Learn exactly how to makeBETTER WEBSITES RIDICULOUSLY FAST

Get exclusive tips that'll help you master WordPress, Beaver Builder and lots more.

Recommended WordPress Plugins and Tools for WordPress websites

You can work with WordPress in many different ways depending on your goals. For example, you might be running a web agency exclusively on WordPress, or you might be learning it because the freelancers you’ve hired are just too unreliable or expensive.

The list could go on and on.

Master Beaver Builder in 30 days!

Enter your email below to join over 900 people just like you and get 1 mind-blowing Beaver Builder tip each day for the next 30 days.

WordPress is confusing, and that’s probably why we regularly get emails from our fellow Beyonders asking us what plugins we’re using to do certain things.

That’s why we’ve put together this list of Recommended WordPress Plugins and Tools for WordPress websites.

No matter what your situation is, WordPress has what seems to be an endless learning curve and can sometimes it can be disheartening to work with. I mean, just last year you mastered Visual Composer and now you’ve made the switch to Beaver Builder, a better Page Builder. But making the switch means you need the time to not just learn the plugin, but also learn the themes it integrates best with and also take the time to test the third party addons that are available to it.

There are many things you can get back in life but the one thing you cannot get back is time.

And we’ve personally lost A LOT of time reading reviews and trialling WordPress plugins and third party tools for our own business.

The problem with WordPress is there’s too much choice and too many ambiguous online reviews

While the BeyondBeaver.com team are researching, we often ask ourselves “can’t someone just tell us exactly what we should use”. I mean, when we read reviews, they compare three different products and then finally conclude with an ambiguous summary that leaves us more confused than we were before we’d read the post.

As a web agency, we’re really just wanting to have a web agency write a list of the exact tools they’re using and why. I mean, if they work, and the web agency is running and scaling well, and the pricing suits us, it makes sense to do what they’re doing., right?

But there just doesn’t seem to be a complete list anywhere, and we’re sure you’re wasting time like us trying to find it.

Below is the list of plugins and tools we’re currently to power our web agency, travel blog and blogging website, and we hope this list saves you time and pieces everything together.

Now, the entire Blueprint of plugins we’re using.

The complete list of Plugins and Tools you should use for your business website and client websites

Here’s what we’re using currently for our websites and what we recommend you try. They’re affordable and they do their job really well.

Beaver Builder

We use Beaver Builder as our Page Builder like we're sure all of you are.

We use Beaver Builder as our Page Builder to build all our websites.  If you’re here, we’re sure you are,, also.

PURPOSE

Page Builder for designing and coding websites and landing pages for us and our clients.

USE FOR

Your agency website and all your client websites.

OUR REQUIREMENTS

  • Allow us to design responsive websites quickly and work across all modern browsers
  • Allow our website clients to easily edit their website
  • Allow us to build websites ridiculously quick
  • Not be shortcode driven or lock our clients and us to a specific theme
  • Have good documentation or forums for quick answers to our questions. We’ve used the StudioPress themes and the Genesis framework and you can google a question and find the answer to anything. This makes learning easy.

WHAT WE LIKE

This plugin has completely changed our business. From having to manually code in columns for pages with Genesis to being and to drag-and-drop content, this has been a blessing to our whole agency. The community behind it is also the best out of any plugin in WordPress and you definitely need to join the Facebook Group if you haven’t already.

We won’t bore you with all the details as you’re probably already using Beaver Builder, but we will say that we also like their pricing structure. We build our client websites with their Beaver Builder Theme and our Child Themes and we’ve literally cut our website turnaround time from start to finish in HALF, all for only $199 and $119.4 for each year thereafter (we use the Pro package as it includes the powerful Beaver Builder theme that we recommend). And those prices are for us to use this plugin on AS MANY WEBSITES AS WE WANT.

Something that we’re also using for our web agency that has significantly increased the speed we build websites with Beaver Builder is the third-party addon called Ultimate Addons for Beaver Builder (UABB) plugin.

