10 WordPress plugins for a writer’s blog

WordPress is an excellent tool for getting your writing online, but as a web programmer I know that it lacks some important features ‘out of the box’. When I set up this site I immediately added ten free WordPress plugins to get the basic functionality all good websites need.

Here is my list of ten essential WordPress plugins for any writer’s blog, which I’ve divided into three groups; QA, Extra functionality, Security and utilities.

Plugins to QA your content


Feel the need for speed…with caching

A slow website will lose visitors. A cache speeds up your site by delivering saved copies of your content, instead of WordPress generating a new page for every visit. The only downside of caching is visitors may not see the latest version of a page for your cache timeout, unless they press CTRL+F5. A fifteen minute cache timeout is standard, so unless you’re running a news agency that’s not really an issue.

WordPress has no caching by default so I chose WP Super Cache as it’s free, very popular and was highly rated in this detailed analysis. I also have a related plugin ‘clear all cache’ which provides a button to empty the cache so you know everything is bang up to date, which can be useful for fault diagnosis.


Know if you have broken links

All websites should avoid broken links. Pages get moved all the time on the web, whole sites disappear and YouTube videos are taken down without warning. Broken links are frustrating for visitors and having more than a couple on your site gives the impression content was published, then forgotten about.

A broken link plugin will do periodic scans then alert you by email and the WordPress dashboard so you can fix and republish your content. They don’t always get it right, and if you manually check the link it may actually be fine, but the occasional false positive is better than having broken links go unnoticed for months. The suitably named Broken Link Checker performs this task for my site.


Know if your site ever goes down!

Automated checks can watch your site 24/7 while you’re busy doing other stuff.

My hosting company ran a script which kept taking my site offline because a WordPress admin script ran on too long. After a couple of incidents I found the answer (increase the memory allocated to WordPress and set a global limit on script execution time). If the downtime happens again I’ll know because the uptime check visits my site every 5 minutes and emails me if it becomes unavailable, and mails again when it comes back up. I can look at the history of these checks and know if my site has gone offline, suggesting a problem with the hosting or suggesting my site may have been hacked.

Uptimerobot.com gives you 50 free checks. I have one check looking at the homepage, a second at a blog page. Searching for a specific word or phrase on the page is the most reliable method. You can login to your account directly or via a the uptime robot monitor plugin, allowing you to view the data on the WordPress admin console. Also the free checks don’t have to point at sites you own – so if the broken link checker tells you an external site down frequently, you could have uptimerobot.com check the link, and decide if you want to remove your link.

Professionally I have also used Pingdom.com and found the UI and support to be very good, but they don’t seem to be offering any free options currently.

Plugins that add functionality


Add nice share buttons

Social media is key to maximising your readership. I think readers may be more inclined to share your work if they see a nice set buttons displaying logos for Facebook, twitter, tumblr etc in a size and style that compliments your site.

I use Simple Share Buttons plugin which works well enough for me, although I did need to tweak my stylesheets to prevent the logos displaying underlined.


Control your site’s look on social media

Open Graph data determines the image and summary text that appears when someone shares your post. This can be a bit hit and miss without a good plugin. Before adding a plugin all my post shares were displaying the homepage banner image, which is fine as a banner but not usually relevant to the subject of the post.

I tried a few Open Graph plugins which either didn’t work or were intermittent and eventually settled on WebZunder open graph plugin.


Use a contact form rather than an email address

Even with a dedicated contact form you’ll get some spam mail from companies trying to sell you web design and promotion, but far fewer than if you displayed your email to every spammer on a contact page, so use a contact to hide your email address. With some contact forms you can enable Captchas, but Captchas have a negative impact on user experience and accessibility. Unless you get large volumes of spam through your contact form, I would do without them.

I found Contact form 7 was easy to set up and has a suitable range of options.

Security and utility plugins for WordPress


Move your wp-admin page

Top of your security ‘todo’ list should be renaming your admin user and moving your login page to a less obvious path. You can change the main admin user name at any time from the WordPress dashboard. Having a custom location for the door into your website should really be a core feature of WordPress in my opinion, but it’s not so you will need a plugin. It’s necessary because even if you remove all mention of WordPress, hackers can easily identify a WordPress site and they will try breaking in from standard routes like /wp-admin or /login.php. Of course make sure you have your new admin name, login page location and recovery information recorded somewhere safe in case you clear your browser cache or your pc breaks down!

Also before you change your login page remove the WordPress ‘meta’ menu from your site. You can’t edit this menu and it contains a link to the login page, so if it’s life it may display your freshly hidden login location to all and sundry! Hide my WP seems to be get checked for compatibility with the WordPress core updates more frequently than most, and I found it easy to set up.


Build a wall or put up a fence

All websites need basic security which WordPress by default lacks. A security plugin will run a firewall, protect against DDOS attacks (high volumes of requests intended to overload your site) and check your site against the official source code to detect any alterations made by hackers. I went with WordFence as it’s highly rated. There’s also safety in numbers, as WordFence is installed on a large numbers of sites, which should lead to a faster identification of any threats and security updates for users than a less widely used plugin.


Hook up some visitor stats

Visitor statistics have a value but website stats are like any other, i.e. usually found in the same ball park as those lies and damned lies. I use a plugin for stats and see several visitors per day (unique IP addresses). But drilling down into the stats many of these are classified as ‘adult entertainment’ meaning they come mostly from bots, spam referrers and hackers – not porn stars fascinated by my insights into the meaning of life. On the other hand, these non-visitors will probably remain at a fairly constant level, so if you publish a great new post or do some promotion, then soon after see a noticable increase in traffic, you can use the stats to confirm you have genuinely reached more of your target audience. See stats as a relative rather than absolute tool.

Many blogs use Google analytics, which is a free and a very mature analytic tool, but relies on your site issuing a tracking cookie to the user. According to EU law you should ask visitors before setting any cookie, and browsers might display off-putting security warnings to the user. That’s not really an issue for a large well known organisation, but for a small site doing without cookies for everything except taking payments or user login is desirable. For this reason I use the statistics plugin New Stats Press in preference to Google Analytics. It displays some useful information and has a nice graphical layout.

And recommendation number 9½ is a separate plugin to block what’s called spam referrers – they visit your site hoping you’ll see their visit, then make the return visit to a site containing hostile code, or perhaps even display a list of ‘top referrers’ on your homepage, even though no-one does that anymore… it’s just so 1990s. Spam referrers can be simply ignored but they mess up your stats so I use WP referrer spam blacklist to limit such traffic. These can only be partially successful as spam referrers keep changing their IP addresses and some will always find a way through.


Schedule regular backups

If the worst does happen it’s easier to restore your site from a backup than rebuild a new instance. I keep ten days worth of backups in case I realise I’ve made a serious configuration error and don’t have the original version to return to. For small non commercial sites a free Dropbox or Google Drive account gives the backup plugin somewhere to deposit the backup files, which is better than having to log in and do it manually. It’s reassuring logging into Dropbox and seeing a folder with full backups of the site content and configuration. Updraft plus has good ratings and has been my backup plugin of choice.

If you’re not updating your site often and have a local copy of all your content safe from hackers, I would consider having only a weekly backup. If you do think you’ve been hacked get some advice from forums before restoring from backup, as the code that compromised your site may have been resting there for some time.

I hope you’ll find these recommendations useful. Most of us spend hours rewriting our posts, or tinkering with layouts to get our content and appearance of our sites exactly the way we would like. These plugins are generally quick to install and work without much additional configuration, so it’s worth reserving some time to give your writer’s blog some the features that turn it into a fully fledged website.