© 2023 Marina Kudinova ⁕ All rights reserved ⁕ contact@wpwebsites.dev
Tried and tested selection of the best must have WordPress plugins for key tasks: multiple languages, backup and restore, optimization of images, SEO, website security, and speed optimization. The following plugins are featured: WPML, UpdraftPlus, ShortPixel, WebP Express, SEOPress, Websitescanner Custom Schema, Yoast SEO, Wordfence, WPS Hide Login, WP Rocket, W3 Total Cache, and Advanced Database Cleaner. After trying many popular plugins, I opted for the listed selection. Further, my favorite plugins, their free and premium versions, are described in short, sometimes good alternatives and addons are mentioned, and a bit of practical advice is given. In conclusion, I recommend the best plugins for a commercial site, with estimated cost per year, and a free setup for a personal blog.
Tried and tested selection of the best must have WordPress plugins for key tasks: multiple languages, backup and restore, optimization of images, SEO, website security, and speed optimization. The following plugins are featured: WPML, UpdraftPlus, ShortPixel, WebP Express, SEOPress, Websitescanner Custom Schema, Yoast SEO, Wordfence, WPS Hide Login, WP Rocket, W3 Total Cache, and Advanced Database Cleaner. After trying many popular plugins, I opted for the listed selection. Further, my favorite plugins, their free and premium versions, are described in short, sometimes good alternatives and addons are mentioned, and a bit of practical advice is given. In conclusion, I recommend the best plugins for a commercial site, with estimated cost per year, and a free setup for a personal blog.
Tried and tested selection of the best must have WordPress plugins for key tasks: multiple languages, backup and restore, optimization of images, SEO, website security, and speed optimization. The following plugins are featured: WPML, UpdraftPlus, ShortPixel, WebP Express, SEOPress, Websitescanner Custom Schema, Yoast SEO, Wordfence, WPS Hide Login, WP Rocket, W3 Total Cache, and Advanced Database Cleaner. After trying many popular plugins, I opted for the listed selection. Further, my favorite plugins, their free and premium versions, are described in short, sometimes good alternatives and addons are mentioned, and a bit of practical advice is given. In conclusion, I recommend the best plugins for a commercial site, with estimated cost per year, and a free setup for a personal blog.
WPML: multilingual website plus connection of domains
WPML is the WordPress Multilingual plugin, which won first place at the WP Awards 2022 in the category “Content Tools”. The plugin makes it very straightforward to build multilingual sites, allowing to translate pages, posts, custom post types, media, tags, categories, custom taxonomies, menus, and any other front-end text. WPML is compatible with all the popular themes, plugins and page builders. You can have different languages in sub-directories, display the language as a URL parameter, and a very powerful feature – you can place different languages in completely independent domains or sub-domains, thus managing several websites from a single standard WordPress installation. And, there are three translation options: manual, automatic, and a connection to the translation service.
The most interesting of the WPML pricing plans is Multilingual CMS, which includes full functionality, is valid for 3 production and 9 development sites, and costs $99 for the first year and then $74 for yearly renewals. The cheapest Multilingual Blog option, which costs $39 for the first year and $29 for renewals, allows to translate posts, pages, taxonomies, menus and media manually. What is really missing in this plan – is the string translation module, without which you cannot translate texts coming from the theme and plugins. The Multilingual Blog is valid for 1 production and 3 development sites. The Multilingual Agency plan costs $199 for the first year and $149 for renewals, includes full functionality, and it is valid for an unlimited number of sites. Along with quite affordable pricing plans, WPML has a 30-days “no questions asked 100% refund” policy, so you can try the plugin for free.
Comparing WPML to free and paid alternatives, and a bit about transferring the WPML account renewals to your clients
All the free multilingual WordPress plugins I tried so far have relatively basic functionality, which, most often, is not enough for a commercial website. For instance, you cannot translate URL slugs or duplicate posts across languages. Here you can find a comparison table. When considering paid versions of the plugins, WPML is the most economical solution, since the Multilingual CMS plan is valid for 3 production sites. In addition, you can transfer the renewal payments to your clients. For every transferred renewal, you receive $20 credit, additional production site, and even will get paid by WPML if your credit gets higher than your yearly renewal cost. Your client will pay $35 per year for a single site, which includes the setup with connected domains. To be able to transfer renewals, you should have the Multilingual CMS or the Multilingual Agency plan.
Recommendations for using the WPML’s domain connection feature: placing each language in a different domain
WPML allows you to display different languages in completely independent domains, for example, the English version of your site at https://yourcompany.com and the German version – at https://yourcompany.de. For this you will need: the required domains, one hosting, corresponding number of SSL certificates or a multi-domain one, and a WPML license for one site. Such a setup, with different domains per language, is very beneficial for SEO and ranking of your secondary languages.
My advice is: inform you client about this option in advance, and make the English language the default one thus assigning it to your primary domain, which is normally .com or .org. At the development stage, place other languages into subfolders, e.g. https://yourcompany.com/de/. In this case, if your client decides to switch to the multi-domain setup in the future, you will not need to update the internal links iteratively, and you will not have to switch the default language of the site. The latter can cause minor issues as some site components and features coming from other plugins, your theme or builder might not switch. The multi-domain configuration settings, which worked for me in all the projects, are displayed in the first screenshot below.
Final remarks: what I like and don’t like about WPML, plus code to auto-select the "Minor edit - don’t update translation" flag
The main thing I do not like about WPML is that recently, less than a year ago, they embedded the Translation Management into the core WPML Multilingual CMS plugin. So now you need to install three plugins, WPML Multilingual CMS, WPML Media and WPML String Translation, to use all WPML features. Before it was four plugins, plus WPML Translation Management.
If you redesign the site and have all the translations, you do not need the Translation Management part. However, now even after you switched off the “Translation Editor” entirely and pressed the “Translate Independently” button for the specific page, you still have the “Minor edit − don’t update translation” flag above the Update button for this page in the default language. You have to select this flag before updating, otherwise something is sent to Translation Management for secondary languages. To solve this issue, I ordered a small customization of WPML at the Codeable platform, where you can hire professional WordPress developers. The resulting code selects the aforementioned flag automatically right after the page is loaded for editing. The code is released under the GNU Public License. To reproduce the solution on your site, follow the next two steps:
Step 1: Save the following code as a separate JavaScript wpml-addon.js file and put it into your child theme’s folder.
window.addEventListener(‘load’, function () // Wait until the page is loaded
{
const minorChangeBox = document.querySelector(‘#icl_minor_change_box input’); // Look for WPML check-box
if (minorChangeBox) // if there is a check-box
{ minorChangeBox.click(); } // …click it, causing it to be selected automatically
});
Step 2: Paste the following code at the end of the functions.php file of your child theme. That’s it.
// Adding the hook to automatically select the "Minor edit − don't update translation" flag of WPML
function specific_enqueue( $hook )
{
if( 'post.php' != $hook )
if( 'page.php' != $hook )
return;
wp_register_script( 'some-js', get_stylesheet_directory_uri().'/wpml-addon.js', array('jquery-core'), false, true );
wp_enqueue_script( 'some-js' );
}
add_action( 'admin_enqueue_scripts', 'specific_enqueue' );
And to conclude, what I like about WPML: the plugin is very reliable and stable, incorporates all the needed functionality for a top quality multilingual website, and is supported by most of the WordPress themes, builders and plugins. Apart from this, there is an extensive documentation and a support forum with lots of resolved tickets openly published. And last but not least, there is a very helpful live support, which responds quickly via online chat, and, if your issue takes longer, proceeds via email.
Pricing plans of WPML: Multilingual Blog, CMS, Agency
The most interesting of the WPML pricing plans is Multilingual CMS, which includes full functionality, is valid for 3 production and 9 development sites, and costs $99 for the first year and then $74 for yearly renewals. The cheapest Multilingual Blog option, which costs $39 for the first year and $29 for renewals, allows to translate posts, pages, taxonomies, menus and media manually. What is really missing in this plan – is the string translation module, without which you cannot translate texts coming from the theme and plugins. The Multilingual Blog is valid for 1 production and 3 development sites. The Multilingual Agency plan costs $199 for the first year and $149 for renewals, includes full functionality, and it is valid for an unlimited number of sites. Along with quite affordable pricing plans, WPML has a 30-days “no questions asked 100% refund” policy, so you can try the plugin for free.
Transferring the WPML account renewals to your clients
All the free multilingual WordPress plugins I tried so far have relatively basic functionality, which, most often, is not enough for a commercial website. For instance, you cannot translate URL slugs or duplicate posts across languages. When considering paid versions of the plugins, WPML is the most economical solution, since the Multilingual CMS plan is valid for 3 production sites. In addition, you can transfer the renewal payments to your clients. For every transferred renewal, you receive $20 credit, additional production site, and even will get paid by WPML if your credit gets higher than your yearly renewal cost. Your client will pay $35 per year for a single site, which includes the setup with connected domains. To be able to transfer renewals, you should have the Multilingual CMS or the Multilingual Agency plan.
Tips for using the WPML’s domain connection feature
WPML allows you to display different languages in completely independent domains, for example, the English version of your site at https://yourcompany.com and the German version – at https://yourcompany.de. For this you will need: the required domains, one hosting, corresponding number of SSL certificates or a multi-domain one, and a WPML license for one site. Such a setup, with different domains per language, is very beneficial for SEO and ranking of your secondary languages.
