Blog post

The essential WordPress plug-ins every website needs

Date of post

21 October 2024

Read time

20 mins

WordPress is a powerful CMS (content management system), but it can be limited out of the box. Features like automated backups, advanced security, aggressive caching, and alternate content types aren’t included. 

Thankfully, WordPress’ strength lies in its flexibility. Due to its popularity, the platform has a large community of developers. And these developers love to tinker! That’s where plugins come in.

Plugins are modular pieces of code bundled up into an easily installable package that can be installed on your WordPress site. Generally, they add new features, enhance existing features or connect your site to any number of other third-party services.

With over 59,000 plugins available in the WordPress repository and thousands of options provided by third parties like Code Canyon, it’s easy to get carried away installing them. 

Here at Marketing Labs, I tell our clients to avoid installing too many plugins, but this time, I’m going to tell you to give a few a try. But be warned—not all plugins are created equally, so I’ll also explain:

  • best practices when installing plugins 
  • the process of choosing good plugins for your specific needs 
  • balancing functionality with performance and 
  • maintaining a healthy website

Why plugins are essential for WordPress

An out-of-the-box WordPress installation will work as a robust blogging platform. After all, WordPress was originally developed for blogging. Unfortunately, that does mean it can be a little lacking in other areas. For example, a clean WordPress install has no eCommerce functionality. This must be added with the WooCommerce plugin

Plugins allow you to customise your website to meet your specific needs without having to modify the core WordPress code yourself or hire a know-it-all developer like me!

Chances are, if you need it, someone’s already developed a plugin for it. Plugins can add a wide variety of features to your site, and the beauty of WordPress is that they have a wide variety of plugins:

– Need an e-commerce store? There’s a plugin for that.
– Want to improve your site’s SEO? There’s one for that, too.
– Want to speed your site up? There’s a plugin for that.
– Want to slow your site down? There are loads of plugins for that.

Wait, why would you want that last one? Of course, you wouldn’t. As you can see from the last point in that list, some might have adverse effects. If you’re not careful or get a little overzealous, you could end up hindering your site’s performance or, worse, compromising its security, which brings us to our next section. 

Are WordPress plugins worth it?

The short answer is yes.

The long answer is still yes, but you get an explanation:

Plugins allow you to extend the functionality of your WordPress website without writing a line of code. This can be a game changer for website admins since you don’t have to learn the ins and outs of web development just to set up a new contact form or to automatically subscribe your customers to an email newsletter (with their consent, of course).

Even for those who do code, quickly installing a plugin often requires much less effort than building and implementing functions from scratch. This also comes with the added benefit of not maintaining a huge custom code base or deploying frequent updates. We’ll let someone else take care of that for us.

With all that said, it’s important to use plugins carefully and test them before permanently deploying them. While they can greatly enhance your site, too many plugins or poorly coded ones can slow down your website or potentially create security vulnerabilities. The key is to choose high-quality plugins from reputable sources and only install those that are truly necessary for your site’s functionality. 

If you find yourself Googling “Best WordPress Plugins”, consider whether you need to install anything on your site. Chances are, based on such a loose search term, you’re just looking for inspiration. And there’s nothing wrong with that, but you should be careful and avoid installing plugins for the sake of it.

Having countless plugins on your site just increases your attack surface, and it only takes one plugin that’s not been updated in a while to present a security vulnerability that could lead to your site being compromised.

But you’re going to be sensible, aren’t you? You’re not going to get carried away with the immense power I’m about to bestow upon you, are you?

Our list of essential WordPress plugins every website needs

Please read this carefully…

You should only install a plugin if you actually need the functionality on your site. It’s very easy to fall into the trap of installing plugins for one-off uses and never removing them. I’ve done my best to make sure this list contains plugins that you will want and probably need, but let’s be sensible. Maybe you don’t need a contact form plugin if you’re using HubSpot, or if you’d rather your customers just call you. And perhaps you don’t need a backup plugin if your server has built-in backups.

