A beautiful site that gets hacked or doesn't send emails is a useless site. Here is the starter pack for your and your client's peace of mind.
1. Security: Wordfence + Cloudflare 🌟
No competition. Wordfence is the standard for brute force protection and firewall. Always pair it with Cloudflare DNS for unbeatable network-level protection.
2. Backup: UpdraftPlus 🌟
Never trust the host alone. UpdraftPlus allows you to save remote backups to Google Drive or Dropbox. If the server explodes, you restore in 5 minutes.
3. Email / SMTP: FluentSMTP 🌟
WordPress emails (PHP Mail) end up in spam. Always. Install FluentSMTP and connect it to a provider (Amazon SES, SendGrid, Brevo). Transactional emails must arrive.
4. GDPR: Complianz 🌟
Unless you use external services for cookie policy (like Iubenda), Complianz is the best internal plugin. It proactively blocks cookies and generates solid legal documents.
5. The discovery: Admin and Site Enhancements (ASE) 🌟
This plugin replaces 10 "small" plugins. It allows you to:
- Clean up the admin bar.
- Duplicate pages/posts.
- Enable email login.
- Change login URL.
- And much more. Lightweight and modular.