My advice is: inform you client about this option in advance, and make the English language the default one thus assigning it to your primary domain, which is normally .com or .org. At the development stage, place other languages into subfolders, e.g. https://yourcompany.com/de/. In this case, if your client decides to switch to the multi-domain setup in the future, you will not need to update the internal links iteratively, and you will not have to switch the default language of the site. The latter can cause minor issues as some site components and features coming from other plugins, your theme or builder might not switch. The multi-domain configuration settings, which worked for me in all the projects, are displayed in the first screenshot below.
Final remarks: what I like and do not like about WPML
The main thing I do not like about WPML is that recently, less than a year ago, they embedded the Translation Management into the core WPML Multilingual CMS plugin. So now you need to install three plugins, WPML Multilingual CMS, WPML Media and WPML String Translation, to use all WPML features. Before it was four plugins, plus WPML Translation Management.
If you redesign the site and have all the translations, you do not need the Translation Management part. However, now even after you switched off the “Translation Editor” entirely and pressed the “Translate Independently” button for the specific page, you still have the “Minor edit − don’t update translation” flag above the Update button for this page in the default language. You have to select this flag before updating, otherwise something is sent to Translation Management for secondary languages. To solve this issue, I ordered a small customization of WPML at the Codeable platform, where you can hire professional WordPress developers. The resulting code selects the aforementioned flag automatically right after the page is loaded for editing. You can see and copy the code on the desktop version of this site. The code is released under the GNU Public License.
And to conclude, what I like about WPML: the plugin is very reliable and stable, incorporates all the needed functionality for a top quality multilingual website, and is supported by most of the WordPress themes, builders and plugins. Apart from this, there is an extensive documentation and a support forum with lots of resolved tickets openly published. And last but not least, there is a very helpful live support, which responds quickly via online chat, and, if your issue takes longer, proceeds via email.
Overview of WPML pricing plans
The most interesting of the WPML pricing plans is Multilingual CMS, which includes full functionality, is valid for 3 production and 9 development sites, and costs $99 for the first year and then $74 for yearly renewals. The cheapest Multilingual Blog option, which costs $39 for the first year and $29 for renewals, allows to translate posts, pages, taxonomies, menus and media manually. What is really missing in this plan – is the string translation module, without which you cannot translate texts coming from the theme and plugins. The Multilingual Blog is valid for 1 production and 3 development sites. The Multilingual Agency plan costs $199 for the first year and $149 for renewals, includes full functionality, and it is valid for an unlimited number of sites. Along with quite affordable pricing plans, WPML has a 30-days “no questions asked 100% refund” policy, so you can try the plugin for free.
Transferring renewals to clients
All the free multilingual WordPress plugins I tried so far have relatively basic functionality, which, most often, is not enough for a commercial website. For instance, you cannot translate URL slugs or duplicate posts across languages. When considering paid versions of the plugins, WPML is the most economical solution, since the Multilingual CMS plan is valid for 3 production sites. In addition, you can transfer the renewal payments to your clients. For every transferred renewal, you receive $20 credit, additional production site, and even will get paid by WPML if your credit gets higher than your yearly renewal cost. Your client will pay $35 per year for a single site, which includes the setup with connected domains. To be able to transfer renewals, you should have the Multilingual CMS or the Multilingual Agency plan.
Independent domain per language
WPML allows you to display different languages in completely independent domains, for example, the English version of your site at https://yourcompany.com and the German version – at https://yourcompany.de. For this you will need: the required domains, one hosting, corresponding number of SSL certificates or a multi-domain one, and a WPML license for one site. Such a setup, with different domains per language, is very beneficial for SEO and ranking of your secondary languages.
My advice is: inform you client about this option in advance, and make the English language the default one thus assigning it to your primary domain, which is normally .com or .org. At the development stage, place other languages into subfolders, e.g. https://yourcompany.com/de/. In this case, if your client decides to switch to the multi-domain setup in the future, you will not need to update the internal links iteratively, and you will not have to switch the default language of the site. The latter can cause minor issues as some site components and features coming from other plugins, your theme or builder might not switch. The multi-domain configuration settings, which worked for me in all the projects, are displayed in the first screenshot below.
Pluses and minuses of WPML
The main thing I do not like about WPML is that recently, less than a year ago, they embedded the Translation Management into the core WPML Multilingual CMS plugin. So now you need to install three plugins, WPML Multilingual CMS, WPML Media and WPML String Translation, to use all WPML features. Before it was four plugins, plus WPML Translation Management.
If you redesign the site and have all the translations, you do not need the Translation Management part. However, now even after you switched off the “Translation Editor” entirely and pressed the “Translate Independently” button for the specific page, you still have the “Minor edit − don’t update translation” flag above the Update button for this page in the default language. You have to select this flag before updating, otherwise something is sent to Translation Management for secondary languages. To solve this issue, I ordered a small customization of WPML at the Codeable platform, where you can hire professional WordPress developers. The resulting code selects the aforementioned flag automatically right after the page is loaded for editing. You can see and copy the code on the desktop version of this site. The code is released under the GNU Public License.
And to conclude, what I like about WPML: the plugin is very reliable and stable, incorporates all the needed functionality for a top quality multilingual website, and is supported by most of the WordPress themes, builders and plugins. Apart from this, there is an extensive documentation and a support forum with lots of resolved tickets openly published. And last but not least, there is a very helpful live support, which responds quickly via online chat, and, if your issue takes longer, proceeds via email.
UpdraftPlus: backup and restore, free, addons, premium
UpdraftPlus is the most popular and arguably the best backup plugin for WordPress at the moment. It allows to restore, fast and easy, all the website components after unlucky updates, tests, hacking, or from a clean WordPress install. The free version creates backup of everything in WP’s content directory: database, plugins, uploads, themes, etc. The storage locations are: the “wp-content/updraft” folder by default, which is handy when testing, non-encrypted FTP, and popular cloud storages such as Google Drive. You can perform backups manually or set up a schedule. And, you can select which website components to back up or to restore. If I support a website myself, I purchase only the More files extension of UpdraftPlus, which adds to backup everything in the WP’s root directory, including the WordPress Core files. The latter enables you to roll back the CMS after update if needed. The addon costs $15 per year for one site. To summarize, I use the UpdraftPlus plugin already for many years in different setups, and it did not fail to restore the site even once.
Functionality and cost of various UpdraftPlus extensions plus features and pricing of the Personal Premium subscription
To extend the functionality of UpdraftPlus, there is a full shop of various addons, which allow, for example, to: move the site, back up automatically before updates, encrypt the FTP connection, back up to multiple storages, remove adverts, fix the backup time, use WP-CLI, restore backups from other backup plugins, and much more. Extension prices range from $10 to $49 per addon per year for one site. If you need several addons, you might consider buying a Premium subscription. The cheapest Personal plan costs $70 yearly and includes all the addons for two sites, premium support, updates, and other benefits.
Several practical points about the UpdraftPlus addons: activating the addons and re-assigning an addon license
If you have purchased at least one UpdraftPlus extension or a premium subscription, you will have to uninstall the free version of the plugin (no settings will be lost) and install the premium version downloaded from your UpdraftPlus dashboard. After you enter your dashboard login and password on plugin’s Premium/Extension tab, you will be able to activate all the purchased addons. If you first activated an addon on one domain, but then would like to switch to another, you need to release the addon from the first domain. To do it fast, contact the support; to do it yourself, uninstall the premium version of UpdraftPlus on the first domain and wait for 30 days. After this time period you will see in the dashboard a link to release the addon.
Extensions for UpdraftPlus and the Premium subscription
To extend the functionality of UpdraftPlus, there is a full shop of various addons, which allow, for example, to: move the site, back up automatically before updates, encrypt the FTP connection, back up to multiple storages, remove adverts, fix the backup time, use WP-CLI, restore backups from other backup plugins, and much more. Extension prices range from $10 to $49 per addon per year for one site. If you need several addons, you might consider buying a Premium subscription. The cheapest Personal plan costs $70 yearly and includes all addons for two sites, premium support, updates, and other benefits.
Several practical points about UpdraftPlus addons
If you have purchased at least one UpdraftPlus extension or a premium subscription, you will have to uninstall the free version of the plugin (no settings will be lost) and install the premium version downloaded from your UpdraftPlus dashboard. After you enter your dashboard login and password on plugin’s Premium/Extension tab, you will be able to activate all the purchased addons. If you first activated an addon on one domain, but then would like to switch to another, you need to release the addon from the first domain. To do it fast, contact the support; to do it yourself, uninstall the premium version of UpdraftPlus on the first domain and wait for 30 days. After this time period you will see in the dashboard a link allowing to release the addon.
UpdraftPlus addons and Premium
To extend the functionality of UpdraftPlus, there is a full shop of various addons, which allow, for example, to: move the site, back up automatically before updates, encrypt the FTP connection, back up to multiple storages, remove adverts, fix the backup time, use WP-CLI, restore backups from other backup plugins, and much more. Extension prices range from $10 to $49 per addon per year for one site. If you need several addons, you might consider buying a Premium subscription. The cheapest Personal plan costs $70 yearly and includes all the addons for two sites, premium support, updates, and several other benefits.
Practical points about addons
If you have purchased at least one UpdraftPlus extension or a premium subscription, you will have to uninstall the free version of the plugin (no settings will be lost) and install the premium version downloaded from your UpdraftPlus dashboard. After you enter your dashboard login and password on plugin’s Premium/Extension tab, you will be able to activate all the purchased addons. If you first activated an addon on one domain, but then would like to switch to another, you need to release the addon from the first domain. To do it fast, contact the support; to do it yourself, uninstall the premium version of UpdraftPlus on the first domain and wait for 30 days. After this time period you will see in the dashboard a link allowing to release the addon.
