First published on April 20, 2020
I’ve said this a few times in the past, but my goals to improve my WordPress blog taught me HTML and web design. I’ve downloaded a lot of WordPress plugins for extra features without knowing I could’ve achieved the same goal with a few lines of HTML or editing a file that already exists.
I get that some WordPress administrators convenience or don’t have server access. Everything on this list can be debated with “it makes my job easier.” That doesn’t mean you need it.
It’s been a long while since I’ve shared IT content on this blog. To fix this, here are some WordPress plugins you don’t need to have a great website.
WordPress has a long, growing list of websites it can automatically embed with oEmbed. Many sites share HTML, and sometimes Markdown (Clyp.it), code to easily embed content. Spotify, Soundcloud, Twitter, YouTube, and Vimeo do this.
When I first started, I was a fan of Real Favicon Generator because it had:
- Options to change the background color for favicons on mobile phones
- Previews on desktop browsers
- And an easy-to-use interface
None of those require a WordPress plugin. You can add background colors to favicons easily with GIMP – a free Adobe Photoshop alternative. Browserling.com can preview favicons in Firefox, Chrome, Safari, and Opera on desktop for free.
I created this list before WordPress included Gutenburg WYSIWYG drag-and-drop features similar to Wix and Squarespace. Before, you needed to add tables with HTML or plugins like JTRT Table or TablePress. Now, making and changing tables take seconds. No plugin required.
An exception: Custom Database Tables (CDBT) shows a table from a new database directly on the website with a search function. It’s the only database table plugin I’ve seen but it’s been abandoned for 3 years as of February 2020.
Flowpaper and other PDF plugins allow you to view and scroll through PDF’s within a webpage. But
iframe elements can cause vulnerabilities. X-Frames-Options and Content Security Policy (CSP) protect against such cross-site scripting (XSS).
It’s safer to offer a link to the saved PDF and let them know it’s a PDF link, not another webpage. Let the user choose to open the PDF in a new tab or their default PDF viewer.
Or maybe show an image with a link to the full PDF.
Add From Server
As of now, you have to upload media files with the WordPress media library to select it in there. Otherwise, you need to remember the URL/file path for the media file when you upload with a server file manager (e.g. cPanel), abbrFTP file transfer protocol program (e.g. FileZilla), or SSH connection.
That shouldn’t be an issue if you organize your files with a standardized format. For my podcasts I used
podcast-[topic]-[date].mp3. It’s a public file so there’s no need to hide, or obfuscate, anything.
A plugin just to show files in your WordPress media library is unnecessary.
Table of Contents
Easy Table of Contents and similar plugins quickly gather your header elements (h1-h5) into a table of contents menu. You can do this yourself with a unordered (
ul) list block.
Redirect to HTTPS (SSL)
Redirecting webpages and images to HTTPS doesn’t require the Really Simple SSL plugin. It is faster, especially for fixing mixed content errors. But you can change the WordPress and site URL to HTTPS in the settings menu. Then, do a search-and-replace in your WordPress database for all media from HTTP to HTTPS with a temporary plugin (one that does the action so you can delete it afterwards) or WP-CLI (WordPress command line interface) commands.
Big images look better. They also take longer to load because the user’s browser has to resize it on the spot. After realizing this from GtMetrix.com and browser developer tools, I started to scale images in GIMP before uploading. I upload the larger version too when appropriate.
This is the most debatable one on the list regarding workflow and access rights. If you have access to server backups, that may suffice if you set scheduled backups with a cron job or something similar. WordPress backup plugins usually easily migrate and restore websites within the WordPress dashboard.
You don’t need a WordPress Super Cache or W3 Total Cache (W3TC). It’s one of many legitimate options for better performance. Some web hosting companies have caching software installed (e.g. Nginx and PHP-FPM). And there’s always the Cloudflare content delivery network (CDN) if you’re willing to change your nameservers and learn their interface. You don’t need WordPress plugins to use Cloudflare.
Security HTTP headers help harden your website. The HTTP Headers WordPress security plugin is great. I covered Content-Security-Policy and X-Frames-Options above in the PDF viewer section. There are more, though:
- HTTP Strict Transport Security (HSTS) forces HTTPS (SSL) usage at the browser level
- Feature-Policy controls what browser features can be enabled (mic, MIDI, webcam)
- Referrer-Policy limits what header info is given when someone clicks links on my website going elsewhere
- X-Content-Type-Options state that MIME types shouldn’t be changed
How? Make a copy of your WordPress .htaccess file – .htaccess_old, .htaccess_backup, etc. Edit the original file. Copy the HTTP headers from the plugin section to the top of the file. Then, deactivate the HTTP headers plugin. If the security tests above give the same results, you did everything right.
Save yourself some potential vulnerabilities and speed. Stick with the WordPress plugins you do need.