WordPress is a full featured and simple to use publishing platform, and it just gets better with each release. But even as good as the standard WordPress release is, you can always make it just a little bit better. In this guide, we’ll look at five plugins that will help protect your blog from spam and malware, simplify keeping backups, and even help you make a little cash off your blog if you’re so inclined.
The WordPress community has developed thousands of plugins and themes. If you haven’t tried out WordPress plugins yet, you owe it to yourself and your blog to give them a try. They’re amazingly easy to set up and can boost the functionality of WordPress by quite a lot.
Reckless Assumptions
Before starting, a few reckless assumptions. This is aimed at people using WordPress who have a bit of experience with the platform, but aren’t expert users of WordPress or PHP developers who can knock up any feature they care like wrangling into WordPress.
This guide also assumes that you’re running a recent release of WordPress, preferably the most current stable release (which would be 2.9.2 as of publication). Some of these plugins might work with aging releases of WordPress, but it’s not guaranteed. You also should be running the most recent release of WordPress for security reasons as well: Many of the WordPress updates contain security fixes, and running older versions can leave your site vulnerable to all kinds of nastiness.
Finally, while there’s not a great likelihood of one of these plugins mangling your blog, it’s always a good idea to do a full backup of your blog before installing any new plugins. I’ve been running various versions of WordPress for about six years and have installed (and uninstalled) quite a few plugins and WordPress themes. Most of the time, everything has gone swimmingly, but on two occasions I ran into problems and had to recover from backups. We’ll go over backups in greater detail in this overview.
Installing Plugins
Using WordPress 2.9.x, you can install plugins in two ways. One is the old-fashioned, tried-and-true method of grabbing the zip file or compressed tarball with the plugin and unzipping/uncompressing it in the wp-content/plugins directory under the main wordpress directory. This the old way of doing things, but there is an easier way!
Log into WordPress and go into the Dashboard. On the left hand side you should see a Plugins menu. Click Add New. You’ll see an Install Plugins page and a search field. You should be able to find all of the plugins mentioned in this guide and be well on your way to spiffing up your WordPress blog without needing to touch a command line.
WordPress itself comes with only two plugins: a “Hello Dolly” plugin that’s sort of a “hello world” plugin that’s really not good for anything, and the Akismet plugin for fighting spam. If you haven’t enabled that one yet, do yourself a favor and enable it straight away! It will block a lot of comment spam (which will start coming your way if your blog gets any appreciable amount of traffic) and in my experience rarely has false positives. The only thing needed is a WordPress.com account to get the Akismet key, and it’s worth signing up for the account to get this. If you’re worried about spam or anything like that, there’s no need. I’ve had a key for years and haven’t once gotten an email from Automattic (the company behind WordPress and Akismet).
Before installing any plugins, though, I recommend that you do a quick backup of your files and database. This assumes you have shell access to the server running your blog and you have the MySQL username and password for your database. If you have forgotten your database username and password, you’ll find it in the file wp-config.php under the wordpress directory:
- Log into your server and cd to the directory that holds your wordpress directory, or whatever you named it when you set it up on your server.
- Run mysqldump -u username -p dbname > myblogname-DD-MM-YYYY.sql
- Run tar -zcf myblogname-DD-MM-YYYY.tar.gz myblogname-DD-MM-YYYY.sql wordpress
This will create a MySQL dump file of your database, then tar up your dump file with the directory with all of the WordPress files. Replace DD-MM-YYYY with the current date, of course. I’d recommend doing this regularly, but the first plugin we’ll look at will help with the database backup.
WordPress Database Backup
Let’s start with the WordPress Database Backup plugin. As the name makes clear, this little tool lets you back up your WordPress database.
How does this differ from the WordPress Export function? The Export function provides you with an XML file that contains your posts, pages, comments, custom fields, categories, and tags associated with your blog. But it may not include all data that you have stored in tables associated with other plugins, and it doesn’t save your user data. Generally speaking, if you need to recover a WordPress blog or move your blog to another host, it’s probably easier to do it with a MySQL backup and a tarball of your wordpress directory than from the export.
Once you’ve installed this plugin, go to your WordPress Dashboard and then select Backup from the Tools menu on the left-hand side. The first section of the page will show all of the tables that will be backed up from the database. If you have any add-ons that have their own tables, they’ll be shown on the right-hand side. You can decide if you want to back those tables up or not. Note that the backup we did manually will have all of your tables.
Next is the options panel. You can choose to save the backup to your server, mail the backup to yourself (or someone else, I suppose, but probably not a good idea…) or choose to download the backup to your computer.
Finally, the really good part: The Scheduled Backup panel. Here you can opt to schedule backups to be sent to yourself on a regular basis. Have a really busy blog? Select the hourly backup. Not so busy? You can opt to only back the blog up once per week. I’d shoot for once or twice daily. No, there’s not a monthly option — and if you’re not blogging more often than that, you need to set aside some time to do that.
Bad Behavior
Next up is the Bad Behavior plugin. What’s this do? It acts as a goalie, keeping the spammers from getting their puck into your comment net. And it does a really good job at it, too. Bad Behavior actually works with more than WordPress: You can find add-ons for WordPress, MediaWiki, Drupal, and more.