ShortPixel: image optimization, free, package, subscription
ShortPixel is my favorite image optimization plugin due to its extensive features, powerful optimization algorithms and user-friendly interface. The plugin allows to: compress JPG, PNG and GIF formats as well as PDF; generate next generation WebP and AVIF image versions and deliver them in the front-end; apply lossy, glossy or lossless compression; optimize images in bulk, automatically on upload, or manually one-by-one; restore optimized images and re-optimize; exclude images and thumbnails from optimization; and much more. ShortPixel is compatible with many popular gallery and slider plugins, including WPML Media. The free ShortPixel plan includes 100 credits per month. For a rough estimate, if you have 4 thumbnails for an image and use the WebP option, then this image will cost you: the original image (1 credit) + 4 thumbnails (4 credits) + WebP versions of all (5 credits) = 10 credits. Hence, 10 images per month.
ShortPixel credits packages and monthly subscription plans; plus a couple of tips on spending your credits economically
If you need more than 100 credits per month, ShortPixel offers a wide variety of pricing plans: monthly subscriptions, credits packages and the unlimited option. Most often, I purchase the popular 30K package for $19.99 one time payment. In general, one-time packages are more interesting, since credits never expire and you can use them on an unlimited number of sites. Monthly subscriptions are valid for any number of sites too, however, unused credits aren’t carried over to the next month.
To spare your credits, I advise to disable the “Optimize media on upload” option on the ShortPixel’s Advanced tab, and to only optimize the final versions of your images one-by-one. To save more, it is possible to exclude specific (wrt size) thumbnails from optimization on the same Advanced tab. By the way, the displayed there full list of all the image thumbnails, generated by your theme, plugins and WordPress, is a very useful information, which is sometimes hard to find. Apart from this, no credits are used for the images that are optimized less that 5%, which is relevant if you select the Lossless compression type, as I often do, not to lose even a little bit in quality. Besides, Lossless works very good with PNG-8 and PDF, compressing them by 30%-60%.
How to serve the next-gen WebP images in the front-end: options provided by ShortPixel and by other plugins
ShortPixel allows both, to create the next generation WebP and AVIF versions of your images, and to serve them in the front-end. The creation and serving are independent features. You can generate modern formats with ShortPixel, but deliver them using another plugin. The ShortPixel itself offers two options for serving: via the ‹picture› tag syntax thus altering the page code, and via .htaccess without touching the code. The first option can cause display problems depending on how your theme or image-related plugins use the ‹img› tags. The second option is much better, however, quite often you’ll see there “… that your server CAN’T serve the WebP or AVIF…” Don’t give up at once, most likely your hosting provider support can solve this. On my hosting, they just needed to transfer the processing of images on the server from NGINX to Apache. Important: before checking whether the word CAN’T has changed to CAN after efforts of your hosting support, clear your browser’s cache!
The optimal setup is to generate WebP using ShortPixel, but serve – via caching plugin. WP Rocket is the best caching plugin that includes this functionality. Yet, WP Rocket is not free. If you can use neither WP Rocket nor ShortPixel to deliver the next-gen images, there is another option: WebP Express. This is a free plugin that provides a lot of WebP related features. The serving options of WebP Express mostly duplicate the ones of ShortPixel, except for the “Replace image URLs” method, which works good (tested) with W3 Total Cache. Final point: out of three, ShortPixel alone can serve the AVIF format as well.
ShortPixel pricing plans plus tips for saving your credits
If you need more than 100 credits per month, ShortPixel offers a wide variety of pricing plans: monthly subscriptions, credits packages and the unlimited option. Most often, I purchase the popular 30K package for $19.99 one time payment. In general, one-time packages are more interesting, since credits never expire and you can use them on an unlimited number of sites. Monthly subscriptions are valid for many sites as well, however, unused credits aren’t carried over to the next month.
To spare your credits, I advise to disable the “Optimize media on upload” option on the ShortPixel’s Advanced tab, and to only optimize the final versions of your images one-by-one. To save more, it is possible to exclude specific (wrt size) thumbnails from optimization on the same Advanced tab. By the way, the displayed there full list of all the image thumbnails, generated by your theme, plugins and WordPress, is a very useful information, which is sometimes hard to find. Apart from this, no credits are used for the images that are optimized less that 5%, which is relevant if you select the Lossless compression type, as I often do, not to lose even a little bit in quality. Besides, Lossless works very good with PNG-8 and PDF, compressing them by 30%-60%.
How to serve WebP image versions in the front-end
ShortPixel allows both, to create the next generation WebP and AVIF versions of your images, and to serve them in the front-end. The creation and serving are independent features. You can generate modern formats with ShortPixel, but deliver them using another plugin. The ShortPixel itself offers two options for serving: via the ‹picture› tag syntax thus altering the page code, and via .htaccess without touching the code. The first option can cause display problems depending on how your theme or image-related plugins use the ‹img› tags. The second option is much better, however, quite often you’ll see there “… that your server CAN’T serve the WebP or AVIF…” Don’t give up at once, most likely your hosting provider support can solve this. On my hosting, they just needed to transfer the processing of images on the server from NGINX to Apache. Important remark: before checking whether the word CAN’T has successfully changed to CAN after efforts of your hosting support, clear your browser’s cache!
The optimal setup is to generate WebP using ShortPixel, but serve – via caching plugin. WP Rocket is the best caching plugin that includes this functionality. Yet, WP Rocket is not free. If you can use neither WP Rocket nor ShortPixel to serve the next-gen images, there is another option: WebP Express. This is a free plugin that provides a lot of WebP related features. The serving options of WebP Express mostly duplicate the ones of ShortPixel, except for the “Replace image URLs” method, which works good (tested) with the W3 Total Cache free caching plugin. Final point: out of three, ShortPixel alone can serve AVIF as well.
ShortPixel pricing & credits saving
If you need more than 100 credits per month, ShortPixel offers a wide variety of pricing plans: monthly subscriptions, credits packages and the unlimited option. Most often, I purchase the popular 30K package for $19.99 one time payment. In general, one-time packages are more interesting, since credits never expire and you can use them on an unlimited number of sites. Monthly subscriptions are valid for many sites as well, however, unused credits aren’t carried over to the next month.
To spare your credits, I advise to disable the “Optimize media on upload” option on the ShortPixel’s Advanced tab, and to only optimize the final versions of your images one-by-one. To save more, it is possible to exclude specific (wrt size) thumbnails from optimization on the same Advanced tab. By the way, the displayed there full list of all the image thumbnails, generated by your theme, plugins and WordPress, is a very useful information, which is sometimes hard to find. Apart from this, no credits are used for the images that are optimized less that 5%, which is relevant if you select the Lossless compression type, as I often do, not to lose even a little bit in quality. Besides, Lossless works very good with PNG-8 and PDF, compressing them by 30%-60%.
How to serve WebP in front-end
ShortPixel allows both, to create the next generation WebP and AVIF versions of your images, and to serve them in the front-end. The creation and serving are independent features. You can generate modern formats with ShortPixel, but deliver them using another plugin. The ShortPixel itself offers two options for serving: via the ‹picture› tag syntax thus altering the page code, and via .htaccess without touching the code. The first option can cause display problems depending on how your theme or image-related plugins use the ‹img› tags. The second option is much better, however, quite often you’ll see there “… that your server CAN’T serve the WebP or AVIF…” Don’t give up at once, most likely your hosting provider support can solve this. On my hosting, they just needed to transfer the processing of images on the server from NGINX to Apache. Important: before checking whether the word CAN’T has changed to CAN after efforts of your hosting support, clear your browser’s cache!
The optimal setup is to generate WebP using ShortPixel, but serve – via caching plugin. WP Rocket is the best caching plugin that includes this functionality. Yet, WP Rocket is not free. If you can use neither WP Rocket nor ShortPixel to serve the next-gen images, there is another option: WebP Express. This is a free plugin that provides a lot of WebP related features. The serving options of WebP Express mostly duplicate the ones of ShortPixel, except for the “Replace image URLs” method, which works good (tested) with W3 Total Cache. Final point: out of three, ShortPixel alone can serve AVIF as well.
SEOPress: search engine optimization, Free and Pro
In many reviews, SEOPress is recognized to be the best SEO plugin for WordPress when compared to its numerous competitors. Having tried myself the top five solutions, I settled on SEOPress. The reasons are: it is full of features and has clear interface without ads in both versions; it is integrated with many plugins and builders, including WPML and WP Rocket; it is very lightweight and you can disable unused modules; plus the all-inclusive Pro version is the best deal on the market that costs $49/year for unlimited sites. SEOPress Free includes all the needed features for a solid SEO of your site: titles and metas; XML and image sitemaps; content analysis with unlimited keywords; Google Tag Manager; redirections and canonical URLs; custom Facebook and Twitter cards; and much more. Since the free version allows to specify only the general schema markup for your Google Knowledge Graph, I use SEOPress Free always in combination with the Websitescanner Custom Schema plugin. This is a free plugin, allowing to add your own JSON-ld semantic markup code on every page. To have more sophisticated structured data generator, with automatic and manual schemas, you will need SEOPress Pro.
Overview of SEOPress Pro features: schemas, OpenAI, redirect manager, broken links checker, GA in dashboard, local SEO, etc.
Manual schemas: In SEOPress Pro, a manual schema is applied to a page individually. You select the structured data type for the post in the corresponding list, and then fill in all the appeared fields, without the need to code. The available data types are: Local Business, Service, Article (WebPage), Event, Job, Product, FAQ, How-To, Review, Recipe, Video, Course, Software Application, and Custom. The last Custom option allows to add your own JSON-ld code in the same way as the Websitescanner Custom Schema plugin does, with the only difference being that the latter requires the ‹script› tag to be removed.
