Types of WordPress Plugins I Should Use

BarbApple Studios Web Design

WordPress plugins tree

As you can see from the above chart, it is more like the family tree of plugins off the main WordPress core. The explanation and the presentation of it is my interpretation of the WordPress plugin hierarchy. I know some of you may not agree, some of you will, and even more of you will think it is over simplified, but that’s the kind of thing I meant to convey.

The WordPress core itself is extremely secure, and by that I mean as secure as any content management system, CMS out there can be. Since it is written and updated by developers, and has a whole community behind it helping its validity, it is one of the most secure CMS’s out there today. It has checks and balances because if it.

The WordPress core, (red,) is the most secure version of your site. As it moves to the right and you keep adding more and more things, such as plugins, it gets less secure, (white.) Coming off of the green into the blue area denotes a website that is more vulnerable to breaking and/ or getting hacked. My best advice is to make sure security is in place, and research your vanity plugins thoroughly before installing them.

Must have plug-ins: These are the plugins in my book that I feel no WordPress website should be without. This will definitely vary from person to person, and from developer to developer. These are the plugins that I recommend, and I am totally open to this changing as I learn more or hear better arguments. That can happen a lot in this business, and one of the coolest thing about WordPress. In this area I have the following categories: Backups, Updating, Security, and Anti-spam.

Should have WordPress plugins: These are the plugins that you will install after you have finished installing and testing the plugins on the “Must have” list. This section, plus the previous section will give you a fully functioning interactive site, with the bare minimum of headache when you are trying to keep your site secure. I have included the following categories in this area: SEO, Caching, Responsiveness, and Forms. Personally I don’t think you can do without any of the plug-ins from either of the above areas. This, to me, is a full site if you are looking to have a functional, interactive site, that also has the chance to be discovered in the web.

Vanity WordPress plugins: Believe it or not, this is a favourite section of mine. I do like my Vanity plugins, because some of them are really cool, add value, and most are very well supported. I am not one of those developer that will poo-poo you because you want to add vanity plugins to your website. If I am designing your website you just have to abide by my rules when it comes to any plugins in this category. You just have to be careful how you choose a Vanity plugin, and what purpose it is supposed to serve on your site.

I have created a table for you to look at with specific examples of plugins I use that fall into each of the areas. Also when adding a new plugin directly from the list below, I have outlined the procedure below, and this procedure should work most of the time, but otherwise it is very easy to figure out:

  1. Click the link to the plugin
  2. Download the plugin to your hard-drive
  3. Go back into your “Admin” section of your site
  4. Select “Plugins”
  5. Select “Add New”
  6. Select “Upload Plugin” at the top of the page
  7. Cling the “Choose file” button
  8. Find the plugin on your heard-drive – highlight file and select Open, (usually in your downloads folder.)
  9. Click the “Install Now”
  10. Activate plugin
  11. Re-read documentation on the plugin to know how it sets itself up on your computer
  12. Check that plugin is there and configure it

Video coming soon on how to download and install a plugin


Area Category Specific plugin (* = Best in my book)
Must Have Backup Backup Buddy * No free version
BackWPUp * – Free
Updating iThemes Sync * Free – on-line service
JetPack Monitor Free – on-line service
ManageWP * Monthly subscription – on-line service
Security iThemes Security * Free and paid version
Sucuri * No free version – on-line
CloudFlare * Free and paid version – on-line service
Really Simple CAPTCHA – Free
 Anti-Spam Akismet – * Free and comes with WordPress
Should Have SEO WordPress SEO by Yoast * Free and paid version
Caching W3 Total Cache * – Free and paid version
P3 (Plugin Performance Profiler) – Free
Responsiveness WP Touch * – Paid version
JetPack Mobile theme – Free
Forms Gravity Forms * – No free version
Contact Forms 7 * Free
Vanity Editor WPEdit * Free
Social buttons Floating Social Bar * Free
SumoMe – Free and paid version – On-line service with plugin
Widgets Display Widgets – Free
Media Library Enhanced Media Library – Free
Typogrphy Google Font Manager – Free
Hide Title – Free
No Page Comment – Free
Yet Another Related Posts Plugin – Free

There are definitely tons more plugins than this, but this will give you a basic idea of the areas that you will most likely need to fill first. Whatever you are looking for can be found by following the steps above the table for finding a plugin or a type of plugin. Let’s say you have an idea and you want to see if there is a plugin exists that might help, then type it in.

