WordPress plugins cost?

wordpress logoIntroduction

You’ve installed WordPress. It’s free. That’s amazing, and you get to stand on the shoulders of giants with all those great plugins. BUT! Developers need to get paid and a lot of the plugins have paid versions with the full range of features. So what can a fully fedged WordPress installation cost? This is the unspoken secret of WordPress.

The Plugins

These are the plugins I’m using:

  1. Hosting. Not really a plugin. It’s easy to get free/cheap hosting but with a WordPress site taking multiple seconds to load, especially if you have plugins enabled. As a benchmark, the personal purchase on wordpress.com is $39 (£30) per year, but doesn’t really give you that much.
  2. Akismet anti-spam adds better statistics and support for £44 per year.
  3. Cloudflare. You are running this, right? For free it gives you SSL, translation of http to https, DDoS protection, CDN caching (for the speed!), for $20 (£15) you get more as well as firewalling.
  4. With Jetpack you get a load more content stuff and lazy image loading for $9 (£7) per month.
  5. WP-Smush, one of my favrourites which crushes images, for really useful enhancements will set you back $49 (£38) per month.
  6. Updraft plus, the dedicated backup solution, for many, many more features and support will cost you £54 in total.
  7. WP Total Cache with more, possibly useless, caching features will be $99 (£77) per year.
  8. Wordfence security, which bugs me nearly daily to upgrade plugins and also does much more, is $99 (£77) per license.
  9. Yoast SEO which has certainly enhanced my writing for the web, is £79 per license.
  10. And finally something not WP related but which I think is REALLY useful is Grammarly which has also knocked some corners of my writing style.  This is £108 per year, and if I were a professional writer, it would be totally worth it.
  11. The AliExpress plugin is worth it if you want a drop shipping store, and who doesn’t? This is $14 (£11) per month.

Therefore in total, we’re looking at £1156 for the first year! Not insignificant, but developers have to eat!

Run WordPress? Stay secure!

Quite a large proportion of us run blogs, typically WordPress if we want a degree of control or growth, whether for techie stuff or political agitation.

Whenever I work anywhere, I try to make sure the top priority is security. There’s no point doing anything unless you’re secure. The recent Typeform breach shows anyone is liable and their breach exposed data from Monzo bank. In the grand scheme of things, it wasn’t the end of the world: no passwords were leaked.

If you’re running WordPress and therefore relying on somebody else’s software, these are the things you need to do to stay secure:

  1. Install a security plugin. Yes, it’s a pain in the neck getting daily emails to update your site as themes and plugins update but given (1) above, it’s useful. I use Wordfence.
  2. Make sure you use SSL. As well as Google encouraging us to use SSL and gain SEO advantage, being secure is just generally a Good Thing. Worried about SSL certificates? Don’t be. Just hand your DNS management over to Cloudflare and gain SSL, DDoS protection and much more for FREE. My favourite price.
  3. Use strong passwords. Better still use something like Lastpass to generate secure passwords and store them for you safely.
  4. Use two-factor authentication. Make it one step harder to get into your site. Now they won’t get in unless they have your phone. There’s a plugin for that. We use the Google Authenticator.
  5. Keep up to date. 54% of WordPress vulnerabilities belonged to out of date WordPress. You should also keep themes up to date, things like cross-site-scripting exist, and plugins also.
  6. When installing plugins go for the widely used ones, ones with 4*-5* ratings and thousands of satisfied users. Make sure if you go down, LOADS of people go down with you too!
  7. Remove unused plugins and themes. I did that with my personal site and sped it up hugely. Same goes for browser plugins but for different reasons.
  8. Do backups. Second to security. It won’t prevent hacks but it’ll let you get back in the saddle quickly if something awful happens. I use Jetpack which does loads of other stuff too. Make sure you test restoring a backup! Write-only backups are so 90s.
  9. Change the “admin” name”. Trivial but will prevent 99% of brute force attacks.
  10. Limit the number of login attempts. Again, trying to foil brute force.
  11. Don’t let people get at your wp-config file. Put this in your .htaccess file:
    <files wp-config.php>
    order allow, deny
    deny from all
    </files>
  12. And don’t forget, if you find a security hole, report it! That’s how stuff gets better. Finally, make sure you’ll keep the government happy and please don’t provoke GDPR emails.

WordPress spice with plugins

Wordpress logoSo, PHP and MySQL, two slightly suboptimal technologies run a fairly large chunk of the internet in the form of WordPress. You have the idea for a blog or maybe want to knock up a quick corporate web site. What’s your first step?

Themes

  • Choose a WordPress theme. There are loads out there, some free some paid for. My site of choice for finding themes free or otherwise is Themeforest. A fair number of the themes are free, and you can choose 2 or 3 column, responsive and so on.

Having chosen your host (we use bluehost.com for www.pandaandpolarbear.com and this site), then it’s time to flesh out the functionality of your site with plugins.

Plugins

  • Akismet – a pretty good comment spam filter plugin. It will mark spam for you so you can you through and trash it. Not sure I’ve ever had a spam comment go through.
  • Cloudflare – These guys are making the internet better. A DDoS, CDN and free SSL solution. 128 data centres. Who is to argue with that?
  • Cookie Consent – Everyone needs this, right?
  • XML sitemaps. Does what is says on the can!
  • Jetpack – Even more themes, stats, SEO tools, Security stuff.
  • Loading Page – while the page is loading, shows a pretty graphic. Given the stats on site abandonment, any distraction is worth it.
  • NextScripts: Social Networks Auto-Poster – lets you spam nearly 30 social media channels.
  • P3 (Plugin Performance Profiler) – Really useful to see where the CPU time is going and if a plugin is taking the time. In my experience, plugins take about 50% of the page render time.
  • W3 Total Cache – caching is good. Most site are not that dynamic so caching is relly good to have.
  • Wordfence Security – useful to have. We’ve had someone uploading rogue JavaScript to WordPress and this spotted it.
  • WP Smush – optimise graphics for the size you’re rendering them at. This is a cool speedup. When you’ve got four years of art, it’s a big win.
  • Yoast SEO – If you’re wordy like me, it’s good to have something reminding you of the good stuff to put in your posts to get the attention of the search engines.
  • Amazon Associates Link Builder  – nice integration with Amazon associates.
  • Finally, Link checker – useful to check for broken links, or destination pages that have gone away.

Other stuff

Don’t forget to sign up to the Google suite, Google analytics, Google webmaster tools, and Google Lighthouse.

Conclusion

That’s a small selection of the plugins we use. There are a whole bunch of Woocommerce related WordPress ones and others related to selling stuff.

I did a site for Dusty Knuckle Pizza, which was working great until they foolishly decided to spend money and get something worse. IMHO.

So that’s that. Your site is now standing on the shoulders of giants.

Remind me, why do people still build web sites manually?