Bad Behavior works by examining the requests to reach your blog. It screens incoming requests and if the requests “look spammy” then it blocks the request but does give legitimate users a chance to prove they’re not a spammer. Installing Bad Behavior and Kismet has reduced the actual spam that gets into my comment queue (not counting the spam queue) by a factor of 100 to 1. It actually blocks more than comment spam: It blocks all “spammy” requests, which also helps block bots that try to harvest email addresses to spam, or to conduct automated attacks.
Once you’ve installed Bad Behavior, you can go to Tools and then select Bad Behavior to see who’s been blocked and the reasons, and which requests have been let through as well. Most users will never know that you’re running this one, but it’s an admin’s best friend.
WPtouch iPhone Theme
More and more people are reading blogs off their iPhones or other mobile devices. Your blog theme might be really nice for a standard Web browser, but the odds are it is a bit fatter than most users want to deal with on their mobile devices. The WPtouch iPhone Theme takes care of this nicely by providing a theme for people hitting your blog with an iPhone, iPod Touch, Blackberry, Android, and so on. Even though the name includes “iPhone,” it actually does support a wide range of mobile devices.
After installing the WPtouch iPhone Theme, go to the Settings menu on the left-hand side of the WordPress dashboard and select WPtouch. The theme has a surprising array of options and is amazingly configurable. Have a mobile device that’s not getting the WPtouch theme? If you can figure out its user agent (look at your Apache logs if you have access), you can add it to the “custom user agents” field under Advanced Options.
The WPtouch plugin can hook you up with push notifications for your blog, if you really want users to know when you’ve posted something new to the blog.
Using Google AdSense to run adds? You can whip in your AdSense ID and channel to run ads on your mobile blog as well as your regular desktop blog. If you need to plug in some custom code for Google Analytics or another statistics service, you can enter that in the Custom Code section of the page.
WPtouch also lets you know which plugins are and aren’t supported and gives hints on how to make your site work better with the theme. All in all, it’s a full-service add-on to help make your blog easier to access and a little nicer to look at on mobile devices.
No Curly Quotes
While WordPress is my favorite personal publishing platform, it does something that I can’t abide: it converts ‘ and “ characters into “curly quotes.” This can be a royal pain if you really do mean to post text with ‘ or ” characters and not fancified curly quotes. If you’re posting content with code snippets, you’ll want to shoot down the automatic use of the “wptexturize” function within WordPress in a hurry.
This annoyed me for longer than I care to admit, but most of the fixes I found online involved manually tweaking themes to add something like this:
remove_filter('the_content', 'wptexturize');
Since I like to try out new themes every now and again, having to remember to edit each theme manually didn’t seem like a great solution. Finally, I stumbled on No Curly Quotes, a wonderful little plugin that puts the smackdown on curly quotes all over the blog.
NCQ lays the smackdown on curly quotes all over the blog, not just in the post content. Well, that’s up to you, actually. If you change nothing after installing No Curly Quotes, then it will see to it that you have straight quotes in post titles, content, excerpts, and comment text. If you like curly quotes in titles and so forth, and only want to zap them from post content, you can modify the settings by going to the Settings Menu in the WordPress dashboard and selecting No Curly Quotes.
TinyMCE Advanced
WordPress features TinyMCE, a What You See Is What You Get (WYSIWYG) editor that gives you a ton of functionality for composing and formatting posts for your blog.
But, you can make TinyMCE even better than it already is by adding the TinyMCE Advanced plugin. This brings the ability to edit tables, add advanced image and link editing to the editor, provides search and replace, and other editing goodness. You’ll find a total of 16 plugins with the most recent version of TinyMCE Advanced.
One word of caution, while we’re on the topic of editing: WordPress goes a long way towards making life easier for bloggers — including doing autosaves of posts while you’re working. However, even with this function, I don’t recommend using WordPress to actually compose posts. I like TinyMCE Advanced for formatting posts once I’m done, but I strongly encourage bloggers to use a text editor to compose posts with and then copy into WordPress when all’s done but the formatting. Save early and save often, no matter what tool you use. It only takes one browser crash to wipe out a bunch of good work.
Advertising Manager
Finally, you might want to take a look at Advertising Manager. You’ll find quite a few ad managing plugins for WordPress, but this is the best one I’ve found so far.
What’s that you say? You’re not going to be running ads for money on your blog? No problem. Even if you’re not looking at using your blog as a revenue source, you can still make use of the Advertising Manager to support your favorite causes. Plug in an “ad” for your favorite free or open source software project, or maybe slap in a banner for the Electronic Frontier Foundation or World Wildlife Fund. Or just run a banner saying “hi” to your visitors with a daily message. It’s up to you, but the Advertising Manager takes all the pain away from setting up ads to run on your WordPress blog.
If you are running Google AdSense or something similar, Advertising Manager makes it a piece of cake to slap in the ad code and manage your ads through their entire lifecycle. You can easily put in one or more ads, set the weight of the ads, decide which pages and categories do or don’t get the ad, and so forth. Only want to display Google AdSense ads on pages tagged with a specific tag? You can do that.
Right now, the only ads I run on my blog are to help out free and open source projects that I support, but it’s nice to know I can whip in Google AdSense or other ads any time I like.
As I said at the beginning, you’ll find thousands of WordPress plugins. These should get you started and enhance your blog quite a bit, but there’s quite a bit out there to add new features and capability to your blog. If you think “WordPress would be so much better if it could only do this,” there’s a good chance that someone else has had the same thought and whipped up a plugin to make it work. Check out the WordPress.org Plugin Directory for a full list of all the plugins available for WordPress.