7 Plugins for Every WordPress Site
Today I’m going to share with you a few of the plugins I use most. Some of them are essential to a healthy site, while others add functionality that seems minor, but greatly enhances the security or convenience of your site in common situations (updated November 1, 2020).
I am not acquainted with the developers of any of these plugins, nor do I receive affiliate pay or any other form of kickback for recommending them. While some of the plugins have a premium version, this post discusses the free version. All of these plugins are available in the WordPress plugin repository, or from Plugins/Add New in your WordPress Dashboard.
Wordfence is the first plugin I install on a new site. I also install it on existing sites, especially those that may have been compromised by outdated plugins, themes or WordPress.
Wordfence is an awesome security plugin that does all kinds of different things to protect your site from hackers, from scanning for hostile code, to monitoring login attempts, to blocking hackers who try to upload malicious files to your site. Wordfence emails you when there are issues to address, or updates available for your site.
The free version of Wordfence is generously featured, but you can get even more features in the premium version. The Wordfence folks are highly worthy of your support. They are constantly on the watch for new WordPress vulnerabilities, and very proactive about getting the word out to the WordPress community when they find one. If you can’t afford or don’t need premium Wordfence, at least write them a nice review. They also offer a flat rate hack cleanup service for site owners who didn’t install Wordfence in time. 🙁
Every WordPress site should be backed up regularly. Backups created through a hosting interface such as cPanel may only be useful if you are restoring your entire site – which is not to say you can’t make and download those backups, too, but I prefer to use a WordPress plugin for finer control over what is backed up, and easier access to extraction of a single file.
BackWPup may not work on a webhost with miserly account resources or outdated server software – but you don’t want your site on a host like that anyway. Its authors are also not as quick to keep the plugin updated to the current version of WordPress and resolve bugs as I would like to see. That said, when I compare its features to its competitors, BackWPup consistently comes out ahead.
You can schedule the time and frequency of backups, create separate backup jobs for different parts of your site (such as those large image galleries that rarely change), activate a handy topbar icon in your Dashboard from which you can initiate or download backups, and back up site files plus database to a single zip file for easy downloading. You can also receive email notifications after a backup job completes to remind you to download a copy, or upload your backups to various cloud drives, and there is a handy one-click link to back up your database before you run major WordPress updates, or anything else that will alter your database.
UPDATE: With the release of WordPress version 5.5, automatic updating of themes and plugins is built in to WordPress, so this plugin is no longer needed. Many thanks to Papin Schipper for the last two years of his excellent plugin. The risks and benefits of automatic updating discussed below still apply, so I’m leaving them in this post. How to enable auto-updates
Self-hosted WordPress sites require continuous monitoring to keep them secure and functional. For this reason, I discourage automatic updating of themes and plugins. It is crucial to stay in touch with your site, and manually applying updates forces you to view your site and log in to your Dashboard on a regular basis. Updates can also cause issues, which are much easier to deal with if you catch them immediately, and know what you were updating when they occurred.
However, my position on automatic updates is evolving. Because out-of-date themes and plugins are such a popular pathway for hackers, the highest priority is to get them done ASAP. If you know you will not do this, even though you understand how important it is, automating updates is better than not doing them at all. Just understand that automatic updating should be used in conjunction with eyes-on site monitoring, not to replace it. And if you discover that your email signup or contact form or PayPal button has not been working for 6 months because you never tested it after the last 3 automatic updates, remember, I warned you.
You can turn off automatic updating for specific plugins, if, for example, they are more likely to cause issues, and you want to do them manually. Note that automatic updating may not be able to update all 3rd party themes or plugins, i.e., those you purchased or downloaded from someplace other than WordPress.org.
4). Email Encoder
Posting an email address to a website is a lot like broadcasting a giant CALLING ALL SPAMMERS message. Spammers have automated programs constantly scouring the internet, searching the underlying code of websites for anything formatted like an email address.
Email Encoder recognizes email addresses on your site automatically, and converts them to unrecognizable code behind the scenes, so that they still look like email addresses to humans, but not to automated email address harvesters. There is nothing to configure – just install it, and it works in the background.
Email address – in red – as it appears in the underlying code of a website. Clearly an email address.
Same email address after installation of Email Address Encoder.
