content delivered straight to your email inbox. Every subscriber gets a free pack of realistic web shadows.

Written by Chris Spooner

Chris Spooner is a designer who loves experimenting with new web design techniques collating creative website designs. Check out Chris' design tutorials and articles at Blog.SpoonGraphics or follow his daily findings on Twitter.

  • PelFusion

    W3 Total Cache is the best plugin

  • Alan

    Nice list Chris and something I have been looking for for a while, thanks.

  • Justin Parks

    If for any reason W3 Total Cache isn't working then WP Super cache ( is excellent.

    The rest are highly recommended as well for any blog!

    Should all be part of the WP core to be honest.

  • Luis Lopez

    Excellent plugins, I always use the first 7 on the list but the last obne is new for me and I really think it'll be helpfull.


  • Tutorial Lounge

    we like to promote WP-DBManager plugin.

  • DeadJam

    Thanks Chris, the Login Lockdown sounds useful as does the rest of the list.

  • bryan

    Bookmarked this post, very good plugins.

  • Sandy Allen

    Excellent list, but some caution is needed here. A quick check shows WP to apparently have quite a few current bug issues.

  • Eduardo Dx

    Thank you for the tips.

  • Louis Gubitosi

    nice, I've used Yahoo! but didn't know there was a WP plugin for it. Thanks!

  • Vincent Klaiber

    Great article as usual Chris, wonderful collection of the top WordPress plugins!

  • The Freelance Geek

    Great post! Much appreciated!

  • Russell Poulter

    Cool list. I'm about to launch my new site design using WordPress so this is ideal timing, thanks!

  • Codeforest

    I am glad I had almost all of this plugins installed already on my blog.

    Nice post, Chris

  • Tom

    All wp plugins are generally 'post-install'

    • Jason

      Agreed, but I think the idea is that all 6 plug-ins can be added to pre-existing sites, instead of "things to consider for your next project".

      e.g. …it'll smush future images, but you can also go backwards through the library.

  • Paul Sizer

    Great list, some of which I havent heard of and will definitely be installing and using. Thanks again Chris.

  • saqib sarwar

    Nice summary for me.

    I will try Login Lockdown and WP 3 Cache on my blog.

  • JohnBlatter

    How about plugins for Blogger?

    • web knight

      friendly suggestion – quit Blogger – as it is not friendly for anonymous comments

      you see, many prefare not to publish everywhere their google profile name and next option for leaving comments is openID, but it is not free :(

      so, move your blog to wordpress or somewhere else ;)

      good luck

  • web investigations

    +1 for aksimet – absolute must have #1!

    I disagree about all in one SEO – if wordpress is made correct from the very start – you don't need it as a rabbit doesn't need a can of Budweiser :)

    thank You for sharing

  • Philwebservices

    Thanks for the bunch of free downloadable stuff.

  • Jason

    Nice to see someone who goes for quality list items instead of reaching some arbitrary number (e.g. Top 10…). So, great list Chris, can see all 6 as crucial additions to any WP project.

    I use the first 3 already; currently using SuperCache, but will take your recommendation and look into W3 Total-Cache.

    Used before for web-dev assets but it never occured to me that there'd be a WP-Plugin for it too…so, mainly thanks for that!

  • David the Web Designer

    Thanks for posting, i'm going to install login lockdown.

  • Web Designers

    Great post, very useful… thanks a lot!

  • James Scott

    All very good resources

  • jared thompson

    A very comprehensive list and has proved very useful even with a site i have been running and working with since february.


    Very useful plugins. I already use most of them. This can be a great guide who are new to wordpress and plugins stuff.

  • WebProject

    “`Great Post! you rock man“`

  • John Doyle

    Nice work on the WP Plugins!

  • alfiks

    Thanks for sharing these plugins. Login Lockdown is the one I was looking for.

  • Internets Worst Garbage

    This was a great blog. I've been setting up my blog all day and this really helped me. I installed the Google XML.

  • Aaron T. Grogg

    I would add <a href="">WP Optimize</a> and <a href="">WP DB Back-up</a>.

    I currently use WP Super cache but will give W3 Total Cache a look.


  • Carl – Web Courses Bangkok

    Nice post, always do like these as we can recommend our trainees to look at these one stop lists and install the plugins themselves.