My favorite top WordPress plugins for 2016

By Kristopher A. Nelson
in February 2016

700 words / 3 min.
Tweet Share
So, what are my recommended favorite plugins to use with WordPress in 2016? Wordfence, UpdraftPlus, ImageInject, Amber, and Really Simple SSL + CloudFlare.

Please note that this post is from 2016. Evaluate with care and in light of later events.

Periodically, I like to review the top WordPress plugins I use on this blog and capture a snapshot of what I like best and why.

Let me note up front that you must install a caching plugin (Wordfence, described below, provides one) if you want to use very many plugins with WordPress — otherwise your site will slow to a crawl, quickly!

But if you do effectively cache your site, then using numerous plugins has a minimal impact, except when a cached page needs to be regenerated after a site update. (And if you run a high-traffic site, you should consider custom plugin development or integrate functionality directly into your theme. You can consult me on that, if you like.)

My Current Favorite WordPress Plugins

My current top picks include:

Wordfence Security {easy}

Wordfence LogoWordfence scans, monitors, and protects your site from malicious hackers, bots, and so on. It also offers two effective caching solutions, making it a useful plugin for securing and optimizing WordPress. The basic version (which I use) is free; the paid version adds nice extras that you may wish to consider.

UpdraftPlus {easy}

UpdraftPlus LogoYou need to back up your WordPress site along with your posts (stored in a database, not in your filesystem). The easiest and best free plugin to do this is UpdraftPlus. I export my database daily and my entire WordPress install fortnightly, then store copies locally and on Amazon S3.

ImageInject {easy}

Big graphical elements are de rigueur on the Web today, and for good reason: they work to attract readers. But unless you employee (or are) a professional photographer, are happy with standard stock images (you shouldn’t be), look for other sources of high-resolution images (tedious), or appropriate other people’s copyrighted photos (don’t do that!) — the best consistent source is, I think, Flickr. But finding, downloading, and adding images of the right size is an annoying delay in the writing process, and proper attribution can be tricky (and it easy to forget).

ImageInject isn’t fancy, but it helps smooth out the process, making selecting, adding, and attributing images in your posts less painful.

Amber {medium-easy}

Amber LogoDeveloped by the Berkman Center for Internet & Society, Amber keeps remote links accessible over time, even if the pages you link to disappear (link rot is a perennial problem for any blog older than a year). You can have Amber scan your links and save copies locally or remotely. Personally, I have Amber notify the Internet Archive of the need to preserve the link; the Archive then takes care of preserving snapshot of the remote page for future reference.

Really Simple SSL + CloudFlare {medium-complex}

CloudFlare LogoReally Simple SSL LogoCloudFlare allows easy setup of SSL for remote sites (and even the free version works as a transparent Content Delivery Network/cache to speed up visitor access to your site and reduce the bandwidth and the load on your server). Combined with Really Simple SSL, you can make your entire WordPress site use modern encryption standards with minimal work.

Considering that the big players (Google, in particular) are increasingly indicating a preference for secured sites, I recommend you consider doing this. You will need to go through the steps at, not just install the plugin, but it’s well worth it.

If you run a site with actual confidential content that needs encryption (consider your content, user logins, countries visitors are coming from, and similar issues), then you need to take a few more steps, including either buying an SSL certificate or (since CloudFlare masks the details) using a self-signed one. But if you simply want to “go SSL” and get many of the benefits without worrying about bank-grade encryption and validation, then CloudFlare’s “Flexible SSL” option combined with Really Simple SSL will do nicely.