Automatic schemas: An automatic schema is defined independently of any page on the Schemas screen of SEOPress Pro, and then it is applied globally by publication type (e.g. to all posts). When creating an automatic schema, you first select the data type as with manual schemas, but then for each field you choose an option in the list, containing: many predefined variables (e.g. “Post Title”), then “Manual text”, and “Manual text on each post“ at the end. All the “Manual text on each post” fields will be editable per publication, while the rest of the fields will be hidden and generated automatically from publication data.
OpenAI: Integration of the OpenAI artificial intelligence into SEOPress Pro is the newest feature, which is still under active improvement. Currently, you can automatically generate meta title and meta description for a post, page or custom post type based on its content, individually and in bulk. To use AI, you will need an OpenAI API key and their tokens/credits to pay for text processing, where 1K tokens is about 750 words. By default, SEOPress uses the most powerful Davinci language model that costs $0.02 per 1K tokens. If you register with OpenAI first time, you’ll get $5 of free credits to be used during three months.
Redirections: SEOPress Free already includes decent redirection functionality allowing to redirect post, page, taxonomy and post type to another URL, as well as attachment pages to the post parent or to the file URL. The Pro version offers a full scale redirect manager with 301, 302, 307… redirects, regular expressions, automatic and conditional redirects, and importing.
Other features: In addition to those described above, SEOPress Pro includes a great deal of other premium tools: robots.txt and .htaccess editor, Local SEO and WooCommerce SEO, video and news sitemaps, keywords from Google and internal linking suggestions, broken links checker and 404 monitoring, GA stats in the dashboard, breadcrumbs, white label, and a lot more.
Differences between SEOPress and its main competitor - Yoast SEO, the most popular SEO plugin for WordPress
SEOPress Free vs Yoast SEO Free: Free versions of both plugins cover all the essential SEO functionality, however, there are some differences in extra features. SEOPress allows to optimize for multiple keywords; free Yoast SEO – just for one. None of the Yoast versions includes Google Tag Manager, always available in SEOPress. On the other hand, breadcrumb navigation and robots.txt / .htaccess editor, included in Yoast, are provided only by SEOPress Pro. Remark: Yoast edits your actual robots.txt, while SEOPress creates a virtual file, which does not bypass the real one if you have it. Both plugins configure your Google Knowledge Graph, yet, Yoast includes a bit more structured data functionality. You can select a page type and an article type in two lists for each publication; after that, the rest of your schema is generated automatically and invisibly, hence, you cannot customize the markup (via API you can). Lastly, there are no ads in SEOPress, and quite a lot – in the free version of Yoast.
SEOPress Pro vs Yoast SEO Premium: Premium version of Yoast, which costs $99 per year for one site, includes: optimization for multiple keywords, video and news sitemaps, internal linking suggestions, broken links checker, related keyphrases from Semrush, and redirect manager. To have Local SEO or WooCommerce SEO, you have to buy the corresponding separate plugin. Pro version of SEOPress costs $49 per year for unlimited sites, and includes all the listed features (with keyword suggestions from Google) plus: advanced schemas, OpenAI, GA stats, PageSpeed Insights, Google Inspect URL, Dublin Core, white label…
Documentation and Newsletter: Yoast provides an extensive online documentation, though a bit messy, while their newsletter is bright, frequent, and – it is one of the best resources to learn SEO from the ground up. SEOPress online docs are well structured, no less comprehensive, and slightly easier to digest from my point of view. Their mailing comes once a week and contains overview of the latest changes in Google’s algorithm, SEOPress products news, and links to their featured blog posts, which are always worth reading. I recommend to subscribe to SEOPress newsletter even if you do not use the plugin itself.
Conclusion: The presented above three paragraphs are by far not an overall comparison of the two plugins; I just highlighted the most notable differences from my own experience. If you google for “SEOPress vs Yoast SEO”, you will find several articles completely dedicated to the topic. To add and sum up, Yoast gives much attention to text optimization, while SEOPress provides more diverse SEO instruments. I would advise to try free versions of both, and decide whose approach to WordPress SEO is more appealing to you. Take into account, that you can import data to SEOPress from Yoast SEO, but not vice versa.
SEOPress Pro: schemas, OpenAI, redirect manager, etc.
Manual schemas: In SEOPress Pro, a manual schema is applied to a page individually. You select the structured data type for the post in the corresponding list, and then fill in all the appeared fields, without the need to code. The available data types are: Local Business, Service, Article (WebPage), Event, Job, Product, FAQ, How-To, Review, Recipe, Video, Course, Software Application, and Custom. The last Custom option allows to add your own JSON-ld code in the same way as the Websitescanner Custom Schema plugin does, with the only difference being that the latter requires the ‹script› tag to be removed.
Automatic schemas: An automatic schema is defined independently of any page on the Schemas screen of SEOPress Pro, and then it is applied globally by publication type (e.g. to all posts). When creating an automatic schema, you first select the data type as with manual schemas, but then for each field you choose an option in the list, containing: many predefined variables (e.g. “Post Title”), then “Manual text”, and “Manual text on each post“ at the end. All the “Manual text on each post” fields will be editable per publication, while the rest of the fields will be hidden and generated automatically from publication data.
OpenAI: Integration of the OpenAI artificial intelligence into SEOPress Pro is the newest feature, which is still under active improvement. Currently, you can automatically generate meta title and meta description for a post, page or custom post type based on its content, individually and in bulk. To use AI, you will need an OpenAI API key and their tokens/credits to pay for text processing, where 1K tokens is about 750 words. By default, SEOPress uses the most powerful Davinci language model that costs $0.02 per 1K tokens. If you register with OpenAI first time, you’ll get $5 of free credits to be used during three months.
Redirections: SEOPress Free already includes decent redirection functionality allowing to redirect post, page, taxonomy and post type to another URL, as well as attachment pages to the post parent or to the file URL. The Pro version offers a full scale redirect manager with 301, 302, 307… redirects, regular expressions, automatic and conditional redirects, and importing.
Other features: In addition to those described above, SEOPress Pro includes a great deal of other premium tools: robots.txt and .htaccess editor, Local SEO and WooCommerce SEO, video and news sitemaps, keywords from Google and internal linking suggestions, broken links checker and 404 monitoring, GA stats in the dashboard, breadcrumbs, white label, and a lot more.
Overview of differences between SEOPress and Yoast SEO
SEOPress Free vs Yoast SEO Free: Free versions of both plugins cover all the essential SEO functionality, however, there are some differences in extra features. SEOPress allows to optimize for multiple keywords; free Yoast SEO – just for one. None of the Yoast versions includes Google Tag Manager, always available in SEOPress. On the other hand, breadcrumb navigation and robots.txt / .htaccess editor, included in Yoast, are provided only by SEOPress Pro. Remark: Yoast edits your actual robots.txt, while SEOPress creates a virtual file, which does not bypass the real one if you have it. Both plugins configure your Google Knowledge Graph, yet, Yoast includes a bit more structured data functionality. You can select a page type and an article type in two lists for each publication; after that, the rest of your schema is generated automatically and invisibly, hence, you cannot customize the markup (via API you can). Lastly, there are no ads in SEOPress, and quite a lot – in the free version of Yoast.
SEOPress Pro vs Yoast SEO Premium: Premium version of Yoast, which costs $99 per year for one site, includes: optimization for multiple keywords, video and news sitemaps, internal linking suggestions, broken links checker, related keyphrases from Semrush, and redirect manager. To have Local SEO or WooCommerce SEO, you have to buy the corresponding separate plugin. Pro version of SEOPress costs $49 per year for unlimited sites, and includes all the listed features (with keyword suggestions from Google) plus: advanced schemas, OpenAI, GA stats, PageSpeed Insights, Google Inspect URL, Dublin Core, white label…
Documentation and Newsletter: Yoast provides an extensive online documentation, though a bit messy, while their newsletter is bright, frequent, and – it is one of the best resources to learn SEO from the ground up. SEOPress online docs are well structured, no less comprehensive, and slightly easier to digest from my point of view. Their mailing comes once a week and contains overview of the latest changes in Google’s algorithm, SEOPress products news, and links to their featured blog posts, which are always worth reading. I recommend to subscribe to SEOPress newsletter even if you do not use the plugin itself.
Conclusion: The presented above three paragraphs are by far not an overall comparison of the two plugins; I just highlighted the most notable differences from my own experience. If you google for “SEOPress vs Yoast SEO”, you will find several articles completely dedicated to the topic. To add and sum up, Yoast gives much attention to text optimization, while SEOPress provides more diverse SEO instruments. I would advise to try free versions of both, and decide whose approach to WordPress SEO is more appealing to you. Take into account, that you can import data to SEOPress from Yoast SEO, but not vice versa.
SEOPress Pro features in short
Manual schemas: In SEOPress Pro, a manual schema is applied to a page individually. You select the structured data type for the post in the corresponding list, and then fill in all the appeared fields, without the need to code. The available data types are: Local Business, Service, Article (WebPage), Event, Job, Product, FAQ, How-To, Review, Recipe, Video, Course, Software Application, and Custom. The last Custom option allows to add your own JSON-ld code in the same way as the Websitescanner Custom Schema plugin does, with the only difference being that the latter requires the ‹script› tag to be removed.