Remember that a bad plugin has the potential of crashing your site. So when you install a plugin, always check that your site is working after EACH install. Don’t install 5 or 6 plugins, and then check your site. If it isn’t working, then there is no way to tell which plugin was responsible. So take your time and test, test, test as much as you can. Try and limit the number of plugins you install, and delete the plugins that you are not using. Also delete any themes that you aren’t using as well. This can help the possible chances that a hacker can get to your website, but all of this is discussed in another article with this site, when I talk about how to tighten up, or lock down your site.

WordPress Theme Resources

WordPress Themes:

These are the resources that I use or ones that come highly recommended to me. Each organization that designs their own themes can also have a framework that they work under, and I will do a blog on frameworks later on. So if you are going to use a Rockettheme template, for example, you would do better using their framework as well which comes in the form of a separate plugin called Gantry, but this can be a good thing. Woothemes has its own framework as well, so shop around if you are “Geeky” enough to want to spend the time.

Most of these sites have both free and paid themes. For a really good theme for your site, you can find free ones that will fit your needs, but beware, they are what they are. They may not be updated often enough, and could break down after a few updates to the WordPress main core.

Some great free themes here. Some will already come bundled with your installation of WordPress. There is a better chance that these themes will be supported although a lot of these are also designed by third party designers. The difference is that they have to be approved by WordPress before they are available for download.


rocketthemelogoRocketTheme: “Has an extensive collection of premium WordPress themes available for purchase and download. Each of our themes are built with usability and customization as a priority. Each theme can be easily modified to fit virtually any blog, portfolio, or corporate site. They add a new theme every month, and an array of propitiatory extensions to enhance your site”. These are the themes I use at the moment, not because I think they are better, but because I am in a Rockettheme mode at the moment.

elegantthemeslogoElegant Themes:  “Design is our art and our passion. Our goal is to create the best WordPress Themes with a pixel-perfect eye for detail and a high standard for aesthetic excellence. Let us help you make your website simple, beautiful and professional.” I have used their themes in the past, and found them to be really good.

headwaythemeslogoHeadway Themes: “Headway Themes allow you to build any layout you can think of, with full customization of any page with the powerful Headway Visual Editor.” I have one test site using this type of theme. Like all intricate themes, there is a learning curve that will have to be overcome, but worth it in the end.


woothemeslogoWooThemes: are powered by the versatile WooFramework allowing you to build a site with incredible flexibility. They also have some very powerful plugins, including their eCommerce one, that work better with their themes.


Other WordPress Theme Resources to try:

themetrust-logoTheme Trust – http://themetrust.com/
Moderately price themes ranging from basic to magazine templates. Very nice and responsive, but itis a pay for template site. This isn’t a bad thing, as I said in my earlier articles, the support is generally better and updates are generally better when you purchase a theme rather than go for a free one.

studiopress-marketplaceStudio Press – http://www.studiopress.com/
The Genisis framework in particular use the child theme that it has to get close to the build the client is looking for. It ill help you get close to the build they want and helps those on a limited budget. Genisis is a great framework to be working with, and if you are going to start learning a framework, I would recommend this one.