It adds a heap more modules that you can use to build pages and also you NEED to check out their SECTIONS feature that comes in the plugin at no additional cost. They’re basically pre-designed rows that you can drag into the page.

Visit the UABB website to sample all the different Page Builder modules. On the right in the dark grey you can see about 50% of the available modules - there's heaps!

Visit the UABB website to sample all the different Page Builder modules. On the right in the dark grey you can see about 50% of the available modules – there’s heaps!

Click here to check out UABB.

WHAT WE DON’T LIKE

Nothing. Absolutely nothing.

CONCLUSION

We recommend this plugins to web agencies who are looking to build powerful websites quicker with WordPress. We also recommend this to small business owners who are looking to build a website for their own businesses themselves.

Buy Beaver Builder

Active Campaign

We use Active Campaign as our Email Marketing and Email Automation software.

We use Active Campaign as our Email Marketing and Email Automation software. Since using it we have grown our Mailing list like never before and the Automation features are the easiest we’ve seen to set up. We highly recommend you try this software. It has a FREE TRIAL – something we all love.

PURPOSE

Email Marketing and Automation.

In our company we take emails seriously. We email out our Beyonders on BeyondBeaver.com with tips and information, and also regularly email the clients in our web agency with tips and information on what things like new services we’re offering and things they can be doing to increase their chance of success online.

We needed software that allowed us to do these two types of things.

USE FOR

Your agency website and clients who have the budget to start taking email automation seriously.

OUR REQUIREMENTS

  • Ability to mass email our web agency clients and also our Beyonders.
  • A wide-range of professionally designed email templates.
  • Marketing automation and contact-tagging for BeyondBeaver.com so our Beyonders only receive information relevant to them on a frequent basis.
  • Marketing automation for our web agency clients to help keep our agency and the services we offer fresh in their minds. Marketing automation also allows us to put aside a couple of days to write 10 tips that are automatically emailed to our web agency clients once a week for 10 weeks. This means we’re in regular contact with our customers to remind them they aren’t forgotten once we launch their website.

WHAT WE LIKE

We tried Mailchimp, Aweber and a couple of other Email Marketing softwares and Active Campaign is by far the email marketing software we’re recommending, and it’s extremely affordable.

Firstly, the interface is extremely slick. You feel like you want to write emails – something which, if you’re writing lots of emails, makes a huge difference to how successful you are with email marketing.

Secondly, the drag-and-drop automation builder is extremely intuitive. When we logged into Aweber we had no idea how to set up an drip campaign (a drip campaign is where you set up a series of emails to send over a period of time such as once a week for 10 weeks etc). Below is an example one of the wizards Active Campaign offer – an Abandoned Cart automation workflow. Once you select the type of automation, it asks you to fill out some popups which, once complete, gives you a working automation workflow (you can also completely set up a custom one yourself).

Active Campaign comes with wizards that guide you on setting up a specific type of automation. For example, in this animation, we selected to set up an Abandoned Cart Reminder (so, if the user adds a product to cart and leaves it sends them a reminder after a couple of days to complete the checkout).

Active Campaign comes with wizards that guide you on setting up a specific type of automation. For example, in this animation, we selected to set up an Abandoned Cart Reminder (so, if the user adds a product to cart and leaves it sends them a reminder after a couple of days to complete the checkout).

WHAT WE DON’T LIKE

Nothing so far. The templates are great, it is intuitive and integrates with a lot of software out there like Gravity Forms.

The first email we sent people landed in the trash but all the other emails since have not. We think this might be because we didn’t have any credibility but once people opened the first email and proved we weren’t spam, we’ve have a near perfect delivery rate.

CONCLUSION

If you’re a blogger, we recommend you use this to email your mailing list because it’s affordable and was definitely the best Email Marketing software out of the ones we tried.

If you’re running a web agency, you should definitely be emailing your clients. For $9 a month (Active Campaign’s lowest plan and one you could start with for 500 subscribers), the value you’ll get back into your web agency is definitely worth the money.