Automatic schemas: An automatic schema is defined independently of any page on the Schemas screen of SEOPress Pro, and then it is applied globally by publication type (e.g. to all posts). When creating an automatic schema, you first select the data type as with manual schemas, but then for each field you choose an option in the list, containing: many predefined variables (e.g. “Post Title”), then “Manual text”, and “Manual text on each post“ at the end. All the “Manual text on each post” fields will be editable per publication, while the rest of the fields will be hidden and generated automatically from publication data.
OpenAI: Integration of the OpenAI artificial intelligence into SEOPress Pro is the newest feature, which is still under active improvement. Currently, you can automatically generate meta title and meta description for a post, page or custom post type based on its content, individually and in bulk. To use AI, you will need an OpenAI API key and their tokens/credits to pay for text processing, where 1K tokens is about 750 words. By default, SEOPress uses the most powerful Davinci language model that costs $0.02 per 1K tokens. If you register with OpenAI first time, you’ll get $5 of free credits to be used during three months.
Redirections: SEOPress Free already includes decent redirection functionality allowing to redirect post, page, taxonomy and post type to another URL, as well as attachment pages to the post parent or to the file URL. The Pro version offers a full scale redirect manager with 301, 302, 307… redirects, regular expressions, automatic and conditional redirects, and importing.
Other features: In addition to those described above, SEOPress Pro includes a great deal of other premium tools: robots.txt and .htaccess editor, Local SEO and WooCommerce SEO, video and news sitemaps, keywords from Google and internal linking suggestions, broken links checker and 404 monitoring, GA stats in the dashboard, breadcrumbs, white label, and a lot more.
Overview: SEOPress vs Yoast SEO
SEOPress Free vs Yoast SEO Free: Free versions of both plugins cover all the essential SEO functionality, however, there are some differences in extra features. SEOPress allows to optimize for multiple keywords; free Yoast SEO – just for one. None of the Yoast versions includes Google Tag Manager, always available in SEOPress. On the other hand, breadcrumb navigation and robots.txt / .htaccess editor, included in Yoast, are provided only by SEOPress Pro. Remark: Yoast edits your actual robots.txt, while SEOPress creates a virtual file, which does not bypass the real one if you have it. Both plugins configure your Google Knowledge Graph, yet, Yoast includes a bit more structured data functionality. You can select a page type and an article type in two lists for each publication; after that, the rest of your schema is generated automatically and invisibly, hence, you cannot customize the markup (via API you can). Lastly, there are no ads in SEOPress, and quite a lot – in the free version of Yoast.
SEOPress Pro vs Yoast SEO Premium: Premium version of Yoast, which costs $99 per year for one site, includes: optimization for multiple keywords, video and news sitemaps, internal linking suggestions, broken links checker, related keyphrases from Semrush, and redirect manager. To have Local SEO or WooCommerce SEO, you have to buy the corresponding separate plugin. Pro version of SEOPress costs $49 per year for unlimited sites, and includes all the listed features (with keyword suggestions from Google) plus: advanced schemas, OpenAI, GA stats, PageSpeed Insights, Google Inspect URL, Dublin Core, white label…
Documentation and Newsletter: Yoast provides an extensive online documentation, though a bit messy, while their newsletter is bright, frequent, and – it is one of the best resources to learn SEO from the ground up. SEOPress online docs are well structured, no less comprehensive, and slightly easier to digest from my point of view. Their mailing comes once a week and contains overview of the latest changes in Google’s algorithm, SEOPress products news, and links to their featured blog posts, which are always worth reading. I recommend to subscribe to SEOPress newsletter even if you do not use the plugin itself.
Conclusion: The presented above three paragraphs are by far not an overall comparison of the two plugins; I just highlighted the most notable differences from my own experience. If you google for “SEOPress vs Yoast SEO”, you will find several articles completely dedicated to the topic. To add and sum up, Yoast gives much attention to text optimization, while SEOPress provides more diverse SEO instruments. I would advise to try free versions of both, and decide whose approach to WordPress SEO is more appealing to you. Take into account, that you can import data to SEOPress from Yoast SEO, but not vice versa.
Wordfence: website security and firewall, Free and Premium
Wordfence, with over 4 million installations, is widely recognized to be the best security solution for WordPress. The plugin provides: web application firewall, malware scanner, plugin and theme vulnerability monitoring, file change detection, intrusion alerts, rate limiting, brute force protection, and login security. Wordfence is easy-to-use, includes an onboarding wizard, and performs firewall optimization (via changing your PHP configuration) upon install to activate the “Extended Protection” mode. The latter means that the firewall will load on your site before the WordPress itself or any other PHP files that may be vulnerable. If you somehow declined the offer to optimize the firewall, you can do it on the “All Options” page, via clicking the “Optimize the Wordfence Firewall” button within the “Basic Firewall Options” toggle. All the aforementioned features are included in Wordfence Free, which, from my point of view, is absolutely sufficient for most personal blogs. However, websites using the free version receive the latest updates of firewall rules and malware signatures with a 30-day delay. Hence, for commercial websites, I’d recommend to use the premium version of the plugin.
Wordfence Premium: real-time updates of firewall rules, malware signatures, and the IP blocklist; country blocking; support
Wordfence Premium costs $119 per year for one site, and includes: real-time updates of the malware signatures and firewall rules, continuously updated blocklist of the active malicious IP addresses, advanced country blocking options, ticket-based support, and additional scan checks: for reputation of your site (if it is on any blacklists), whether your site is “spamvertised” (the site is being included in spam emails), and whether your IP address is generating spam (e.g. when another site on a shared hosting is infected). To sum up, with Wordfence Premium, you can be completely sure that your website is well-protected.
The Wordfence login security options; and how to make brute-force attacks impossible with the WPS Hide Login plugin
Wordfence offers two login security options: two-factor authentication, i.e. 2FA, and reCAPTCHA, which can be used together. 2FA involves an additional gadget, e.g. mobile phone, and an installed on it authentication app, e.g. Google Authenticator. To log in with 2FA enabled, you need to enter your username and password as usual, but then you will be asked to enter the code from the authentication app. The code changes every 30 seconds. Though 2FA is very secure, it seems to be a bit cumbersome. reCAPTCHA, on the other hand, doesn’t require to do anything different from usual. Google’s reCAPTCHA v3, implemented by Wordfence, automatically calculates a score for each user and decides whether it is a human based on the set threshold.
Yet, the main problem with WordPress login security is that the standard login URL is generally known. This makes brute-force attacks possible, which involve ‘guessing’ the credentials to access the dashboard. Wordfence Brute Force Protection module allows to set a limit on login failures and lock the user. But there is an even more reliable approach: a custom login address. I always use Wordfence in combination with WPS Hide Login. This is a free plugin that lets you change your login URL and thus zero brute-force attacks completely. WPS Hide Login appends its tools at the bottom of the Settings ↦ General page. There you can specify a custom slug instead of wp-login.php, and set the Redirection url, whereto the wp-login.php and wp-admin will be redirected when not logged in. Based on my testing, WPS Hide Login is compatible with 2FA and reCAPTCHA of Wordfence.
Remark 1: If you use WPS Hide Login and WP Rocket, you do not have to do anything, since the plugins are fully compatible. However, if you use another caching plugin, you should add the custom login URL to the list of pages not to cache. In case of W3 Total Cache, I advise to add the new login page slug in two places: Performance ↦ Page Cache ↦ Advanced ↦ Never cache the following pages, and Performance ↦ Browser Cache ↦ General ↦ 404 error exception list.
Remark 2: The only problem with WPS Hide Login is that the Redirection url setting quite often doesn’t function properly. In some setups it works for the wp-admin directory, but the wp-login.php page is always redirected to some default 404 address. Thereto, depending on how your 404 is made, WPS Hide Login might pull a badly rendered page. In such a case, I manually redirect wp-login.php to proper 404 via .htaccess. Sub-remark: don’t do the same to wp-admin, since it is used when working in the dashboard. To redirect wp-login.php, add the following code to your .htaccess right below the # END WordPress line:
Redirect 301 /wp-login.php https://yoursite.com/your-page-404
Final remark: If you forgot your custom login URL, just go to /wp-content/plugins/ directory on your web server and delete the wps-hide-login folder; don’t forget to remove the 301 redirect from your .htaccess file if you had to add one. After that you will be able to log in through the standard wp-login.php path and reinstall the WPS Hide Login plugin.
Cost and features of the premium Wordfence version
Wordfence Premium costs $119 per year for one site, and includes: real-time updates of the malware signatures and firewall rules, continuously updated blocklist of the active malicious IP addresses, advanced country blocking options, ticket-based support, and additional scan checks: for reputation of your site (if it is on any blacklists), whether your site is “spamvertised” (the site is being included in spam emails), and whether your IP address is generating spam (e.g. when another site on a shared hosting is infected). To sum up, with Wordfence Premium, you can be sure that your website is well-protected.
Login security options: Wordfence and WPS Hide Login
Wordfence offers two login security options: two-factor authentication, i.e. 2FA, and reCAPTCHA, which can be used together. 2FA involves an additional gadget, e.g. mobile phone, and an installed on it authentication app, e.g. Google Authenticator. To log in with 2FA enabled, you need to enter your username and password as usual, but then you will be asked to enter the code from the authentication app. The code changes every 30 seconds. Though 2FA is very secure, it seems to be a bit cumbersome. reCAPTCHA, on the other hand, doesn’t require to do anything different from usual. Google’s reCAPTCHA v3, implemented by Wordfence, automatically calculates a score for each user and decides whether it is a human based on the set threshold.
