You can access the list of Plugins of your P4 instance from your Admin Dashboard > Plugins.
Installation and updates of plugins is happening via the composer scripts. All the plugins that are present in all installations are defined in the common composer file. Additionally, plugins that are installed only on a specific P4 site is defined in the composer file for that site. For example, Loco Translate is only installed on the handbook site, and is defined in the handbook composer file.
Open source plugins are being pulled from wpackagist.org. To add a plugin, you have to find the correct wpackagist record, copy the line and insert it in the composer file as the loco translate example above.
Akismet is quite possibly the best way in the world to protect your blog from spam. Your site is fully configured and being protected, even while you sleep. More info in P4 > Settings.
CMB2 will create metaboxes and forms with custom fields that will blow your mind. More info on the wp.org plugin page.
Allows administrators to anonymize the IPs of visitors who comment on the website, and retroactively delete the IPs from comments in the database. Instructions on setup.
Manage all your 301 redirects and monitor 404 errors. More on Redirects on the wp.org plugin page.
User Interface for adding shortcodes. More info on the wp.org plugin page.
Required by the Planet4 master theme. The WordPress Timber Library allows you to write themes using the power of Twig templates. More info on the wp.org plugin page.
Anti-virus, Firewall and Malware Scan. More info on the wp.org plugin page.
Upload and serve your WordPress media files from Google Cloud Storage. More info on the wp.org plugin page.
Translate Planet4 themes and plugins directly in WordPress. Used only in this awesome handbook site. More info at Translate P4 theme, strings (commands) and plugins or in the wp.org plugin page.
P4 has no SEO plugin installed or recommended. SEO plugins do a lot of things, some of which are not even things that should be done (eg. trying to "trick" Google into thinking that a page is something different than it is).
We have identified several features that are also being offered by some SEO plugins, such as open graph data (documented at PLANET-1888 and released in v1.8) or write beautiful URLs (using core WP functionality with small taxonomy modifications documented at PLANET-1879 and released in v1.9).
Our choice of operation is not "There is a plugin, let’s install it and see what it does", but “We need feature A, let’s find the best way to deliver its functionality”.
The philosophy of adding plugins to a P4 site can be summarized in the following:
WordPress is not inherently unsafe. The vast majority of security or incompatibility issues on WordPress sites come from badly written or not maintained plugins.
Don’t choose plugins, implement features.
Be extremely careful
We have described a process that should be followed every time a plugin is considered.
Decide on the features you want
Investigate if these can be done by WordPress core
If not, investigate what 3rd party plugins exist, and a do a functional fit analysis
Do a security analysis of the selected plugins, including reputation, maintenance history, and code analysis
Install them on the test server and do a thorough testing (using both automatic testing and manual testing) to see if they create problems in other areas of P4.
Get them installed on the relevant site, by having them being added to the relevant composer file