Buy Active Campaign

Thrive Leads

We use Thrive Leads to build our email list. If you aren't building an email list, you NEED to start today.

Thrive Leads is incredibly powerful in helping you build your email list so you can directly market your products and services to your customers.

We’re currently using this plugin on this website BeyondBeaver.com.

PURPOSE

Lead capturing.

Building a mailing list is the most powerful way to build a relationship with customers and we’ve experienced this first hand through the blog on our website BeyondBeaver.com. We send out regular emails offering tips and advice and our readers can simply hit the reply button if they have a question. If you aren’t building a mailing list, you really need to start now, today even!

USE FOR

Your agency website. Could be difficult to teach your website clients how to use this as it uses a different Page Builder to Beaver Builder and could be very confusing. Also, the conditionals you can set up (i.e. only show it on the home page or post etc) could confuse your clients. If you do want to use this on client websites we recommend selling a service like “Build your email list” and you manage Thrive Leads on their website for them.

OUR REQUIREMENTS

  • Welcome mat capability as this has been shown to increase the conversion rate of websites.
  • Slide-in forms that show as you scroll down the page to promote our offers.
  • In-content forms so that we can automatically add offers to our blog posts.
  • A/B testing of forms to experience with conversion optimization

WHAT WE LIKE

Firstly, the pricing is very justifiable at $67 for a one-site license and $97 for use on all your websites. They say a product is priced well when you purchase the product without really noticing what it costs and this was definitely the case for us. We looked at competitors like OptinMonster (which is said to be really powerful, also) but we needed the Slide-in forms and that put it up to $199 a year! We got the $67 dollar version of Thrive and it came with all the custom forms included in the $197 version of OptinMonster.

Now, we’ve been using this for a month now and love it. We weren’t using a lead capture plugin before this so we can’t compare results, but we’re getting a decent conversion rate as per below and we’ll be looking into the A/B testing features very soon.

We love how below you can see how a campaign is doing in each place you place it. For example, we are currently running our 30 Beaver Builder tips in 30 days blog series and as part of that campaign we have a Scroll mat form, In-content form and a Slide-in form. As we can see below, they are all converting about the same. We can’t wait to try out this plugin with multiple campaigns on our website.

thrive-leads-conversion-rate

If you look at the above screenshot, you can see that you create a campaign (ours is highlighted in blue) and then under that campaign you create the different forms for that campaign. You get the overall conversion rate for the campaign (in the blue) and then a breakdown below for each individual form.

WHAT WE DON’T LIKE

The Page Builder is cumbersome but the pre-made designs look great as they are so we just don’t change the designs too much and thus don’t have to struggle with the page builder.

CONCLUSION

We recommend this for building up your email list 100%.

Buy Thrive Leads

Gravity Forms

The Beaver Builder plugin provides a Contact Form module and an Email Subscriber module, however for the more complex forms we use Gravity Forms.

The Beaver Builder plugin provides a Contact Form module and an Email Subscriber module, however for the more complex forms we use Gravity Forms.

PURPOSE

Form software for building complex forms.

The drag-and-drop Beaver Builder page builder that we use to build all our websites includes some form modules that are perfect for simple forms. Sometimes, however, we’ll need to add drop down fields and other complex fields like checkboxes and radio buttons.

Gravity forms allows us to build complex forms extremely easy.

USE FOR

Your agency website and your client websites. We use Gravity Forms internally for our online brief and also in client websites where the client needs more complex forms.

OUR REQUIREMENTS

  • Easily build complex forms to handle things the Beaver Builder modules cannot
  • Autoresponders when people fill out the form
  • Notify us when people fill out the form
  • Record in WordPress the form entries. (This is extremely important for us. Imagine if someone is asking us or our clients how to pay for something and the email gets lost and money is lost. With Gravity Forms, incase the email doesn’t reach us, it is recorded in the database so we can see the information people complete in the form).
  • Ability to use pass data between forms (query strings).