Yet, the main problem with WordPress login security is that the standard login URL is generally known. This makes brute-force attacks possible, which involve ‘guessing’ the credentials to access the dashboard. Wordfence Brute Force Protection module allows to set a limit on login failures and lock the user. But there is an even more reliable approach: a custom login address. I always use Wordfence in combination with WPS Hide Login. This is a free plugin that lets you change your login URL and thus zero brute-force attacks completely. WPS Hide Login appends its tools at the bottom of the Settings ↦ General page. There you can specify a custom slug instead of wp-login.php, and set the Redirection url, whereto the wp-login.php and wp-admin will be redirected when not logged in. Based on my testing, WPS Hide Login is compatible with 2FA and reCAPTCHA of Wordfence.
Remark 1: If you use WPS Hide Login and WP Rocket, you do not have to do anything, since the plugins are fully compatible. However, if you use another caching plugin, you should add the custom login URL to the list of pages not to cache. In case of W3 Total Cache, I advise to add the new login page slug in two places: Performance ↦ Page Cache ↦ Advanced ↦ Never cache the following pages, and Performance ↦ Browser Cache ↦ General ↦ 404 error exception list.
Remark 2: The only problem with WPS Hide Login is that the Redirection url setting quite often doesn’t function properly. In some setups it works for the wp-admin directory, but the wp-login.php page is always redirected to some default 404 address. Thereto, depending on how your 404 is made, WPS Hide Login might pull a badly rendered page. In such a case, I manually redirect wp-login.php to proper 404 via .htaccess. Sub-remark: don’t do the same to wp-admin, since it is used when working in the dashboard. To redirect wp-login.php, add the following code to your .htaccess right below the # END WordPress line:
Redirect 301 /wp-login.php https://yoursite.com/404
Final remark: If you forgot your custom login URL, just go to /wp-content/plugins/ directory on your web server and delete the wps-hide-login folder; don’t forget to remove the 301 redirect from your .htaccess file if you had to add one. After that you will be able to log in through the standard wp-login.php path and reinstall the WPS Hide Login plugin.
Wordfence Premium features
Wordfence Premium costs $119 per year for one site, and includes: real-time updates of the malware signatures and firewall rules, continuously updated blocklist of the active malicious IP addresses, advanced country blocking options, ticket-based support, and additional scan checks: for reputation of your site (if it is on any blacklists), whether your site is “spamvertised” (the site is being included in spam emails), and whether your IP address is generating spam (e.g. when another site on a shared hosting is infected). To sum up, with Wordfence Premium, you can be completely sure that your website is well-protected.
Login security & WPS Hide Login
Wordfence offers two login security options: two-factor authentication, i.e. 2FA, and reCAPTCHA, which can be used together. 2FA involves an additional gadget, e.g. mobile phone, and an installed on it authentication app, e.g. Google Authenticator. To log in with 2FA enabled, you need to enter your username and password as usual, but then you will be asked to enter the code from the authentication app. The code changes every 30 seconds. Though 2FA is very secure, it seems to be a bit cumbersome. reCAPTCHA, on the other hand, doesn’t require to do anything different from usual. Google’s reCAPTCHA v3, implemented by Wordfence, automatically calculates a score for each user and decides whether it is a human based on the set threshold.
Yet, the main problem with WordPress login security is that the standard login URL is generally known. This makes brute-force attacks possible, which involve ‘guessing’ the credentials to access the dashboard. Wordfence Brute Force Protection module allows to set a limit on login failures and lock the user. But there is an even more reliable approach: a custom login address. I always use Wordfence in combination with WPS Hide Login. This is a free plugin that lets you change your login URL and thus zero brute-force attacks completely. WPS Hide Login appends its tools at the bottom of the Settings ↦ General page. There you can specify a custom slug instead of wp-login.php, and set the Redirection url, whereto the wp-login.php and wp-admin will be redirected when not logged in. Based on my testing, WPS Hide Login is compatible with 2FA and reCAPTCHA of Wordfence.
Remark 1: If you use WPS Hide Login and WP Rocket, you do not have to do anything, since the plugins are fully compatible. However, if you use another caching plugin, you should add the custom login URL to the list of pages not to cache. In case of W3 Total Cache, I advise to add the new login page slug in two places: Performance ↦ Page Cache ↦ Advanced ↦ Never cache the following pages, and Performance ↦ Browser Cache ↦ General ↦ 404 error exception list.
Remark 2: The only problem with WPS Hide Login is that the Redirection url setting quite often doesn’t function properly. In some setups it works for the wp-admin directory, but the wp-login.php page is always redirected to some default 404 address. Thereto, depending on how your 404 is made, WPS Hide Login might pull a badly rendered page. In such a case, I manually redirect wp-login.php to proper 404 via .htaccess. Sub-remark: don’t do the same to wp-admin, since it is used when working in the dashboard. To redirect wp-login.php, add the following code to your .htaccess right below the # END WordPress line:
Redirect 301 /wp-login.php https://yoursite.com/404
Final remark: If you forgot your custom login URL, just go to /wp-content/plugins/ directory on your web server and delete the wps-hide-login folder; don’t forget to remove the 301 redirect from your .htaccess file if you had to add one. After that you will be able to log in through the standard wp-login.php path and reinstall the WPS Hide Login plugin.
WP Rocket: speed and performance, free alternative
WP Rocket, which won the WP Awards prize for the best performance plugin in 2022 and has over 3 million installations, is consistently rated to be the No.1 caching plugin for WordPress. WP Rocket is very easy to use and set up, it applies 80% of web performance best practices upon activation, and is compatible with the most popular themes and plugins such as WPML, SEOPress and Wordfence among others. Included features go beyond the standard caching plugin. In particular, WP Rocket provides: page and browser caching, cache preload, eCommerce optimization, WebP serving, JavaScript & CSS minification and combination, database cleanup, and a lot more. In short, the plugin will definitely improve your PageSpeed score to a large degree. Yet, be careful with JS & CSS optimization: activate the available options one-by-one and check the effect on your front-end. To simplify setting up the “Delay JS execution” part, WP Rocket auto-detects JS files from your analytics & ads, plugins, and themes; thus allowing to easily exclude any components from optimization. Plus some news: PageSpeed Insights include now special recommendations for WP Rocket settings if you have the plugin installed.
WP Rocket is a premium plugin, that is, there is no free version available. At the same time, the cost is quite affordable and there are three different pricing plans depending on how many websites you need to speed up. The Single plan costs $59 per year and includes product updates and support for one site. The Plus plan for $119 a year allows to use WP Rocket on three sites. And the Infinite license, eligible for an unlimited number of sites, costs $299 yearly. Besides, before purchasing, you can test any URL on the WP Rocket website to see how the plugin can improve Core Web Vitals of the corresponding page. In addition, there is a 100% money back guarantee within 14 days of purchase, and, periodically, WP Rocket offers a 20% first-year discount on all the plans.
W3 Total Cache - the best free alternative to WP Rocket; features of the W3TC web performance optimization framework
W3 Total Cache, or W3TC in short, is a free and powerful web performance optimization framework for WordPress that goes on par with WP Rocket in terms of PageSpeed scores. However, the amount of W3TC settings might be a bit overwhelming, especially when you first get to know the plugin. To help you out, there are many detailed tutorials on the web explaining how to configure W3 Total Cache at basic and advanced levels. In addition, W3TC has a Setup Guide Wizard, which tests your page, database, object, and browser cache to detect the best option for each, and allows to enable the latter. To start the wizard, in case you skipped it after activating the plugin, just navigate to Performance ↦ Setup Guide in the WordPress admin menu. As for features, W3 Total Cache includes absolutely everything related to caching and minification, plus some extras. In sum, if you need a very good plus free optimization plugin to speed up your site, W3TC is definitely worth the effort to configure it.
One of W3TC extensions is Image Service, which allows to convert images to WebP format. After you enable the addon in the Performance ↦ Extensions list, an extra Total Cache Image Service page appears under Media. There you can specify conversion settings, convert/revert in bulk, and show/hide WebP image versions in your media library. If you use Lossless compression type, many images won’t convert since the resulting WebP size is larger than the original. By the way, ShortPixel has the same issue exceptionally rarely. If you select Lossy compression, most of images will convert. In the library, you can process and revert images one-by-one. Hourly/monthly quota for conversions is 100/1000 correspondingly. To serve WebP in the front-end as implied by W3TC, your WordPress environment should be properly configured: details here. An easier solution is to use the WebP Express plugin: it delivers the next-gen format only in supporting browsers, and otherwise displays the original image.
If W3TC works really well for your site and you like being able to fine-tune every setting, you might be interested in the Pro version of the plugin. W3 Total Cache Pro costs $99/year for one site and additionally provides: extensions for Genesis and WPML, fragment caching, full site delivery via CDN, WordPress Rest API caching, lazy load for Google maps, unlim conversions to WebP per month, caching statistics, and ticket support. Besides Pro, there are also one-time paid services, such as plugin configuration ($125) and hosting environment troubleshooting ($200); you can find the full list on Performance ↦ Support.
Improving performance by cleaning up the database: features of WP Rocket and Advanced Database Cleaner
Database cleanup, which consists in deletion of unnecessary (old, orphan, trash, expired, etc.) data from your database, might significantly improve your website speed and performance, especially after the development phase, or if you’ve been using WordPress for a while. In addition, your backups will be quicker and smaller. WP Rocket includes the DB optimization feature, and allows you to: clean up posts, comments and transients (delete revisions, auto drafts, trashed posts, expired transients, spam and trashed comments), optimize tables, and schedule automatic cleanups. W3 Total Cache doesn’t provide the database cleanup functionality, hence, you’ll need an additional plugin for the task. My favorite solution is Advanced Database Cleaner. Its free version covers everything included in WP Rocket plus: removal of pending comments, pingbacks, trackbacks, orphaned meta and relationships; repair of corrupted tables; display and deletion of options and scheduled tasks; and a bit more. By and large, any of the plugins, WP Rocket or Advanced DB Cleaner, is completely enough for an ongoing maintenance of the site.
