My Favourite WordPress Plugins as a Developer

cgarofalo

Christina Garofalo

Posted on July 31, 2023

My Favourite WordPress Plugins as a Developer

There are 59,592 plugins listed on WordPress.org at the moment of writing this blog post. That is a lot to sift through! This is the unordered, non-exhaustive list of my favourite plugins that I use as a developer just about every day, and maybe you’ll find them useful too — at the very least this will save you some time searching through a lot of defunct, irrelevant and poorly maintained plugins. I’m a huge fan of open-source software, so all plugins on this list are free to use or have a free version.

1. FakerPress by Gustavo Bordoni

FakerPress is great for when you just need to populate a staging or local environment with fake posts and content for testing purposes. You can even fake users (which can be used with the User Switching plugin). It will also download and set featured images for you. The best part is when you are all done or need to reset the data, you can bulk delete anything that was generated by FakerPress.

2. Instant Images by Darren Cooney

Instead of using the same boring placeholder images over and over again during development, give Instant Images a go. You can import free & royalty-free images directly from Unsplash into the media library. It even fills out the title, caption and alt text for you (English only). I use this primarily for development, but there's no reason why it couldn't be used in production either. Having relevant images at your fingertips helps the client (and yourself) visualize what the site could look like on a staging site or save you the hassle of having to search for relevant images in another tab in your browser.

3. WP Mail SMTP by WP Mail SMTP

Sometimes you need to get email working in your dev environments without the headache of setting up PHP’s mailer. WP Mail makes setting up email a straightforward process with its wizard. I like to use Mailtrap.io for email testing. A single testing inbox is free and works with WP Mail with the SMTP settings. Using this plugin will ensure that emails sent from your site, such as password resets, will be delivered.

4. FileBird by Ninja Team

This plugin creates folders/tags within the native media library. It has a beautiful UI and is extremely useful for keeping your media library organized, especially when you have a lot of files. It doesn’t alter the uploads directory either, so if you do decide to remove it, it won’t leave a mess. While this is handy during testing, it's also nice to have in production as well.

5. User Switching by John Blackbourn & contributors

If you are working on any kind of membership site or a site that has multiple users and roles, I strongly suggest using this plugin to test what the various users on your site can access and see. You can easily "switch" to appear logged in as different users on your site. I would not recommend this plugin be installed in a production environment, but it's certainly handy during testing.

6. WP Help by Mark Jaquith

Add some documentation right into the admin dashboard. Useful for keeping documentation for yourself, or helpful notes for the admins of the site. The only downside is that the documentation is stored in the database, making it difficult to migrate the documentation only from one site to another or commit it to a repository. (This is a bit of annoyance for me as I tend to use the same documentation over and over again with slight tweaks.) There is a feature to link documentation, and all changes made from the source will be mirrored on any linked sites which is handy for multisites. Barring that, it's a lifesaver for fielding potential questions from clients.

7. Password Protected by WPExperts

Does your host not allow basic auth or make it difficult to set up? Try Password Protected. This sets up basic auth for your WordPress site in minutes. You may even add IPs to an allow list so that you are not constantly pestered by the password prompt. This plugin was recommended to me by Pressable, and it's now part of my developer arsenal.

8. Query Monitor by John Blackbourn

If you need to pull back the curtain and see what WordPress is doing in the background or want to improve the performance of your queries, try Query Monitor. It will give you an overwhelming amount of query data that can be used to fine-tune or debug your queries. This plugin hooks deeply into WordPress, so make sure you disable it in production.

9. Debug Bar by wordpress.org

This plugin adds debugging information right to your admin bar so you can quickly see logs for queries, caches, and other useful debugging info. Query Monitor can be overwhelming at times, however, this plugin is a bit more manageable. I would also recommend that this plugin not be used in production environments.

10. Advanced Custom Fields by WP Engine

ACF is an essential plugin if you want to add custom fields to the CMS quickly and with ease. There is a free version of this plugin, but I would recommend getting a license, as it unlocks considerably more features, including the ability to build blocks without any React knowledge. It has a host of useful functions and filters that can be leveraged to make overall WordPress development less of a headache. I’m particularly fond of the get_field() and acf_slugify() helper functions. It’s a powerhouse of a plugin.

11. Limit Login Attempts Reloaded By Limit Login Attempts Reloaded

You’ve put a lot of work into your new site, you put it live and bask in its glory. Wouldn’t it be a shame if something happened to it? It doesn’t take long at all before some bot or hacker tries to brute force their way into your backend. This is a simple plugin that will block multiple attempts to log into your admin area. By default, any more than 3 attempts, and that IP will be blocked for 20 mins from trying to log into your site. That’s usually enough to stop a hacker in their tracks, as most are looking for easy targets, especially fresh installs. There is a pro version that allows you to do things like block IPs from entire countries, but the base version does a pretty good job with basic features.

12. SMNTCS Disable REST API User Endpoints by Niels Lange

Now with security in mind, did you know how easy for someone to find a list of every single user on your site? Very easy, just hit this endpoint on your WordPress site /wp-json/wp/v2/users, and you’ll get the whole list, and that’s how hackers can probably deduce which user is an admin, and which accounts to target. This lightweight plugin disables that endpoint, so as long as you don’t need it for anything else, you can rest easy knowing that you’ve given potential nere-do-wells one more obstacle to deal with. There are ways to disable this with code, but this plugin is handy for the no-code approach.


Update Oct 11, 2024: ACF download link has been updated, as it is no longer in the wordpress.org plugin directory due to the ongoing dispute.

💖 💪 🙅 🚩
cgarofalo
Christina Garofalo

Posted on July 31, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related