Anyway, rant over. Here are my top picks…

SEO plugins

It wouldn’t be a Marketing Labs blog post without mentioning SEO, right? SEO plugins can be an incredibly useful tool to guide you in optimising content for search engines.

Search engine optimisation (SEO) is crucial for increasing online visibility. When done right, SEO helps your website rank higher in search engine results, making it easier for your potential customers to find your business.

Most SEO plugins offer features like keyword optimisation, readability analysis and sitemap generation tools. These tools can help streamline the optimisation process and guide you with best practices.

Installing an SEO plugin will do next to nothing for you without a basic understanding of SEO, how it works, or a clearly defined strategy. It might help set you up for success, but we often need to warn our clients that SEO plugins are not just a checkbox exercise.

– [ ] Add your keyword # times.

– [ ] Make sure your keyword is in the h1

– [ ] Add your keyword to some h2s

Theoretically, you could optimise a page using the checkboxes they give you, but the keyword you’re optimising for could be of no value to your site. Congratulations, not only have you wasted your time, but you believe you’ve been productive.

SEO plugins are there to assist you, but they can’t come up with a strategy for you. You need to consider what keywords you should try to rank for, and that’s not always as obvious as you might first think. Is the keyword highly competitive? Is it a longtail phrase or a broad subject? You may be able to get a post or two ranking for some long tail keywords using the basics, but you could be wasting your time with any competitive keywords.

Upsell time: We recommend a tailored SEO strategy suitable for your business and designed to help promote your website.

Our favourite plugin in the SEO category

Rank Math is user-friendly and has a great setup wizard, making it easy for beginners to get started. They also offer an import tool allowing you to easily swap from other SEO plugins.

Other SEO plugin options

Yoast 
All-in-One SEO 

Backup plugins

I’m going to say it again: Do you need a backup plugin? Have you checked if your host already provides backups? If you’re paying for storage space on your hosting package, bear in mind that the default setup for backup plugins is to save the backup to your server’s file manager, so a few backups could easily take you over your current payment tier.

Backup plugins can be an invaluable tool for WordPress websites, ensuring that your data is safe from loss due to accidents, hacking, or server failures. They provide peace of mind by allowing site owners to quickly restore their websites to a save-state in the event of a disaster.

I suggest using a plugin that supports automated backups and external backups, saving every day to Dropbox, AWS, or Google Drive, for example.

I suggest you practice what you’re going to do when your website takes a _404-ever_ nap. There’s no point having countless iterations of your site locked away safely if you have no clue how to restore one of them or if you come to restore your site only to find you backed up the files but not the database. 🤦

Our favourite plugins in the Backup category

All-in-One WP Migration and Backup (what a mouthful) allows you to quickly and easily back up your site and offers external and automated backups. The only issue is that most of these features are behind a paywall.

UpdraftPlus is also a very popular option, but like All in One WP Backup & Migration, its best features are behind a paywall.

These are great plugins, but I suggest not using a backup plugin unless you really need to. Server backups managed by your host are a better option. Since most plugins come with an extra cost, you might as well just pay for server-level backups.

The only exception to this is if you manage multiple WordPress sites and are considering buying an unlimited licence to a backup plugin that you can install on multiple sites or if you don’t have access to your hosting package.

Security plugins

It wouldn’t be one of my posts without sparking a little existential dread about your website’s safety and data security.

Security plugins are essential for WordPress websites. This is a plugin category that I’d always recommend installing on ANY site. As we’ve already discussed, WordPress and its plugin repository are both HUGE, which means there’s plenty of opportunity for hackers to exploit it. That, and its open-source nature, means it’s very easy to find vulnerabilities that can be exploited, but thankfully, it’s just as easy for exploits to be spotted early, logged and patched.

You should take every precaution to protect your site, data, and users. Luckily, it’s pretty easy to secure your WordPress site. However, just like the SEO plugins, these security plugins are only as good as their setup. 