WHAT WE LIKE

We like Gravity Forms and all the addons it offers. It is probably the most popular Forms plugin for WordPress and, because of this, it integrates with a huge (and growing) selection of services. For example, on BeyondBeaver.com we are using Active Campaign as our Email Marketing and Email Automation software and it integrates very nicely with Gravity Forms. When someone fills out the gravity form, their details are sent into Active Campaign automatically.

But we didn’t always know we were going to use Active Campaign. We had a gravity form already on the website and at a later date decided on Active Campaign. Because we were using Gravity Forms, we simply installed the Active Campaign  addon for Gravity Forms and were ready to go – no need to change our form software.

We also use addons such as the Poll addon and Survey Addon so people can fill out a form on our websites as a poll.

WHAT WE DON’T LIKE

The default styling of the forms is a bit weak and could definitely use some improvement. It can also be difficult to override the default Gravity Forms styling using CSS if you don’t know what you’re doing. We usually disable the default Gravity Forms CSS and style our forms like we discuss in this article here.

CONCLUSION

If you haven’t already, try Gravity Forms. It’s affordable and extremely extensible and reliable. We’ve used this for over 4 years now and never had a problem. We actually haven’t ever had a requirement for a form that Gravity Forms could not do.

Buy Gravity Forms

User Switching

user-switching-screenshot

User Switching is an extremely valuable plugin for WordPress as it allows you (the admin) to log in and use WordPress as other user roles and users to see what they see when they access their WordPress account. Great for troubleshooting problems quickly.

PURPOSE

Allows us to quickly login as Customers or as our Web Agency clients to see what they see when they login to WordPress.

User Switching saves us time by not having to look up the username and password for accounts on the website. We can quickly switch to their user account and experience WordPress as if we were them.

USE FOR

As a web agency we have many clients who manage their own website. They all have different needs, so restrict their access in different ways. Sometimes a client may lodge a support request to say something isn’t working as expected or that they cannot access a specific section of their website. We login to their site with our admin account and use User Switching to quickly switch to their account and see what they’re seeing to help troubleshoot the error.

For BeyondBeaver.com we sell products in our shop and sometimes (rarely) they may encounter an error. We use User Switching to login as them and see the error they are experiencing and then we fix it for them.

OUR REQUIREMENTS

  1. Easily login as our customers to see issues they are experiencing and troubleshoot problems. This speeds up our client support process.
  2. Not be an overly large plugin as we already are able to do everything else in terms of Whitelabelling using Adminimize and User Role Editor.

WHAT WE LIKE

This plugin saves us a great deal of time and effort as we don’t need to remember the usernames and passwords of other user accounts that we need to troubleshoot for.

Once you do switch to a new user, you can always SWITCH BACK to the user you were originally logged in as. So, you can login as your admin and then switch to your website client’s login, fix the problem and then switch back to your admin user – all without having to remember lots of usernames and passwords.

WHAT WE DON’T LIKE

Nothing. It’s perfect, has good reviews, is maintained and just works.

CONCLUSION

If you’re managing lots of websites you need this plugin so that you can save time by switching accounts and not having to look up usernames and passwords.

Download User Switching

User Role Editor

User Role Editor is our favourite plugin when it comes to managing a WordPress website. You can add new User Roles and restrict the capabilities of ALL User Roles on a per User Role basis.

User Role Editor is our favourite plugin when it comes to managing a WordPress website. You can add new User Roles and restrict the capabilities of ALL User Roles on a per User Role basis.

PURPOSE

Allows us to change the capabilities of each User Role in WordPress to help restrict client access.

Some of our clients are more technical, whereas some not. The different needs and technical ability of our web agency customers means that we need to adjust the level of access between each of our clients.

USE FOR

Restricting client access in WordPress. Before we hand over the site to the client so they can manage their own website, we create a new user for the client and set them up with the Editor User Role. Next, we go into this User Role Editor plugin and alter the capabilities of the Editor user role so the client can only do the things in WordPress that we want them to.

