EXT/TOOLS/RECOMMENDED
Companion registry · Tools we actually use

Recommended Tools for the people running their own sites.

If a Chrome extension flags a problem on your site (slow load, exposed origin IP, missing CDN, broken consent banner) — these are the tools we reach for to fix it on client work. Honest editorial. Declared affiliate links.

15  Tools listed
5  Categories
April 2026  Last verified
How we list tools. Each card is tagged either We use this (we run it ourselves on a current project) or Evaluated (we tested the free tier or trial for at least one client engagement, or compared it head-to-head against a tool we use). Many links here are affiliate or referral links — if you sign up through them we may earn a commission, which can influence which tools we feature. Promotional offers verified April 2026; check the provider site for current terms.
01 / Domain & Hosting

Domain registration & hosting

Where to put a website. Pick by use case, not by brand loyalty.

Pick in 10 seconds:
  • Just need a .com or .com.au?  Namecheap (global) or Crazy Domains (AU phone support)
  • WordPress site, >10k sessions/mo, fix slow Core Web Vitals?  Kinsta
  • Want DigitalOcean pricing with a managed UI?  Cloudways
  • Need an AU data centre + cPanel familiarity?  SiteGround
Namecheap Affiliate
Best for: cheap domain + email bundle We use this

Domain registration, hosting, professional email, and managed WordPress — bundled or à la carte. Free WhoisGuard privacy on every domain.

What we like: We register all our client domains here. Renewal pricing is honest if you decline the auto-add SSL upsell at checkout. Cheaper for .com than GoDaddy by ~$4/yr.
Trade-off: Hosting tier is shared and slow under load — pair the domain with a real host (Kinsta/Cloudways) for anything past a brochure site.
Get a Domain →

Ad / affiliate link — we earn if you sign up.

Fixes: missing domain privacy, exposed contact details, no branded email
Crazy Domains AU
Best for: AU phone support & .com.au Evaluated

Australian domain registrar with local phone support, .com.au registration, and entry-level hosting plans.

What we like: Phone-supported AU registrar matters for clients who need someone to call about a transfer. Pricing on first-year .com.au is competitive.
Trade-off: Mixed reputation among AU developers for renewal-pricing creep. We evaluated against Netregistry and VentraIP — pick on phone-support need, not on price alone.
Get .com.au Domain → Fixes: needing AU-resident registrar, .com.au eligibility
SiteGround Recommended
Best for: AU data residency + cPanel Evaluated

Managed WordPress and web hosting with an Australian data-centre option, daily backups, and SSH access.

What we like: AU data centre matters for clients with data-residency requirements; their staging environment is one-click. We evaluated based on independent TTFB benchmarks — not our primary host.
Trade-off: Renewal price roughly triples after year one, and CPU limits bite on busy sites. We don't host on SiteGround ourselves — we use Kinsta.
View Hosting Plans → Fixes: poor TTFB on AU traffic, missing daily backups
WP Engine Recommended
Best for: agency-managed WordPress at scale Evaluated

Premium managed WordPress with built-in EverCache, dev/staging/prod environments per site, and Genesis framework included.

What we like: The 3-environment workflow (dev → staging → prod) is the cleanest in managed WP for agencies running multiple client sites. SSH + git push deploys included on most tiers.
Trade-off: Pricier than Kinsta on equivalent specs and slower to provision. Their support tiers vary — premium tiers are excellent, base tier is just-OK.
View Plans → Fixes: managing multiple WP sites, no staging environment
Cloudways Affiliate
Best for: WooCommerce on a budget Evaluated

Managed cloud hosting on DigitalOcean, AWS, and Google Cloud with a wrapper UI. 30% off first 3 months currently advertised; verified April 2026 — confirm at checkout.

What we like: DigitalOcean droplet from ~$14/mo with managed Apache/Nginx/Varnish — cheaper than Kinsta for low-traffic WooCommerce. 3-day free trial without credit card.
Trade-off: No kernel-level access; their wrapper hides DO controls you sometimes need. Support tickets can be slow vs Kinsta's chat.
Try Free for 3 Days →

Affiliate link — we earn if you sign up.

Fixes: outgrowing shared hosting, WooCommerce slowness
Editor's Pick
Kinsta Affiliate
Best for: high-traffic WordPress We use this

Premium managed WordPress hosting on Google Cloud C2 machines with built-in CDN and automatic daily backups. 2 months free on annual plans currently advertised; verified April 2026 — confirm at checkout.

