24 Essential Maintenance and Security Plugins for your WordPress Site

Here at Headway, we feel there are just certain plugins that you need to have in your arsenal. While you may not need a plugin from every category for every site, these are the Maintenance & Security plugins we think you should be aware of!


Both All In One SEO and Yoast are free and boast a lot of features so which one you prefer mostly comes down to personal preference.

The free version(s) of the plugins both offer:

  • Sitemap
  • add Social Meta data
  • Automated Meta tag creation
  • Works out of the box
  • And more!

Each plugin’s free version then has some specific features not found in the other so you’ll have to review them to find the one that has what you’re looking for. Both also offer premium versions.

In addition to unlimited usage and premium support All In One Premium boasts:

  • Feature Manager and plugin modules
  • Video XML Sitemap module
  • Advanced custom post type options
  • Control SEO for categories, tags and custom taxonomies

Yoast Premium offers premium support and

  • a redirect manager
  • tutorial videos for the plugin

But there are different licenses to purchase and that determines how many sites you can get updates and support for.

Spam Protection

While Akismet seems to be the most well-known spam protection plugin, it also is not free for commercial use.  Non-commercial use you can name your own price, which as of this writing, can be $0.

However, a real hidden gem is WordPress Zero Spam which is not only free, it does a better job than Akismet.

Speed/Loading Time

We’re big fans of W3 Total Cache and we’ve heard wonderful things from our community about WP Rocket.  W3 Total Cache is free and has a lot of options but takes some time to configure well.  WP Rocket is premium but works out of the box with no confusing configuration.  Both help tremendously with loading times.

If you use CloudFlare, we recommend checking out the CloudFlare plugin for best results with your WordPress site.

One thing that often creates loading time for sites are large images not optimized for the web.  For that job, we can recommend EWWW Image Optmizer or WP Smush.   Both work really well.

Lastly, we also really like the Heartbeat Control plugin for helping decrease requests/loading time.

Thumbnail Regeneration

If you change image sizes in your WordPress settings or various other changes, you will need to regenerate some thumbnails.  For that task, we like Onet Regenerate Thumbnails or Force Regenerate Thumbnails.  Both do the job very well and are a must!


If you install an SSL certificate on your site, then you’re going to want to look at Force HTTPS which forces all pages/posts to load via HTTPS.  It just works and there’s an option to make the admin load over HTTPS too.

Role/Capability Management

We’ve been big fans of Justin Tadlock’s Members but there are times when you need more control.  For those times, we recommend Users Ultra and User Role Editor.


Backups are so very important and we have some tools that will make your life easier.  Both Duplicator and WP Clone are free and offer restoration and migration with its backups.  Duplicator takes a full backup of the entire WordPress install while WP Clone only backs up the user files.  Because of this, WP Clone requires a fresh WordPress install at the new location but no FTP access.  Neither supports scheduled backups, however the premium version of Duplicator (Duplicator Pro) DOES support scheduled backups but we have not tested it.

And then you have BackupBuddy which while premium, is worth every penny.  We also have a discount code that is available only to Headway customers.  BackupBuddy offers:

  • scheduled back-ups
  • remote destinations, including FTP/SFTP, S3, Dropbox, Google Drive and more.
  • Database rollback
  • Restore/migrate sites
  • Deploy selected changes from a dev site to a live site and vice versa (downside is that this is not a full staging environment because it will overwrite data instead of only merging)
  • And more!

Security – Prevent Hack

You’ve got so many options here so you’ll need to research which one fits your needs.

iThemes SecurityAll in One WP SecurityWordfence Security and Sucuri are all great options.  You really need a security plugin these days to try to prevent a hacking or malicious user.

We also like Clef because it lets you choose to allow login via your phone (using Clef) or require it.  A downside is that if you are admin and something happens to your phone, you’ll need to modify the database to allow entry.

Security – After a Hack

After you discover a hack, you’ll want to scan your site.  We have a few tools we really like for this. Sucuri SecurityWordfence Security and Anti-Malware and Brute-Force Security by ELI are free and allow you to search for malware and/or changed files.

You’ll want to have at least one of them on hand at all times.

And that’s a wrap.  Stay tuned to the next post in this series where we go over the essential plugins that add features to your WordPress site!


Spread the word!

8 Responses

  1. Great post, all great plugins that I use. Cloudflare can be really buggy. Another good option for optimizing images is using Google PageSpeed insights chrome extension and downloading the suggested image when you run the analysis. For some reason Google is always able to reduce the images beyond EWW or Smushit. EWW and Smushit can also place a heavy load on your server.

    • Andy,

      Admittedly, haven’t tested the CloudFlare plugin in some time but was not buggy when I used it regularly. Good to know though 🙂 As for the images, I haven’t had a problem with EWW at all as far as server load but I’m sure it could definitely impact shared hosts. There is also Kraken which I’ve used before and like but had better results with EWW and Smushit. Didn’t know that though about the PageSpeed extension. Always looking for new tips and tools!


  2. Thank you! Helpful post!

    I’m already familiar with a number of these plugins, but there are certainly a few unfamiliar ones that caught my attention. I’ll have to try them out!

  3. I’d like to put a word in for UpdraftPlus in the backups list.

    For those of us in the UK, it’s unusual to have a good UK-based product. We like the scheduled backups, the auto-backups before plugin/theme/core updates, and the wide choice of offsite storage locations.

    The plugin author (also David) is very responsive and helpful!

    • I agree with UpdraftPlus. I’ve tried some of the other backup plugins, but find UpdraftPlus to be easier to understand and use.

Leave a reply

Copyright © 2016 Vesped Inc. All Rights Reserved. Proudly Powered by Headway and WordPress