OUR REQUIREMENTS

  1. Simplify the Dashboard overall so the user only has access to what they need. This reduces the support tickets we receive from the client as they only see parts of the Dashboard that are useful to them and necessary for the client to manage their website.
  2. Restrict access to areas of the website the client does not need to access. Again, if they don’t have a Blog, we need to hide the Post menu item from them.

WHAT WE LIKE

When you alter a WordPress User Role’s capabilities, you enable/disable the ability for all users in WordPress with this user role to perform certain actions and access areas of the website.

Most of the time we use User Role Editor to remove a capabilities from our clients. When you remove certain capabilities from a user role, it can affect things like the menu items on the left of the dashboard.

So, for example, say we install a third-party plugin and it adds a new menu item to the WordPress admin menu that we do not want our clients to access (maybe it’s a settings page that we’ve configured and don’t want them accidentally changing). We go to the User Role Editor plugin settings page and check whether the plugin has registered a new capability to manage its settings. If the plugin has, we remove this capability from the editor and wa-la – now the menu item is removed from the admin menu and the client cannot accidentally change the settings and cause us a headache.

WHAT WE DON’T LIKE

Nothing. It works exactly as advertised and doesn’t need to do anything extra.

CONCLUSION

Below is a link where you can get this FREE plugin. If you’re wanting to know more about how this works we will most likely be including it in our online course How to build a website in just 1 day without knowing design or code (click here to register for the course).

Download User Role Editor

Adminimize

Adminimize is great for restricting what areas of WordPress users have access to.

Adminimize is great for restricting what areas of WordPress users have access to.

PURPOSE

Allows us to restrict our website clients to only the areas of WordPress they need to access.

User Role Editor (above) allows the changing of capabilities for a user role, as mentioned. So, we use that first and disable capabilities for the editor user role (the user role we give our clients) and by doing this it can sometimes remove some menu items in the main menu in the dashboard – perfect.

But other times there will be menu items that we wish to remove that are not tied to a capability. So, we always use User Role Editor first to remove the capabilities, and then we use Adminimize to clean up and remove whatever from the Dashboard that is remaining after changing the capabilities.

USE FOR

The same reasons as User Role Editor above – restricting client access in the WordPress Dashboard. For example, we remove admin menu items that the client does not need access to. If they don’t have a blog, having the Posts menu item in their Dashboard would be confusing to them. So, we hide them!

OUR REQUIREMENTS

  1. Simplify the Dashboard overall so the user only has access to what they need to reduce support and complexities for the client.
  2. Restrict access to areas of the website the client does not need to access.

WHAT WE LIKE

This plugin allows you to limit access to menu items and parts of the Dashboard per User Role which is exactly what we need. We generally only have one client managing their website and they get the User Role of Editor so we just hide things for the Editor User Role, just like the below screenshot. Notice how the Checkboxes are checked only for the Editor User Role (a checked checkbox means it will be hidden from that User Role). So, in the below screenshot we are running with our example here and hiding the Posts menu item from the Editor User Role that our client has to edit their website.

adminimize-settings

Also, what’s more, you can export and import settings. This is great if you want to give your new client the same access as an existing client. Go to the existing clients Adminimize settings page, export the settings, and then import into the new website’s Adminimize settings and you’re good to go.

WHAT WE DON’T LIKE

Nothing.

CONCLUSION

Below is a link where you can get this FREE plugin. If you’re wanting to know more about how this works we will most likely be including it in our online course How to build a website in just 1 day without knowing design or code (click here to register for the course).

Download Adminimize

Other plugins we will discuss at a later date that we use on all our client websites and recommend you use are:

  • Optimus.io
  • Wordfence Security
  • WP Rocket
  • Yoast SEO

Wrapping it up

As you can see, there’s real reasons that we’re using each of these plugins and together they allow our business to run and they should allow yours to run also.

There’s no overlap in plugin functionalities and the majority of these plugins are FREE!

We’ve seen this group of plugins be used together to build over 400 websites and they are part of the base install we use to build all our client’s websites with, so there’s no reason you can’t also.

Comment below if you think there’s a plugin that we should try or that you’d recommend to our readers

We’re all here to help each other. Let’s share ideas and what’s working and what isn’t.