Still, if you would like to perform a more thorough database cleanup and remove any leftovers of deleted plugins and themes, you’ll need the Advanced Database Cleaner Pro. The Pro version detects orphaned options, tables and cron jobs, and allows to delete them, as well as to search, filter and categorize anything. The Starter plan for 2 sites costs $39 one-time payment and includes all pro features, lifetime updates, and lifetime support. There are also Business (5 sites) and Unlimited licenses for $59 and $149 one-time payment respectively: lifetime support and updates as well, plus technical support (help in cleaning up your database without losing important data). And always, no questions asked 100% refund policy within 30 days of purchase.
Important remark to conclude: do not forget to backup your database before running a cleanup using any plugin!
In short about persistent object cache, when not to use it, and how to disable the corresponding WordPress Site Health check
Persistent object caching is in fact storing the results of frequently repeated database queries in an object store. This might greatly reduce the load on the database thus decreasing the server response time. If you run a large-scale, high-traffic, and dynamic website, you must use object caching based on a proper hosting configuration. WP Rocket doesn’t create this type of cache, so you’ll need an additional plugin to implement it: more details here. As for W3 Total Cache, both versions of W3TC provide the object caching functionality. However, if you are on a shared hosting, most often the best option in terms of site speed is not to use the object cache at all. This is exactly what the Setup Guide Wizard of W3TC will detect if you run it. Hence, in such a case, WordPress will still display the “You should use a persistent object cache” recommendation on your Site Health screen. To disable this health check and get the “Great job!” smile back, add the following code to your functions.php file:
// Remove the WP site health check for persistent object cache
function prefix_remove_php_test( $tests )
{ unset( $tests['direct']['persistent_object_cache'] ); return $tests; }
add_filter( 'site_status_tests', 'prefix_remove_php_test' );WP Rocket pricing plans: Single, Plus, and Infinite
WP Rocket is a premium plugin, that is, there is no free version available. At the same time, the cost is quite affordable and there are three different pricing plans depending on how many websites you need to speed up. The Single plan costs $59 per year and includes product updates and support for one site. The Plus plan for $119 a year allows to use WP Rocket on three sites. And the Infinite license, eligible for an unlimited number of sites, costs $299 yearly. Besides, before purchasing, you can test any URL on the WP Rocket website to see how the plugin can improve Core Web Vitals of the corresponding page. In addition, there is a 100% money back guarantee within 14 days of purchase, and, periodically, WP Rocket offers a 20% first-year discount on all the plans.
W3 Total Cache - the best free alternative to WP Rocket
W3 Total Cache, or W3TC in short, is a free and powerful web performance optimization framework for WordPress that goes on par with WP Rocket in terms of PageSpeed scores. However, the amount of W3TC settings might be a bit overwhelming, especially when you first get to know the plugin. To help you out, there are many detailed tutorials on the web explaining how to configure W3 Total Cache at basic and advanced levels. In addition, W3TC has a Setup Guide Wizard, which tests your page, database, object, and browser cache to detect the best option for each, and allows to enable the latter. To start the wizard, in case you skipped it after activating the plugin, just navigate to Performance ↦ Setup Guide in the WordPress admin menu. As for features, W3 Total Cache includes absolutely everything related to caching and minification, plus some extras. In sum, if you need a very good plus free optimization plugin to speed up your site, W3TC is definitely worth the effort to configure it.
One of W3TC extensions is Image Service, which allows to convert images to WebP format. After you enable the addon in the Performance ↦ Extensions list, an extra Total Cache Image Service page appears under Media. There you can specify conversion settings, convert/revert in bulk, and show/hide WebP image versions in your media library. If you use Lossless compression type, many images won’t convert since the resulting WebP size is larger than the original. By the way, ShortPixel has the same issue exceptionally rarely. If you select Lossy compression, most of images will convert. In the library, you can process and revert images one-by-one. Hourly/monthly quota for conversions is 100/1000 correspondingly. To serve WebP in the front-end as implied by W3TC, your WordPress environment should be properly configured: details here. An easier solution is to use the WebP Express plugin: it delivers the next-gen format only in supporting browsers, and otherwise displays the original image.
If W3TC works really well for your site and you like being able to fine-tune every setting, you might be interested in the Pro version of the plugin. W3 Total Cache Pro costs $99/year for one site and additionally provides: extensions for Genesis and WPML, fragment caching, full site delivery via CDN, WordPress Rest API caching, lazy load for Google maps, unlim conversions to WebP per month, caching statistics, and ticket support. Besides Pro, there are also one-time paid services, such as plugin configuration ($125) and hosting environment troubleshooting ($200); you can find the full list on Performance ↦ Support.
Recommended plugins to clean up WP database
Database cleanup, which consists in deletion of unnecessary (old, orphan, trash, expired, etc.) data from your database, might significantly improve your website speed and performance, especially after the development phase, or if you’ve been using WordPress for a while. In addition, your backups will be quicker and smaller. WP Rocket includes the DB optimization feature, and allows you to: clean up posts, comments and transients (delete revisions, auto drafts, trashed posts, expired transients, spam and trashed comments), optimize tables, and schedule automatic cleanups. W3 Total Cache doesn’t provide the database cleanup functionality, hence, you’ll need an additional plugin for the task. My favorite solution is Advanced Database Cleaner. Its free version covers everything included in WP Rocket plus: removal of pending comments, pingbacks, trackbacks, orphaned meta and relationships; repair of corrupted tables; display and deletion of options and scheduled tasks; and a bit more. By and large, any of the plugins, WP Rocket or Advanced DB Cleaner, is completely enough for an ongoing maintenance of the site.
Still, if you would like to perform a more thorough database cleanup and remove any leftovers of deleted plugins and themes, you’ll need the Advanced Database Cleaner Pro. The Pro version detects orphaned options, tables and cron jobs, and allows to delete them, as well as to search, filter and categorize anything. The Starter plan for 2 sites costs $39 one-time payment and includes all pro features, lifetime updates, and lifetime support. There are also Business (5 sites) and Unlimited licenses for $59 and $149 one-time payment respectively: lifetime support and updates as well, plus technical support (help in cleaning up your database without losing important data). And always, no questions asked 100% refund policy within 30 days of purchase.
Important remark to conclude: do not forget to backup your database before running a cleanup using any plugin!
About persistent object caching and when not to use it
Persistent object caching is in fact storing the results of frequently repeated database queries in an object store. This might greatly reduce the load on the database thus decreasing the server response time. If you run a large-scale, high-traffic, and dynamic website, you must use object caching based on a proper hosting configuration. WP Rocket doesn’t create this type of cache, so you’ll need an additional plugin to implement it: more details here. As for W3 Total Cache, both versions of W3TC provide the object caching functionality. However, if you are on a shared hosting, most often the best option in terms of site speed is not to use the object cache at all. This is exactly what the Setup Guide Wizard of W3TC will detect if you run it. Hence, in such a case, WordPress will still display the “You should use a persistent object cache” recommendation on your Site Health screen. To disable this health check and get the “Great job!” smile back, add the following code to your functions.php file:
// Remove the WP site health check for persistent object cache
function prefix_remove_php_test( $tests )
{ unset( $tests['direct']['persistent_object_cache'] ); return $tests; }
add_filter( 'site_status_tests', 'prefix_remove_php_test' );Pricing of WP Rocket licenses
WP Rocket is a premium plugin, that is, there is no free version available. At the same time, the cost is quite affordable and there are three different pricing plans depending on how many websites you need to speed up. The Single plan costs $59 per year and includes product updates and support for one site. The Plus plan for $119 a year allows to use WP Rocket on three sites. And the Infinite license, eligible for an unlimited number of sites, costs $299 yearly. Besides, before purchasing, you can test any URL on the WP Rocket website to see how the plugin can improve Core Web Vitals of the corresponding page. In addition, there is a 100% money back guarantee within 14 days of purchase, and, periodically, WP Rocket offers a 20% first-year discount on all the plans.
W3TC - the best free alternative
W3 Total Cache, or W3TC in short, is a free and powerful web performance optimization framework for WordPress that goes on par with WP Rocket in terms of PageSpeed scores. However, the amount of W3TC settings might be a bit overwhelming, especially when you first get to know the plugin. To help you out, there are many detailed tutorials on the web explaining how to configure W3 Total Cache at basic and advanced levels. In addition, W3TC has a Setup Guide Wizard, which tests your page, database, object, and browser cache to detect the best option for each, and allows to enable the latter. To start the wizard, in case you skipped it after activating the plugin, just navigate to Performance ↦ Setup Guide in the WordPress admin menu. As for features, W3 Total Cache includes absolutely everything related to caching and minification, plus some extras. In sum, if you need a very good plus free optimization plugin to speed up your site, W3TC is definitely worth the effort to configure it.
One of W3TC extensions is Image Service, which allows to convert images to WebP format. After you enable the addon in the Performance ↦ Extensions list, an extra Total Cache Image Service page appears under Media. There you can specify conversion settings, convert/revert in bulk, and show/hide WebP image versions in your media library. If you use Lossless compression type, many images won’t convert since the resulting WebP size is larger than the original. By the way, ShortPixel has the same issue exceptionally rarely. If you select Lossy compression, most of images will convert. In the library, you can process and revert images one-by-one. Hourly/monthly quota for conversions is 100/1000 correspondingly. To serve WebP in the front-end as implied by W3TC, your WordPress environment should be properly configured: details here. An easier solution is to use the WebP Express plugin: it delivers the next-gen format only in supporting browsers, and otherwise displays the original image.
