All of these plugins are free ro have a free version and I use them on a regular basis on my own and client sites.
If you find a plugin useful I encourage you to leave a great rating on the plugin page, make a donation to the author (where requested) or buy the premium version. The plugins on this page are the result of many hundreds or thousands of hours of work in coding, maintenance and customer support. Remember that the author needs to feed themselves and their families and feel that what they have produced is valued by their users.
Minimal Security
First things first! These are the minimal plug-ins I use to make the site more secure. Installed at the very beginning for a project.
Loginizer
The free version implements Brute Force protection.
Loginizer
Disable WP REST API
Disable the public WP REST API, preventing public enumeration of all your user names. The REST API is untouched for authenticated users.
Test this in case any aspect of your site requires access to the unauthenticated REST API.
Compatibility:
- Contact Form 7 ajax requests rejected – Dave McHales plugin has specific exclusion for CF7.
Disable WP REST API
If you need certain REST endpoints, or need to authorise access for specific users, you could try this plug-in which provides detailed config by user and endpoint.
Disable REST API
Disable XML-RPC
This can be disabled on many simple WP installations. See the notes in the following article to see if it’s appropriate for your WP install. This tells you how to disable using a plugin, .htaccess or using a WP filter in code.
How to Enable and Disable XMLRPC.PHP in WordPress and Why
Disable User Login
Disable User Login
Extra Tools
Extra tools to help your WordPress workflow.
Default featured image
Default featured image
Admin Menu Editor
Admin Menu Editor
Cookie Notice & Compliance for GDPR
Cookie Notice & Compliance for GDPR / CCPA
Import and export users and customers
Import and export users and customers
Import any XML or CSV File to WordPress
Import any XML or CSV File to WordPress
Imsanity
Imsanity
Redirection
Redirection
WP Crontrol
WP Crontrol
Yoast Duplicate Post
Yoast Duplicate Post
Elementor Extras
Extra addon’s to help your Elementor workflow and page building.
Elementor Custom Skin
Create and edit your own loop templates.
Elementor Custom Skin
Flexible Elementor Panel
Flexible Elementor Panel
Lazy Load Elementor Background Images
Not maintained but still works for sub-set of cases – see support threads.
Lazy Load Elementor Background Images
OoohBoi Steroids for Elementor
OoohBoi Steroids for Elementor
Page scroll to id
Page scroll to id
WooCommerce Extras
Extra plugins to help your WooCommerce workflow.
Disable Bloat for WordPress & WooCommerce
Disable Bloat for WordPress & WooCommerce
Kadence WooCommerce Email Designer
Kadence WooCommerce Email Designer
Woo Store Vacation
Close the Woo store so no orders can be placed and display message on product pages.
Woo Store Vacation
Talking to the outside world
Tools to improve the way WP talks to the outside world.
Speeding Thing Up
Last, but not least, and avoiding the premature optimisation anti-pattern, some tools to help speed up the site. As for all performance improving strategies, you need to measure the performance then run experiments. Some things are no brainers, but experience has tought me that more complex optimisations can be infrastructure dependant, so you need to test these against your hositng provider (hardware/webserver/etc).
PHP Version
Always run the latest recommended PHP version. I usually avoid the first major version increment, e.g. v7.x -> v8.0 for a while as early adoption can often lead to problems with plugins. However, once WP core supports a PHP version the plugins will follow. Always test your site after a PHP upgrade and know how to roll back the change.
WP Super Cache
The fastest and easiest way to speed things up. Many WP optimisation plugins include page caching, but if you want to keep it simple and free.
WP Super Cache
Asset CleanUp: Page Speed Booster
Remove cruft from the pages, minify and combine CSS/JS + more.
Asset CleanUp: Page Speed Booster
Disable Comments
If you don’t want comments on your site or on specific post types you can disable comments globally or per post type using this plug-in. This will mean comment related scripts and code will not be loaded got those post types.
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]