Alas, my favorite columns plugin, Column Shortcodes, has not been updated since 2018, so I can’t currently recommend it. Hopefully, the authors will soon find time to bring it up to date. Until then, Shortcodes Ultimate (aka Ultimate Shortcodes) also offers a columns feature, along with a ton of other layout and styling options (for example, spacers, tabs and accordions). You can see it on my home page, in the middle of the “Getting Started With WordPress” section. I try not to use a lot of shortcodes in my sites, but if you just need them for one or two things, chances are, you can find that in Shortcodes Ultimate.
Creating a mailing list on your website can be ridiculously complex, requiring multiple plugins and a steep learning curve, only to produce really ugly emails after all that trouble. Or you can use Email Subscribers & Newsletters by Icegram, which offers a great balance between features and simplicity.
The feature set is just what you’d want: relatively simple setup, a subscribe widget, shortcode for a sign-up page (to link to when you promote your list), double opt-in option, editable sign-up confirmations, editable automatic post notifications, manual emailing to your list (“newsletters” in WordPress lingo), importable/exportable subscriber lists, and reports on who got the email and who opened it. The plugin authors also monitor the WordPress.org support forums (which they are not obliged to do).
7). Yoast SEO
There are several popular SEO plugins. I like the Yoast plugin the best because it teaches you how to write more SEO-friendly posts with a user-friendly color code system (a little dot turns from red to green as you improve the SEO of a post).
Not on the List
Akismet. You may notice certain widely-used and much-recommended plugins that are not on my list. For example, Akismet, which is included by default in every WordPress installation. Akismet filters comment spam, and does it very well. However, since there are now so many WordPress sites that don’t include a blog (therefore, no comments), it may be time to rethink the automatic inclusion of Akismet.
Jetpack. Jetpack was originally intended to provide self-hosted WordPress users some of the nice widgets that are built in to WordPress.com sites. However, it has mushroomed into a gigantic megaplugin with 3 dozen (yes, you read that right) different modules. Some of these modules are great for most people, and many of them improve on things native WordPress could do better (the Comments box, for instance).
However, the extensive list can be pretty daunting to beginners, and a WordPress.com account is required to activate Jetpack. Also, the popularity of Jetpack has drastically reduced the demand for other plugins that provide a single one of Jetpack’s many functionalities. This in turn has caused plugin authors to abandon many plugins, which reduces the options available for people who prefer not to use Jetpack, or need features not found in the Jetpack version (which is usually pretty basic).
I don’t quite understand why some of these features (such as above-mentioned improved comments box) aren’t simply being incorporated directly into WordPress. At least, I didn’t until Jetpack’s recent release of a Pro (paid) version. The additional services offered in Pro can be had for free using other plugins, but Jetpack is clearly being positioned as an all-in-one plugin.
I am concerned that the move towards the monetization of Jetpack has therefore become a disincentive to improve the WordPress core. If taken to its logical conclusion, this commercialization may one day leave a lot of people scrambling to replace functionality on their website that is no longer available outside of Jetpack because free Jetpack put the competition out of business. Not a pretty business model.
It’s a shame to see a project that began with a service-oriented vision become a profit vehicle. Because of this, and the uncertainty about just how far they will take that, I am moving away from the use of Jetpack and back to individual plugins on my sites. I am advising my clients to do the same, unless they plan to use at least 5 of Jetpack’s modules. I have also become more diligent about posting positive reviews for alternate plugins to encourage the authors to maintain them.
Paying for Plugins
It’s easy to expect a lot from plugins, without giving much thought to where they come from. In the high-profile, constantly changing world of WordPress, it can be a lot of work to create, support and update a plugin. Some plugin authors do the work for free, which is great for users – until something changes and they no longer have the time to maintain the plugin.
Other plugin builders choose from a variety of models to earn some recompense for their labor, such as offering paid support or premium versions of the plugins, or advertising other non-free products through their plugin’s Dashboard interface.
When you install a plugin, think about how it has helped you. If it’s useful enough to keep, take the time to go to the plugin’s page in the WordPress plugin repository, and post a favorable review. You can also support plugin developers by purchasing the premium version, or if you don’t want the premium version, it’s OK to send them a donation, too!
If you request and receive support from the plugin author, be nice, and say thank you. WordPress wouldn’t be the amazingly flexible tool it is without plugins, so let plugin writers know that we appreciate how much they help us create the websites of our dreams.
- technical skills
- screen options
- web host
- source code
- can't log in
- color scheme
- post formats