This article is from a previous WordPress Norwich Meetup giving live WordPress Support, this is archived and may not be up to date.
The first Norwich WordPress Meetup of 2019 was centred around a very broad topic of WordPress Plugins. The key areas we discussed included:
- Must-install plugins
- GPL and how it relates to plugins
- Useful utility plugins
- Themes vs Plugins
- Security and GDPR
Must-install WordPress Plugins
In addition, several attendees shared their “must-install” plugins. Among these, the most commonly mentioned ones included:
- Advanced Custom Fields
- Contact Form 7
- Gravity Forms
- Yoast
- Wordfence / iThemes
Personally, my “must-install” plugins include: Advanced Custom Fields, Yoast, Two-Factor and ShortPixel. I often use Contact Form 7 and Gravity Forms but these depend on the project as sometimes Gravity Forms is overkill (e.g. if I only need it for a contact form) so I’d use Contact Form 7. There are obviously other plugins I use but I wouldn’t class them as “must-install”.
Plugin GPL
We touched on GPL and how it relates to plugins. As Matt (Co-founder of WordPress) mentions: “If WordPress were a country, our Bill of Rights would be the GPL because it protects our core freedoms.” You can read a really detailed article about GPL and how it relates to WordPress at the Kinsta blog.
Utility Plugins
Next, we discussed useful utility plugins. Developers at the meetup mentioned Query Monitor as a key tool. They explained how to use it correctly. This plugin helps debug and improve website performance effectively. Fun fact: The developer of Query Monitor used to lead the Norwich WordPress meetup.
WordPress Security Plugins
Security plugins mentioned included Wordfence and iThemes. Many people in the room actively use these tools. Both plugins offer free and paid versions. Additionally, they provide useful features for protecting WordPress sites.
Although I’m not completely against Wordfence or iThemes because I believe they are much better than nothing and do have some upsides, I did point out that they can majorly hurt website performance and can be overkill along with disguising underlying security issues you may have.
Even though I was a bit dubious about going too much off core topic I did discuss about secure code best practices including sanitisation, escaping all the things, fail2ban, Two-factor authentication, secure hosting and Cloud Web Application Firewall such as Cloudflare Pro or Sucuri. I did make the point of saying that if in doubt then stick with Wordfence or iThemes because they are much better than nothing and the last thing I wanted was for people to think these two plugins are pointless. I hope we have a more in-depth security related session in the future. GDPR was also discussed, including the new WordPress privacy tools and the importance of making sure any plugins comply with GDPR, especially in regards to personal data retention.
WordPress Themes vs WordPress Plugins
Although we were short on time, we briefly discussed themes vs plugins. The main takeaway focused on clear separation of roles. Ideally, themes should control appearance only. Plugins should handle all data-related functionality. For example, changing a theme shouldn’t remove any important content or features. This approach keeps the website flexible and future-proof.
Conclusion
This Norwich WordPress meetup was informative and full of insight from creatives, developers, business owners, and bloggers. New faces joined us too. A few newcomers felt unsure at first because they thought the group seemed too advanced. Thankfully, I reassured them that everyone is welcome, no matter their level. It’s vital to hear from all users to help each other improve. As a developer, I find it crucial to understand how others use WordPress. Often, developers build for themselves and forget real-world usability.