If you’re concerned about your site’s security, consider consulting a cybersecurity professional to ensure your site is locked down. You should also keep on top of your site’s maintenance to ensure you have the latest security updates. 

Our favourite plugins in the security category

Be warned: Installing a security plugin is only the first step. You should monitor your site’s security constantly, keeping on top of any concerns flagged by your plugin of choice.

Defender Pro (our top choice) has a one-click setup and a great vulnerability scanner. It’s user-friendly and provides automated security checks, allowing you to enhance your website’s security without needing extensive technical knowledge.

Wordfence Security provides comprehensive firewall and malware scanning. It includes real-time threat intelligence and login security measures, making it one of WordPress’s most trusted security plugins.

Cache plugins

If your site doesn’t have caching correctly set up, I recommend starting here. Caching is one of the most crucial steps in optimising your site.

The purpose of caching is to improve site speed and performance. Slow loading speeds are one of the main reasons for high bounce rates. Fast websites keep your visitors happy and play a vital role in SEO!

Search engines like Google and Bing will favour sites that load quickly, making caching a go-to ‘quick win’ for anyone looking to improve their site’s performance.

Be careful, though. A misconfiguration or a conflict could cause your site to go haywire. Good caching relies on proper configuration, so if you’re unsure how to set things up, consider consulting a WordPress website developer, or at the very least, make sure you have a recent backup.

Our favourite plugin in the caching category

Caching plugins aren’t a one-size-fits-all solution. Depending on your hosting environment and other variables, different plugins might work better for you. You may also find your host already provides you with a caching solution. I would advise testing your caching setup thoroughly, and if possible, test without your host’s cache since this could cause conflicts.

WP Rocket (our choice) may be a premium plugin, but it’s the top choice for both beginners and experienced users. I really can’t recommend this plugin enough. Buy a licence right now and thank me later.

Other caching plugins

W3 Total Cache
Hummingbird Pro

Image optimisation plugins

Image optimisation plugins are essential for WordPress websites. Let’s perform a quick test to see whether you need one:

How big was the last image you uploaded to your site?

If your answer was anything along the lines of “normal size”, you need an image optimisation plugin.

If you said, “I made sure the image wasn’t too big! It’s 1920 x 1080,” congratulations. You also need an image optimisation plugin.

The correct answer is 🥁

“I made sure my image was a reasonable resolution (1920 x 1080), and I checked its size was below 700 Kb.”

Well done if you got it right! But you also need an image optimisation plugin. If nothing else, it will make your life easier.

Large images (I’m talking about file size) can significantly slow down your site, leading to poor user experience and, as we’ve already discussed, a negative impact on your SEO. 

Compressing and optimising your images helps ensure that your website loads quickly without sacrificing quality. They can also help provide alternate-sized images that can be used in different scenarios.

For example, you may have a product on your site that you want to show off with a high-resolution, crisp image. That’s fair enough; you want the customer to see the quality, but does the customer need to be able to see a speck of dust in the image when browsing through 20+ other products on the category page? No, no, they do not. Setting up one of these plugins properly can allow you to show off your high-resolution photos on the product page (ideally in a lightbox) while delivering low-resolution photos to the category page. This can be a ridiculous performance boost for your category pages, and anywhere else you display a product loop.

Our favourite plugin in the image optimisation category

Smush Pro offers lossless compression, meaning your images are reduced in size without any visible quality loss. It also includes lazy loading, which only loads images when they enter the viewport. It’s user-friendly and offers a ‘bulk smush’ feature, making it easy for users to optimise all their existing images in just a few clicks. 

That said, I recommend backing up your site before performing these optimisations, in case you don’t like the results. If configured to do so, Smush can also provide lossy compression and delete the original files to save space.

Other image optimisation options

EWWW Image Optimizer
TinyPNG (webapp)
ImageOptim (webapp/mac app)

Contact form plugins

Contact form plugins provide a simple way to gather inquiries, feedback, and data without you having to give out your email address, and they make life easier for your users. 