Comment below.

What you should do next

  1. Click here to experience for yourself the power of the Beaver Builder page builder plugin for WordPress
  2. Click here to view the Ultimate Addons for Beaver Builder templates and sections to see if they can help you with your next project. They have an unlimited license so it’s good to see if you can factor the price of it into your next website
  3. Comment below and let us know if there is a plugin you think is worth us trying and reviewing

11 Comments

  1. majamaki on August 28, 2016 at 9:31 am

    Great article and excellent default tools to use. For security, I would add NinjaFirewall as a must install plugin.

    • Grant Ambrose on August 30, 2016 at 1:25 am

      Great! I’ll check it out. Are you using it with something like Wordfence?

  2. Deskmman on August 31, 2016 at 2:52 pm

    On every site I make I install WP-rocket caching plugin. It speeds up the site by a fair amount and is very clever written – it works even quite well if you don’t change any default setting. The other plugin is from the same guys and is called Imagify. This is a hosted service that hooks in to minify your images but also can give you the possibility to reduce any uploaded image to a max size. Preventing your customers to fill the server with 12Megapixel phone images. The free plan is for most sites enough to keep your media library lean and fast. The paid plan comes with an API key and can be used everywhere so you can offer it as a service.

    • Grant Ambrose on September 2, 2016 at 1:29 am

      Yep I use WP-Rocket for all my websites, also. I haven’t seen Imagify before. I like optimus.io because it is a fixed price per year of only 19 dollars but I will take a look at Imagify. I might write a thorough review on them, also, and compare them with the popular ones like EWWW and ShortPixel etc

  3. Droidism on September 14, 2016 at 11:52 am

    Hi Grant,

    Great site and helpfull resources. I have enjoyed your 30 days to master BB series!

    Now, without further ado, here is my list.

    Cache Enabler by KeyCDN, for those of us that either use Optimus or have not been spoiled by the wonderfull world of fragement caching (Redis, Varnish)

    Postman SMTP, disables wp_mail and allows sending of emails via your email provider like Zoho, Google Apps, Fastmail and so on https://wordpress.org/plugins/postman-smtp/

    Postmark, you and your client(s) want to send emails to the inbox and not the spam folder of your recipient. Especially handy with WooCommerce or Easy Digital Downloads. (think on-boarding, order confirmations, username and password emails)

    Mind you Postmark is not free, but a a rate of 1.50 US$ for the sending of 1000 emails I would’t dare to call it expensive.

    Members Justin Tadlock’s free alternative to Vladimir’s User Roles plugin. Members fades into the WP admin background and it is hard to notice where WP ends and Members starts, which to me is important because I won’t have to deal with flashy or badly styled plugins. I know that design is subjective, but if a plugin blends in with WP it always makes me smile.

    In order to extend Members I use this exstention: Members Role Levels, again by the great Justin Tadlock.

    If you do not like to fiddle with all the settings in user Roles or Members, there is a alternative option, both in the Free and Premium version: Webmaster user Role by TylerDigital. This adds a new “Admin” user role between Administrator and Editor. As TylerDigital describes it ; “Perfect for clients and those who know just enough to be dangerous.”.

    WordFence, with out a doubt. I either include the build in WAF, so no need for Ninja Firewall, which is great by the way, or extend WordFence with a couple of Jeff Starr’s fantastic plugins: Black Hole for Bots(LOL) and BBQ – Block Bad Queries, preferably the paid version.

    Google Tag Management for analytics, ppc, remarketing and retargeting since we all need more clients and our clients also need more clients. Only one great option at this moment, at least in my opinion: Duracell Tomi Google Tag Manager

    Yoast is great, but its UI is getting out of hand and there where some problems with the last couple of versions. So here is one great and free alternative: The SEO Framework by Sybre Waaijer.

    Since there seems no end in sight as to how many plugins we are installing on our sites we need some way to monitor the performance of our plugins. For this purpose I install Query Monitor. This allows you to view debugging and performance information on the database queries, hooks, conditionals, HTTP requests, redirects and more.