What we like: We host our own marketing sites here. C2 + their MU-plugin cache gives ~200ms TTFB from Sydney. Their MyKinsta dashboard is the cleanest in the category.
Trade-off: Overkill (and overpriced) below ~10k sessions/mo — use Cloudways for low traffic. No email hosting, so pair with Namecheap or Google Workspace.
View Plans →

Affiliate link — we earn if you sign up.

Fixes: failing Core Web Vitals, slow WP under load
02 / Security & Privacy

Security & privacy

Layered defense: hide the origin, scan for malware, store credentials properly, encrypt traffic on hostile networks.

Cloudflare Freemium
Best for: hiding origin IP, free CDN/SSL We use this

CDN, DDoS protection, WAF, and DNS management. The free plan covers most small business websites.

What we like: Hides the origin IP that Origin IP Lookup detects, ships free SSL, and proxies traffic through their POPs — measurable Sydney TTFB improvement on every site we've moved.
Trade-off: The free plan's WAF rules are limited; rate-limiting and bot-management cost extra. Misconfigured page rules can break logins — test in staging first.
Protect Your Site Free → Fixes: exposed origin IP, no SSL, slow global TTFB
Sucuri Affiliate
Best for: malware cleanup on a hacked WP site Evaluated

Website security platform: malware scanning, plugin firewall, and unlimited hack cleanup tickets. Free first scan; paid plans from ~US$199/yr.

What we like: If a client site is already hacked, Sucuri's cleanup-and-monitor combo is the fastest path back to a clean state. We've used it on several recovery jobs but don't run it as our default WAF.
Trade-off: Redundant if you already use Cloudflare's WAF. Doesn't fix missing security headers (CSP/HSTS/SRI) on its own — those still need to be set on your host.
Free Scan First →

Affiliate link — we earn if you sign up.

Fixes: hacked WP site, malware infection, recurring re-infection
1Password Affiliate
Best for: small teams sharing credentials We use this

Password manager for teams and individuals. Stores credentials, 2FA codes, secrets, and SSH keys.

What we like: We use 1Password Teams across our crew. The secrets-CLI integration for env vars in deploys is the differentiator over Bitwarden.
Trade-off: Bitwarden is genuinely simpler and cheaper for solo users — pick 1Password only if you need shared vaults, secrets-CLI, or the Watchtower breach reports.
Try Free for 14 Days →

Affiliate / referral link.

Fixes: password reuse, no shared team vault
NordVPN Affiliate
Best for: encrypted traffic on public Wi-Fi Evaluated

Consumer VPN with apps for every platform. Encrypts traffic at the device level and masks your IP from sites and your ISP.

What we like: Solid choice for working from cafés, airports, and hotel Wi-Fi where the local network can be hostile. Independent audits of their no-logs policy have been published; their Threat Protection blocks known malicious domains at the DNS layer.
Trade-off: A VPN won't stop browser fingerprinting or tracker scripts — that's what Browser Sentinel covers. Doesn't fix anything inside your home network either; it only protects traffic between your device and the VPN exit. Free VPNs sell your data — don't use them.
View NordVPN Plans →

Affiliate link — we earn if you sign up.

Fixes: untrusted public Wi-Fi, ISP-level traffic visibility
03 / SEO & Analytics

SEO & analytics

Knowing what's working without the cookie banner debt.

SEMrush Affiliate
Best for: rank tracking + keyword research in one seat Evaluated

SEO platform covering keyword research, competitor analysis, backlink audits, and rank tracking.

What we like: We use SEMrush for backlink audits on client work. Position-tracking dashboard is solid; their AU local-pack data is more accurate than Ahrefs in our spot checks.
Trade-off: Ahrefs is better for content-gap analysis at the same price. Skip if you only need keyword research — Google Keyword Planner + Ubersuggest covers that for free.
Try SEMrush Free →

Affiliate / referral link.

Fixes: no rank tracking, missing backlink audit, blind to competitor keywords
Google Search Console Free
Best for: every site that wants to be in Google We use this

Google's free tool for monitoring search performance, crawl errors, indexing status, and Core Web Vitals.

What we like: Free, official, no substitute for the indexing and Core Web Vitals reports. First thing we set up on every new site.
Trade-off: 16-month data limit; query data is sampled and rounded — pair with GA4 for full picture.
Add Your Site Free → Fixes: blind to indexing problems, unknown Core Web Vitals scores
Plausible Analytics Affiliate
Best for: cookieless GDPR-clean traffic stats Evaluated

Lightweight, cookieless web analytics built in the EU. ~1KB script, no cookie banner needed in most jurisdictions.