Contact form plugins make it easier to manage enquiries and update forms when required. Many plugins offer drag-and-drop builders, enabling you to create customised forms without any coding knowledge. That said, I’d always opt for a lighter-weight plugin to help with site performance.

These plugins often integrate with various tools, such as CRM systems, email marketing services, Google ReCaptcha, and analytics platforms, allowing for seamless data management and communication.

My personal favourite reason for using a contact form plugin is that it allows for much easier future development and maintenance of your forms. Your theme likely has a built-in contact form by default, but using a dedicated plugin to manage this means you’re not tied to your theme in the future. You’ll also likely benefit from a contact form with a much larger feature set than the one provided by your theme.

Our favourite plugins in the contact form category

Contact Form 7 (our pick) offers flexible form fabrication with custom code capabilities. That means you can use custom HTML in your forms, and due to Contact Form 7’s extensive list of add-ons, you can further expand the plugin’s functionality with features like redirecting on form submission and ReCaptcha support.

It’s a free and highly customisable option, widely used due to its simplicity and extensive add-on library.

WPForms is a drag-and-drop form builder with a bunch of pre-built templates. This makes it a user-friendly option and ideal for beginners. However, it also offers advanced features like conditional logic and payment integrations for more complex needs. My preference will always be to keep features as simple as possible, and a lightweight solution always wins in my eyes.

Honourable mentions

While these plugins aren’t essential for every site, I’ve included them. Most of them are incredibly useful, but they may not be required depending on your website’s purpose. 

  1. SafeSVG

Safe SVG allows you to upload SVG files to your website safely. It does this by sanitising the SVG files you upload to prevent security risks. SVG stands for scalable vector graphics, which means they can be scaled infinitely without losing quality. 

Using SVGs on your site wherever possible can help improve load times since they have a smaller file size than regular image formats.

So why isn’t Safe SVG our top choice? Well, not all users need SVG support, and it can be a bit of a pain to install this after having already uploaded most of your images as PNGs or JPGs.

  1. Easy Table of Contents

Easy Table of Contents can be configured to generate a table of contents on your posts automatically. It does this by scanning your posts for headings, which it uses to populate the table. 

A table of contents can help improve navigation and user experience. While this seems like it might be useful, it’s not necessary if you aren’t producing loads of long-form content.

  1. Advanced Custom Fields 

Advanced Custom Fields (ACF) is an absolute powerhouse! It allows you to add custom post types to your site and custom fields to your post types. This means you can create complex sites using multiple content types, such as blog posts, case studies, podcasts, services, etc. This functionality can be incredibly useful for developers since it makes the management of different data sets incredibly simple.

While powerful, ACF requires some coding knowledge, which may be overwhelming for beginners or those looking for simple solutions. It could also be damaging to your existing site structure if set up incorrectly or mismanaged.

  1. Post SMTP

Post SMTP can help you improve your site’s email delivery by sending emails via SMTP (through your own mail server) instead of the default PHP mail function. This can mean higher deliverability rates and better tracking thanks to their log.

That said, this could be pointless if your site doesn’t send emails or if you’re happy with the default PHP mail, but personally, I’d consider it just for the email log.

  1. Akismet Anti-Spam

Akismet Anti-Spam automatically filters out spam comments left on your posts. The web is full of bots, and they love leaving spammy links in comment sections. Akismet can help you stay on top of those pesky spam comments and maintain a professional appearance by stopping spammers in their tracks.

Why shouldn’t everyone install it? Sometimes, it’s just simpler to prevent comments entirely.

  1. WP Activity Log 

WP Activity Log keeps track of everything your users do. It can provide a detailed log of changes made in the backend and tell you exactly who made them. This can be a game-changer if you believe one of your staff members is unknowingly making damaging changes and denying all knowledge.

This one almost made it to the main list, but some sites may not need it if they only have one admin user. However, I would still consider it just to keep track of your own changes.