PageLines – http://www.pagelines-logopagelines.com/shop/
PageLines customers are a diverse and talented group of professionals from around the world. PageLines software is now used in over 170+ countries and powers sites as varied as Bicycle Tours in London to Musicians in Sweden. Within such a global community there are many unique ways of designing websites. With this in mind we wanted to create a place where you can share your creativity and learn from the creativity of others.

templatehawk-logoTemplate Hawk – www.templatehawk.com
This is yet another resource for templates. They really have nothing to say about themselves over there but they do have some decent templates and offer ‘affordable’ customization.

themezilla-logoThemezilla – www.themezilla.com/
We build premium WordPress themes & plugins.
Over 40,000 customers use our themes to power their websites.
Become a member today and download our entire collection.

creativemarket-logoCreative Market – www.creativemarket.com
Yet another company that doesn’t say a lot for itself, but I would recommend going over there an taking a look. There themes are really beautiful, and very pastel like. They also have plug-ins and custom vector graphics. Their blog is also not all about them but have a great number if useful “How to” articles. So check it out.


themefoundry-logoTheme Foundary – thethemefoundry.com
A brand you can trust. Established in 2008, we’ve been selling WordPress themes for over 7 years. We’re an official WordPress.com partner. Our themes meet their strict quality and security guidelines. Our newest themes include professional grade Typekit® fonts. You won’t find this anywhere else.

zigzag-pressZigZag Press – http://zigzagpress.com/
Find a range of flexible, functional Premium WordPress Themes built on the rock-solid Genesis framework! Yet another website that offers themes running on the Genisis framework. You can beat that.



JV Zoo – httjvzoo-logo_optimizedp://www.jvzoo.com

In case you wanted to create a store just selling templates, plugins and the like, I included this website. In their own words: “There are no out of pocket costs to become a JVZoo seller. You can create as many buy buttons as you like and add as many products as you want to our marketplace. You will never be charged a fee for doing so.”

Wanna Find a Plug-in?

I re-worked this wonderful compilation of plugins I have come across. Some of them will be old, so let me know, and I will try to keep an updated list. My favourites are among these, but I have probably test-driven all of them at some point. I have also left out some of the more obvious ones, and it’s fine to bring my attention to those as well.

So if you have a plug-in you would like to see on the list feel free to post it in the comments section below along with anything else you might have to say. This list will be changing from week to week and I will be adding new information as I get ideas of what to include, and I will be tweeting the changes so make sure you are following me on twitter.

I am also not rating which I think are best at the moment, but it is on the cards when I review this list for plugin additions, so if you see an asterisk, or other form of rating mechanism, then that means I have started doing just that. So check your twitter feed under @barbapplestudio

A really nice resource for searching for plugins based on category, downloads, votes, etc is:


“Google Trends for .org Plugins” – Simple tool to compare free WordPress.org plugins side-by-side:


Custom Post Types

Custom Fields


For Images

For Managing When Plugins or Scripts Load

For Caching


Google Analytics Dashboard


Full Screen Background Sliders

Social Sharing




 RSS Aggregation / Feed to Post Import

 Frontend Post/Registration





This is by no means a definitive list but it will be growing and I will be posting it on twitter for sure.

Ten things I do

These are the ten things that I do when I initially start on a clients website. These can vary and some other thing may be done depending on the scope of the project. Most of these are must haves, and others are dependent on the clients needs. But number 10 is a must and happens on every build. Have fun.

  1. Change admin user name to something else
  2. Install iThemes Security. Run Scan and set it up
  3. Delete unused plugins and themes
  4. Install W3 Total Cache, and configure it.
  5. Install a good backup plugin like BackUp Buddy by or BackWPup, and back up the website.
  6. Change permalinks, and other aspects of the settings tab.
  7. Make sure the theme, and the plugins I use are well supported.
  8. Delete all default pages, posts, and comments
  9. Install SEO by Yoast – if client wants search engine work
  10. Make some tea or coffee.

This is not all I do, but I make sure these 10 things are definitely done.

Color in HTML and CSS

The 3 ways to represent color in HTML or CSS

The are a few ways to define color in on a webpage using HTML and CSS, and I will be defining the 3 popular ones here. These codes can be used to define a specific background color, link text color, or paragraph, (regular text,) for a web-page. My personal use of the color tag in CSS and HTML is to write the color as a HEX value and as a HSL value.

This is because some of the older browsers, and they are still being used, don’t pick up the HSL values as easily as they do the HEX values, and HEX has been around forever, and can be picked up easily. Wherever you can imagine color being used that isn’t an image, the following are the most popular ways to do it.