    Go nuts, install a dozen more plugins and kick out the slow performers or nag the Dev to death about his badly contstructed WP Queries and demand that he fixes this a.s.a.p.

    There are a couple more I really like like Autoptimze, Better Internal Link Search, CMB2, Disable Embeds, Gauntlet Security, Graceful Email Obfuscation, Pluginception and much much more, all freely available in WP.org

    • Grant Ambrose on September 14, 2016 at 12:51 pm

      Great comment!
      Have you tested the firewall in Ninja VS WordFence? If so, what were the results? I’d love to hear this.

      • Droidism on September 15, 2016 at 1:48 am

        Hi Grant,

        TLDR;
        I have not tested Wordfence’s WAf against NinjaFirewall. In the end both programs are complimentary to each other and fill in specific gaps. My basic setup always is Wordfence and BBQ and Blackhole for Bots.

        The long version:
        Are we going to use the free or premium versions of both Wordfence and Ninjafirewall?

        Wordfence free users get updated WAF rules 30 days after the premium subscriptions have received them. NinjaFirewall WP+ has a couple of nice features added to it like responce body filtering, IP based access control, rate limiting for agressive bots, GEO access control, URL and Bot access control.

        So anyone serious about the security of their website should at least be willing to pay for one or both plugin’s premium features to fully benefit of their capabilities to protect your site. If you are not willing to do so, why bother? Althoug I have to agree that some for of protection is better then none…

        In the end NinjaFirewall is a dedicated program focused on one specific task and that specific task is being a WP WAF. Wordfence does a lot of other things besides being a WP WAF, like password strength monitoring, filescanning (hello base64!) and keeping track of outdated plugins and warning you to update them a.s.a.p.

        Besides that, at least in my opinion, both WordFence and Ninjafirewall are the last steps I would apply in the server stack to protect the sites I manage.

        If you run a large mission critical site I would suggest to reinvest some of the money your site earns into Imperva’s Incapsula in order to help protect your (WP) site.

        But it all begins with good hosting, prefabbly dedicated WP hosting, and log monitoring, log monitoring, log monitoring, looking for php and SQL injections and then applying the ban hammer with Fail2Ban.

        On the sites I manage people get one change and one change only before they get a minimum one month ban. I also monitor IP addresses and look for other offending IP’s from the same network. If this happens to be the case, and the IP addresses originate from a country my clients do not cater to, I have no problem to block a whole 16 bit range basically banning 65,536 ip’s in one go. After a month of no repeat bad behaviour we can think about wether or not the offending network get’s a second change. But i am starting to digress.

        When do you plan on comparring both Wordfence and NinjaFirewall? I am very interested in reading your results and findings.

        • Droidism on September 15, 2016 at 1:50 am

          Completely forgot to add this great resource

          • Grant Ambrose on September 16, 2016 at 8:43 am

            Ok, I read the long version – don’t worry 🙂

            TBH I am no security expert when it comes to WordPress. I have been around the industry for a while now to know that it is a full-time gig and my place is in design and dev.

            When I worked for a large medical company, we had a separate IT department who focused on all this security stuff and liased with a hosting company who set up a custom solution for our website there.

            For the small business websites I do I price them accordingly and take regular backups with the security plugins mentioned in this article.

            If it were a mission critical website I would hire a third party to set up and monitor the security and built that into the fee for the client and if that didn’t fit the clients budget I would not take on the project because I know I am not a security expert.

            You know a lot about the subject. Are you working in a WordPress security type of role?



  4. Nick on October 31, 2016 at 12:51 pm

    Excellent post, thanks! I now have a few more ideas and things to try with a couple of the plugins you mentioned.

    • Grant Ambrose on October 31, 2016 at 1:46 pm

      Great! Glad I could help 🙂

Leave a Comment

You must be logged in to post a comment.

Master Beaver Builder 

Join over 900 people and get 1 mind-blowing Beaver Builder tip each day

x