How to choose the right plugins

When selecting plugins for your WordPress site, you have a lot to consider to ensure your site keeps performing optimally and remains safe. Here are a few key factors you should consider every time you consider hitting the install button.

Compatibility

Always check if the plugin is compatible with your current version of WordPress, your theme and your PHP version. Some plugins may conflict with others, leading to functionality issues or even crashes.

Update frequency

Regular updates are crucial for security and performance. A plugin that hasn’t been updated in a while may pose a risk and could quickly become incompatible with future WordPress updates. I recommend checking how regularly the plugin updates and how established it is.

Support

If you’re a novice, this could be your lifeline. Responsive support teams can be invaluable when you encounter issues or need urgent assistance. They can also often provide help with setting up your plugin. It should be noted, however, that good support often comes with a price tag.

Ratings and reviews

User ratings are often all you need to consider when deciding between two plugins. High ratings and positive feedback typically indicate a reliable and well-functioning plugin. I would also suggest taking into account the number of ratings when you make your decision.

Lightweight vs. feature-rich

Large, complex plugins WILL slow down your site. This is often the case with plugins that perform multiple jobs. You’ll also find that they tend to do most of them poorly. Remember that old saying, “A Jack of all trades is a master of none”? That also applies to plugins. I’ll always opt for a plugin that does one job very well over a plugin that does ten jobs poorly. Besides, you didn’t need to do nine of those jobs before discovering that the plugin could do them.

Uninstall considerations

I can’t stress this enough: If you install something that will become part of your site’s backbone, you better be sure it will be around next year. Consider how easily you can remove the plugin if it becomes outdated or if you decide another plugin will be better.

Some plugins can leave residual data or settings, complicating the removal process. A good plugin should allow for a clean uninstall.

Most importantly, you should be sure that any data you add to the plugin can be easily migrated to a replacement if needed.

A great example of this is product option plugins for WooCommerce. While these plugins offer unparalleled functionality, they quickly become essential to your site. Migrating away from one of these plugins can be a nightmare, so I always stress future-proofing.

Best practices for plugin management

Let’s look at some of the best practices for plugin management. 

Updates

As with most things on the web, regular updates keep you safe. Updates often include security patches, bug fixes, and new features. Do yourself a favour and set a reminder right now to update your site every month. This will help ensure your site remains secure and runs smoothly. You might as well try out one of our suggested backup options while you’re at it.

Don’t horde plugins

Unused plugins pose a security risk and will likely slow your site down. I recommend auditing your site regularly to see if any plugins can be removed. For example, a better, lighter-weight option is now available. 

Reducing the number of plugins on your site not only helps reduce potential vulnerabilities and your attack surface but also, more often than not, improves your site’s performance.

Testing plugins

Some plugins can significantly impact your site’s loading speed, and some can even have negative effects on a site once they’ve been uninstalled.

Please listen carefully when I say, “Backup your site before making changes”.

I would also suggest using monitoring tools to determine how new plugins affect your site’s speed. If you notice that a particular plugin is causing slowdowns, consider alternatives or consult with a developer to find a more efficient solution. Regular performance checks will help ensure that your site remains fast and responsive.

In closing

I’m sure by now you’re convinced that WordPress plugins are a game-changer. They can make web development a breeze, allowing users with varying skill levels to create powerful websites.

However, with great power comes great responsibility. Plugins can quite literally make or break a WordPress site, so it’s crucial to be careful and follow best practices when installing them. If you only take one lesson from this post, it should be:

Ensure you strike a balance between functionality and performance. Install only the plugins you truly need, sourcing them from reputable developers and keeping them updated. Consider the challenges you may face if you ever need to get rid of this plugin in the future.

In the end, WordPress plugins are tools, and like most tools, they can be used to create or destroy. So remember to plugin responsibly!

Post author

Josh is a talented web developer and designer who loves all things creative in life. He started out working in graphic design but quickly realised that his real passion was in web development.

More content like this

Get in touch with Marketing Labs®

Recent blog posts

Psst! Did you know we’ve got our very own podcast?