MVP for WP sites

(Yousef Alam) #1

Now that we’re deploying blank WP sites for the migration, it seems like a good opportunity to discuss which plugins/themes etc we should ensure goes onto every site.

The only two I’ve come across so far is the Easy WP SMTP plugin for email and Akismet for spam filtering. Some type of caching would be nice.

//cc @Mte90 because I know he does a lot in the WordPress community and will definitely be helpful.

(Tom Farrow) #2
  • Anything you need for the sites to work (Easy SMTP? No idea)
  • W3 Total Cache
  • WordFence
  • Akismet
  • 2FA of some sort

We should not default install any plugins besides what we need for the infrastructure to be effective and secure.

I like the idea of having a list of addons that communities like though, and we could even have a spreadsheet that lets opsec give a “seal of approval” or strike out plugins they screen.

(Tanner Filip) #3

Why do we need these two?

(Logan Rosen) #4

W3 Total Cache is one of the most-used plugins with the best reputation for speeding up the performance of a WordPress site, and it can link in with CDNs for faster content delivery.

And WordFence is a popular security plugin that is constantly scanning for vulnerabilities in your WordPress site, something that I think is key given WordPress’s propensity to being breached.

(Tanner Filip) #5

I don’t know enough about the first to make any more comment on it, but the latter is taken care of by MainWP.

(Logan Rosen) #6

MainWP has some basic security features built in, but it’s not nearly as comprehensive as what comes with something like WordFence. There’s even an official plugin to integrate MainWP and WordFence (which I believe @tad and I tried out earlier).

(Syed Muhammad Mahmudul Haque) #7
  • Contact Form 7
  • Google Captcha (reCAPTCHA)
  • Disqus Comment System

(Tom Farrow) #8

MainWP is very very basic security out of box.

We have access to the WordFence extension for MainWP, and WordFence’s scanning is exceptionally well perceived.

For W3TC, Yousef mentioned caching. This is the best plugin we found for caching.

(Daniele Scasciafratte) #9

Sorry for the delay but I was busy for an event.

I suggest:

  • browserid-wordpress Also knows Persona - Authentication system that use persona for wordpress
  • Yoast seo - that add many useful information and settings to improve the seo
  • Wordfence - is amazing to have a secure website
  • Ithemes security also know better wp security - to add many workaround and disable many feature like limit login attemps
  • Zero antispam - respect akismet this add honeypot for spam so you don’t need akismet

IS the worst system for comments and not follow so much the privacy guidelines of mozilla.[quote=“mmhyamin, post:7, topic:9402”]
Contact Form 7

This is for create contact customized form that is not useful without an analysis,[quote=“mmhyamin, post:7, topic:9402”]
Google Captcha (reCAPTCHA)

That for comments will be useful but there are other resources more simple and in house.

Also Mozilla release different plugins to add support for the last new cool APIs on:

About web push notification on updated, offline caching with websocket, so i think that will be useful also for promote them and promote that features for other websites.

(Yousef Alam) #10

So my list is currently at:

  • Easy WP SMTP
  • W3 Total Cache
  • WordFence (w/ MainWP extension)
  • Akismet
  • WP Offline Content
  • WP Content Security Policy Plugin

Let’s do this. We probably need to gather data from the old websites to see what communities are using right now.

This is probably a good opportunity to allow communities to have their blog comments powered by this Discourse instance.

(Tanner Filip) #11

I don’t think we’ll be using this. Persona is shutting down in a few months.

What advantages does this have over Akismet? We already use Akismet on Discourse, and it works pretty well.

I like that idea, but will users have to create a new account to sign up? If so, do we think that it’ll increase the number of malicious/spam users on this instance?

(Tanner Filip) #12

One I’d like to add is Google Authenticator - everybody with a certain level of access should be required to use 2fa, imo. It doesn’t appear to be built-in to WordFence or MainWP.

(Yousef Alam) #13

Assuming you mean having to log in here, yes.

Nothing significant.

(Daniele Scasciafratte) #14

The wp plugin to integrate discourse is very amazing and yes will be very better also to promote the forum.

This is true, but actually we don’t have an alternative, maybe when firefox accounts api will be avalaible someone will create a plugin or we can use the discourse system for authentication also on wordpress.

Akismet call an external service to check the message, that plugin use many way for have a honeypot system so it’s more fast respect to call an external service.

(Benjamin Kerensa) #15

Securi is probably a better choice than Wordfence and is also free.

(Valid Mesic) #16

Contact form 7 - create custom contact form
smart slider - for quality slider images
google xml sitemap - add priority and create xml sitemap
yoast seo - the best plugin for seo, very simple and friendly
nextgen gallery - plugin for your gallery

Best regards,