I was asked recently what plugins you need. Pluginitis is something I’ve written about before.
When looking for plugins for your site, think security, Google, then functionality. Here are the plugins I recommend.
Limit Login Attempts limits the amount of times someone can unsuccessfully try to log into your site before they are locked out for a period of time that you specify. This stops bots from trying to guess your username or password.
Wordfence is a powerful antivirus and firewall in one.
Get Off Malicious Scripts searches for Malware and other Virus like threats and vulnerabilities on your server and it helps you remove them.
I don’t use an antispam plugin. WordPress has built-in anti-spam.
I grab the ISP of any spam in my comment spam folder, then blacklist it by going to Settings>Discussion in my dashboard. Then scroll way down and you will see a box to blacklist ISPs. You can also blacklist individual words, email address, or anything else you want. I’ve found it sufficient to just blacklist the ISP.
Remember to delete the spam comment afterward.
Updraft Plus is the best set-um-and-forget-em plugin. It backs up all your wordpress files, not just your database.
BackWPUp also backs up all your WordPress files but only does it automatically with the paid version. You just have to remember to manually back up your site each time you post to your blog or make a change to your site.
At this time I think all plugins that only back up your database are inadequate.
SEO by Yoast adds everything else you will need to make Google happy such as a sitemap and on page titles and page descriptions. There are other SEO plugins that work in a similar fashion, this one is the most comprehensive.
Broken Link Checker checks your site for broken links.
I won’t recommend anything here because every site needs something different. The thing is to make sure you only have one plugin for each function so you don’t create a conflict.