What we like: Genuinely cookie-free analytics that satisfies AU Privacy Act + GDPR without a consent banner. Numbers reconcile with GA4 within ~5%.
Trade-off: No event-funnel/cohort analysis like Mixpanel or PostHog — Plausible is for pageview reporting, not product analytics. Pair with PostHog if you need behavioural events.
Start Free Trial →

Affiliate / referral link.

Fixes: GA4 complexity, cookie-banner pre-consent fires
04 / Privacy & Compliance

Privacy & compliance

For sites that need a real consent banner — not a cosmetic one.

Usercentrics (Cookiebot) Affiliate
Best for: AU Privacy Act + GDPR consent Evaluated

Consent management platform from Usercentrics (parent of Cookiebot). Scans your site, builds a region-aware banner, and blocks pre-consent tag fires. 14-day free trial; 15% off Premium for first 6 months currently advertised; verified April 2026 — confirm at checkout.

What we like: One product covers AU Privacy Act, GDPR, and CCPA — saves running separate banners per region. Their script blocks tags before consent, which is what Tag & Cookie Sentinel checks for.
Trade-off: Setup takes hours, not minutes — every tag-manager trigger needs auditing. Free tier is single-domain only. Open-source alternatives (Klaro!, CookieConsent) work for simple sites.
Free Trial + 15% Off Premium →

Affiliate link — we earn if you sign up.

Fixes: pre-consent tag fires, missing AU/GDPR/CCPA banner
05 / Developer Tools

Developer tools

The bench tools the team actually uses, not the ones with the prettiest landing page.

JetBrains IDEs Affiliate
Best for: refactoring-heavy backend work We use this

Professional IDE suite — WebStorm, PhpStorm, IntelliJ, PyCharm. From ~US$8.90/mo per IDE; All Products Pack for full access.

What we like: WebStorm is what our backend team uses day-to-day. The refactoring engine and built-in debugger save real time vs VS Code on TypeScript projects.
Trade-off: Heavy on RAM (3-4GB per project). VS Code wins on extension breadth and speed for casual editing — pick JetBrains only if you refactor a lot.
Try Free for 30 Days →

Affiliate / referral link.

Fixes: VS Code refactoring limits, multi-language backend projects
Figma Freemium
Best for: shared design work across roles We use this

Collaborative interface design tool. Free tier covers solo work; paid tiers unlock team libraries and Dev Mode.

What we like: Real-time multi-cursor editing makes async design reviews painless. Dev Mode generates inspect specs that map cleanly to Tailwind/CSS.
Trade-off: Free tier limited to 3 files. Acquired by Adobe in 2022 — pricing direction is uncertain. Penpot (open-source) is a credible alternative if you're worried.
Start Designing Free → Fixes: design-to-code handoff, async design review
Postman Freemium
Best for: shared API workspaces & collaborative docs Evaluated

API platform for designing, testing, mocking, and documenting APIs. Free tier covers solo developers.

What we like: Workspaces + auto-generated API docs are still best-in-class for teams. Replays captured API calls and saves them as runnable collections.
Trade-off: Required login for the free tier irritated the community in 2023. We've moved internal API work to Bruno (open-source, Git-native) — only Postman if your team needs collaborative workspaces.
Download Free → Fixes: replay captured API calls, no shared API documentation
Sister companies

Need help implementing? Talk to one of our teams.

Disclosure: we own these. Cosmos Web Tech, Cloud Geeks, and Awesome Apps are part of our parent company, Ganda Tech Services Pty Ltd — they're not third-party recommendations.
Cosmos Web Tech Our Team

Web design, SEO, and Google Ads for Sydney SMEs. Quoted projects from AUD 1,500.

How we work: Sydney design + dev team. Same tools list, applied on client projects.
Book Free Consultation →

Our own service — not an affiliate link.

For: SEO, website design, Google Ads
Cloud Geeks Our Team

Managed IT, cloud infrastructure, and cybersecurity for Sydney SMEs. 24/7 support tier available.

How we work: Our IT arm — same team that builds the extensions on this site also runs IT for SMEs.
Book Free IT Review →

Our own service — not an affiliate link.

For: IT support, cloud, cybersecurity
Awesome Apps Our Team

iOS, Android, and React Native apps by Sydney engineers. Quoted projects from AUD 5,000.

How we work: Cross-platform mobile development — same standards for clients as for our own products.
Get App Quote →

Our own service — not an affiliate link.

For: Mobile app development