RGB: Red, Green, Blue
written as: (color=”red”)
written as: color=”green”
written as: color=”blue”

This is as simple as it looks. The color red, green and blue. There are other colors such as cyan, but you get the idea.

HSL: Hue, Saturation, Lightness (See color wheel above.)

written as – Green: {color: hsl(120, 100%, 50%);}
written as – light green: {color: hsl(120, 100%, 75%);}
written as – dark green: {color: hsl(120, 100%, 25%);}
written as – pastel green: {color: hsl(120, 60%, 70%);}

Hue represents the angle in a color wheel from 0 to 360.
Saturation is written as a number between 0 and 100, expressed as a percentage.
Lightness is the amount of lightness, or white in a color and is also expressed as a percentage.

The HSL value is necessary for some browsers. Writing clean code is important, and for me that means giving both a Hex value and an HSL value to make sure that the proper color is picked up by the browser.

HEX: RRGGBB – 6 digit number/letter combination groups of 2 2 2
st set of 2 corresponds to the Red Value in the RGB style
nd set of 2 corresponds to the Green Value in the RGB style
rd set of 2 corresponds to the Blue Value in the RGB style

written as (color=”#ff0000”) – RED – All red and no green or blue
written as (color=”#00ff00”) – GREEN – All green and no red or blue
written as (color=”#0000ff”) – BLUE – All blue and no green or red
written as (color=”#ffffff”) – WHITE – All red, all green, and all blue
written as (color=”#0000”) – BLACK – No red, no green, and no blue

I hope this isn’t too confusing, but it is meant as a reference guide first, but it will should help you to recognise the color element next time you look at a piece of HTML or CSS. Please check out my articles on HTML and CSS later in this blog.

The wp-config file

wp-config.php is a very important file and was created when you installed your WordPress website. It is the go between from your website to the server. It logs into the server and communicates with it. This will most certainly crash your website if you change anything in here that WordPress does not like. Like its name suggests, config – configuration. So do not play around with this file. If you have to make any changes, do so when you are sure that what you are doing has been tested. As always, make a backup copy of this file before you make any changes. This is another file that you should keep a working copy of, on your local computer.

Keep looking in the “Site Security” category for more post on how to further lock down your site against malicious bots and hackers.

As with every change you make to any file in your WordPress site, make a backup of the original file first, save a local copy, then log out of the admin back end, and log back in again to make sure everything works. Now go to  your website front end to make sure that you and the rest of the web can get to your website.

The .htaccess file

As with all of my posts, I will be assuming that you know certain things; like how to FTP a file to your WordPress website. If you do not, search for other posts in this blog that will teach you how to. Just do a search for FTP. This is not a post on how to FTP, just to familiarize yourself with your, htaccess file.

Todays lesson is all about the little known, but always there, .htaccess file. There are a few of these on a WordPress site. The ones that I will be mostly writing about are the one in the root directory and the one that lives in the wp-admin folder of your WordPress install. As I said in other posts I subscribe to a website called www,lynda.com, and this is a great website for learning all things WordPress as well as a plethora of other create softwares. This installment is about “locking down your site,” against intruders, which is a polite way of saying hackers.

Take a few moments to download your, htaccess file and get to know it. If you don’t see it in your root install, have WordPress create one for you. Go to Settings<Permalinks and change the setting in there to reflect “Post name”, then log on to your WordPress site via FTP and you will see a new file there called ,htaccess. Download it and open it in a text editor and see what it has done. Do not use a word processor for this, use notepad or the one that I prefer, notepad+.  It is an Opensource program, therefore free, and cool.

It will read something like this:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Bear in mind, if there is a .htaccess file already on your server before you change the setting, then it may have different stuff in there. Don’t worry about that, and don’t change anything. Leave it alone. Other plugins will add their 2 cents worth into this file from time to time. This can also be a reason why a site will crash, so you will need to familiarize yourself with this file just in case. As with any other configuration file, always save a copy of the old file on your server before you make any changes and download this file to your computer as well. Again, always save a copy of the old file on your server before you make any changes and download this file to your computer as well.