If W3TC works really well for your site and you like being able to fine-tune every setting, you might be interested in the Pro version of the plugin. W3 Total Cache Pro costs $99/year for one site and additionally provides: extensions for Genesis and WPML, fragment caching, full site delivery via CDN, WordPress Rest API caching, lazy load for Google maps, unlim conversions to WebP per month, caching statistics, and ticket support. Besides Pro, there are also one-time paid services, such as plugin configuration ($125) and hosting environment troubleshooting ($200); you can find the full list on Performance ↦ Support.
Cleaning up WP database
Database cleanup, which consists in deletion of unnecessary (old, orphan, trash, expired, etc.) data from your database, might significantly improve your website speed and performance, especially after the development phase, or if you’ve been using WordPress for a while. In addition, your backups will be quicker and smaller. WP Rocket includes the DB optimization feature, and allows you to: clean up posts, comments and transients (delete revisions, auto drafts, trashed posts, expired transients, spam and trashed comments), optimize tables, and schedule automatic cleanups. W3 Total Cache doesn’t provide the database cleanup functionality, hence, you’ll need an additional plugin for the task. My favorite solution is Advanced Database Cleaner. Its free version covers everything included in WP Rocket plus: removal of pending comments, pingbacks, trackbacks, orphaned meta and relationships; repair of corrupted tables; display and deletion of options and scheduled tasks; and a bit more. By and large, any of the plugins, WP Rocket or Advanced DB Cleaner, is completely enough for an ongoing maintenance of the site.
Still, if you would like to perform a more thorough database cleanup and remove any leftovers of deleted plugins and themes, you’ll need the Advanced Database Cleaner Pro. The Pro version detects orphaned options, tables and cron jobs, and allows to delete them, as well as to search, filter and categorize anything. The Starter plan for 2 sites costs $39 one-time payment and includes all pro features, lifetime updates, and lifetime support. There are also Business (5 sites) and Unlimited licenses for $59 and $149 one-time payment respectively: lifetime support and updates as well, plus technical support (help in cleaning up your database without losing important data). And always, no questions asked 100% refund policy within 30 days of purchase.
Important remark to conclude: do not forget to backup your database before running a cleanup using any plugin!
About persistent object caching
Persistent object caching is in fact storing the results of frequently repeated database queries in an object store. This might greatly reduce the load on the database thus decreasing the server response time. If you run a large-scale, high-traffic, and dynamic website, you must use object caching based on a proper hosting configuration. WP Rocket doesn’t create this type of cache, so you’ll need an additional plugin to implement it: more details here. As for W3 Total Cache, both versions of W3TC provide the object caching functionality. However, if you are on a shared hosting, most often the best option in terms of site speed is not to use the object cache at all. This is exactly what the Setup Guide Wizard of W3TC will detect if you run it. Hence, in such a case, WordPress will still display the “You should use a persistent object cache” recommendation on your Site Health screen. To disable this health check and get the “Great job!” smile back, add the following code to your functions.php file:
// Remove the WP site health check for persistent object cache
function prefix_remove_php_test( $tests )
{ unset( $tests['direct']['persistent_object_cache'] ); return $tests; }
add_filter( 'site_status_tests', 'prefix_remove_php_test' );
Recommended must have WordPress plugins for a commercial website and for a blog
To conclude, I summarize in a table my favorite must have WordPress plugins for a commercial website in multiple languages. Further, I also suggest a reliable, free selection for a personal blog. All the plugins are compatible with each other, and supported by the majority of WordPress themes and builders. Hope this post helps you choose the perfect combination to meet your budget and requirements.
Recommended set of must have WordPress plugins for a commercial website in multiple languages
| Plugin | Features | Plan | Cost | Sites |
|---|---|---|---|---|
| WPML | Multilingual website, connection of domains | Multilingual CMS | $99 / $74 / $35 / year | 3 / 3 / 1 |
| UpdraftPlus | Backup & Restore, incl. WP core files | Free + More Files addon | $15 / year | 1 site |
| ShortPixel | Image optimization + generation of WebP | 30000 credits package | $19.99 one time | unlimited |
| SEOPress | SEO + Schemas + OpenAI + Redirections | SEOPress PRO | $49 / year | unlimited |
| Wordfence | Security + Firewall + Malware Scan | Wordfence PREMIUM | $119 / year | 1 site |
| WP Rocket | Speed, caching, WebP serving, DB cleanup | WP Rocket Single | $59 / year | 1 site |
| TOTAL: | For you for the 1st year: $360,99 | Transferred to client: $277 for yearly renewals | ||
Recommended set of must have WordPress plugins for a commercial website in multiple languages
| WPML | Multilingual CMS | ($99) $74 / year / 3 sites |
| Multilingual website + placing languages in different domains | ||
| UpdraftPlus | Free + More Files | $15 / year / 1 site |
| Website backup and restore, incl. WordPress core files | ||
| ShortPixel | 30K package | $19.99 once / ∞ sites |
| Image optimization + generation of WebP and AVIF versions | ||
| SEOPress | PRO | $49 / year / ∞ sites |
| SEO + Advanced schemas + OpenAI + Redirect manager | ||
| Wordfence | PREMIUM | $119 / year / 1 site |
| Web application firewall, malware scanner, file change detection | ||
| WP Rocket | Single | $59 / year / 1 site |
| Caching + Speed + WebP serving + WP database cleanup | ||
| TOTAL: | For you / 1st year | $360,99 |
|---|---|---|
| TOTAL: | For client / yearly | $277 ($35 for WPML) |
Recommended set of must have WordPress plugins for a commercial website
| WPML | $99 / year / 3 sites |
| CMS, Languages + Domain connection | |
| UpdraftPlus | $15 / year / 1 site |
| Free + More Files, Backup & Restore | |
| ShortPixel | $19.99 once / ∞ sites |
| 30K package, Images + WebP versions | |
| SEOPress | $49 / year / ∞ sites |
| Pro, SEO + Schemas + OpenAI | |
| Wordfence | $119 / year / 1 site |
| Premium, Firewall & Malware scanner | |
| WP Rocket | $59 / year / 1 site |
| Speed + WebP serving + DB cleanup | |
| TOTAL: | $360,99 / 1st year |
|---|---|
| Transferred to client: $277 / yearly | |
The total annual renewal cost, that your client will have to pay, includes $35 for WPML (when one site is transferred from your account to the client) and the full price of SEOPress PRO, valid for unlimited sites, so you might choose to exclude the latter. On the other hand, it could be beneficial to add UpdraftPlus Premium ($70 / year / 2 sites), which covers all the addons, for example, to back up WP core or perform auto-backups before updates. Then, I advise to reinforce Wordfence with the free WPS Hide Login plugin to customize login URL and thus eliminate brute-force attacks. Plus, the Advanced Database Cleaner Pro ($39 / lifetime / 2 sites) is the best tool to clean up your database thoroughly, that is, remove leftovers of deleted plugins and themes. And, last but not least, if you need customization of the CMS itself, any theme or plugin, Codeable is the best platform to hire vetted WordPress developers for a project of any complexity.
Recommended set of must have WordPress plugins (FREE versions) for a personal blog in one language
| UpdraftPlus | ShortPixel | SEOPress | Wordfence | W3 Total Cache |
| Backup & Restore | Image optimization | SEO & Redirections | Security & Firewall | Speed optimization |
Recommended set of must have WordPress plugins (FREE versions) for a personal blog in one language
| UpdraftPlus | WordPress website backup & restore |
| ShortPixel | Image optimization plus generation of WebP |
| SEOPress | Search Engine Optimization + redirections |
| Wordfence | Web application firewall & malware scanner |
| W3 Total Cache | Performance optimization for WordPress |
Recommended set of must have WordPress plugins (FREE versions) for a blog
| UpdraftPlus | Backup & Restore |
| ShortPixel | Images + WebP |
| SEOPress | SEO + Redirections |
| Wordfence | Security & Firewall |
| W3 Total Cache | Caching & Speed |
To have most of the required features, I advise to add the next plugins to the free versions of the listed above: WebP Express − to serve WebP image versions in the front-end in case you can’t do it via ShortPixel; Websitescanner Custom Schema − to add your own JSON-ld semantic markup for each page and post; WPS Hide Login − to change the default login URL thus making brute-force attacks impossible; and the Advanced Database Cleaner − to perform regular cleanups of WordPress database. All the additional plugins are free as well. ■
To have most of the required features, I advise to add the following plugins to the free versions of the listed above: WebP Express − to deliver WebP image versions in the front-end in case you can’t do it via ShortPixel; Websitescanner Custom Schema − to specify your own JSON-ld semantic markup for each page and post; WPS Hide Login − to change the default login URL thus making brute-force attacks impossible; and the Advanced Database Cleaner − to perform regular cleanups of WordPress database. All the additional plugins are cost-free as well. ■
To have most of the required features, I advise to add the next plugins to the free versions of the listed above: WebP Express − to deliver WebP image versions in the front-end in case you can’t do it via ShortPixel; Websitescanner Custom Schema − to add your own JSON-ld semantic markup for each page and post; WPS Hide Login − to change the default login URL thus making brute-force attacks impossible; and the Advanced Database Cleaner − to perform regular cleanups of WordPress database. All the additional plugins are free as well. ■
22.04.23 ⁕ Blog ⁕ Marina Kudinova