I use the convention daydateyear.htaccess to rename the old file. You can use whatever convention you want, but this means that I have several copies of my .htaccess files that worked before I ever made changes.

Periodically download and take a look at this file especially after you install a plugin to see if any changes have been made, just for your reference. Some plugins won’t use it and some will.

Securing your WordPress website

I thought this article was going to be a little further down the line, but something happened yesterday that pushed the timeline up a month or 2. I was working vigorously on getting BarbApple studios up to speed, you know the drill: website with matching Fackbook, and Twitter page, when the unthinkable happened. My servers went down, and the explanation I got was “Our server thought there was too much activity on my site, logging in and out, branded it as  malicious activity and we shut you down.” This might not have been an issue, but I tried to log in like 7 times, and they couldn’t figure out what the issue was.

WordPress was allowing me to change the admin password, but not allowing me to log in. After a day of this nonsense, and back and forth with tech support, it hit us both at the same time. I had a plug installed by BWS plugins called ‘Limit Attempts,’ and that’s what kept me logged out. So when the servers came back online, I was blacklisted from my work computer, and the tech that was helping me also got blacklisted. We went about it 2 different ways, and got the same result, we were able to log back in again.

I had the idea of going to phpmyadmin and deleting the records in the plugin table, but thought that was a bit rash, so instead I FTP’d to my site and just deleted the plugins folder. That might be considered rash anyway, although at the same time my tech deleted the records from the database using phpmyadmin. I don’t know which had the desired effect or both, had the desired effect, but I am back. I think his method might have worked fine, but I’d like to think I would have gotten a plugin missing error, and would be allowed in anyway, as this has happened before. So there you are, the beginning of a post on how to secure your WordPress website. This will be part 1) of 2) I think, because I want to do this properly. I am going to discuss the types of things you need to stop, how to stop them, and the reputable plugins that will help. So stay tuned.

WordPress will not crash your website, but plugins and themes will. WordPress, as I have said before, is one of the most stable web environments out there at the moment. When people complain about WordPress crashing, what they usually mean is that it had crashed due to a plugin being bad or in need of updating, or a theme that stopped working. WordPress itself is as stable as it gets on the world wide web.


This is the most important thing I can tell you to do. Do not assume that the place you are hosting has it covered. Whilst they may do, they could charge you extra money for a restore, and they may not get the restore exactly as you want it. Do it yourself, because WordPress has made it so simple. There are many plugins that will do the job adequately, but the one that I use for all my sites is the plugin BackWPup by Pento. It has been around forever and just does what it says it is going to do. So check that out in the plugins section of my blog, as it is one of my favorites.

Administrator Log in

Do not use admin, user, test, or administrator as the main log in user name. When you think about it, they aren’t really user names. These are the first names a hacker will attack, and it means that all they have to get now is the password.

Longer passwords are better: You don’t have to produce intricate passwords, but long ones – like sentences. People think they have to have longer cryptic passwords, but they forget them. Longer is better in this case, and the chances that you remember it will be better.

If you are the administrator of your WordPress site, create another user account with editor privileges to post to your own blog, so that you are not always logging in as an administrator. This way there is less of a chance of being key-logged when you are using your website. The admin account you set up should be used for admin purposes only, and this is a good thing to teach your clients also because there is more of a chance of them just posting to their sites than administering to it. This is a tricky one for me because I admin so many sites, that I am admining more than actually posting but your average client will not.

Update your WordPress

Always update your WordPress core, plugins, and your themes whenever they are due. Don’t wait a few weeks or even days to do this. The need updated for a reason, so go ahead and do it. You will only make things worse if you don’t. Sometimes after I update the WordPress core, I log out and relog back in again to see if anything else has changed in the update department, such as plugins or themes. This may not be necessary, but it is a habit I have gotten into over the years. I just know that I have left updates for a while and crashed my website a few times. There was one time I remember I had to do a full re-install because I didn’t update.