7 Plugins for Every WordPress Site

Today I’m going to share with you a few of the plugins I use most. Some of them are essential to a healthy site, while others add functionality that seems minor, but greatly enhances the security or convenience of your site in common situations.

I am not acquainted with the developers of any of these plugins, nor do I receive affiliate pay or any other form of kickback for recommending them. While some of the plugins have a premium version, this post discusses the free version. All of these plugins are available in the WordPress plugin repository.

1). Wordfence

Wordfence logo, a blue shield with a white fence across itWordfence is the first plugin I install on a new site. I also install it on existing sites, especially those that may have been compromised by outdated plugins, themes or WordPress.

Wordfence is an awesome security plugin that does all kinds of different things to protect your site from hackers, from scanning files daily, to monitoring login attempts, to locking out hackers who are trying to break in to your site. Wordfence emails you when there are issues to address, or updates available for your site.

The free version of Wordfence is generously featured, but you can get even more features in the premium version. The Wordfence folks are highly worthy of your support. They are constantly on the watch for new WordPress vulnerabilities, and very proactive about getting the word out to the WordPress community when they find one. If you can’t afford or don’t need premium Wordfence, at least write them a nice review. They also offer a flat rate hack cleanup service for site owners who didn’t install Wordfence in time. 🙁

2). BackUpWordPress

Every WordPress site should be backed up regularly. It may be possible to do this through your hosting interface, but I prefer to use a WordPress plugin for finer control over what is backed up and easier access to extraction of a single file.

"BackUpWordPress icon - a white B in a black square with red and blue borders.There are many popular backup plugins. Features constantly change as they compete. BackUpWordPress is probably the best choice for newer users. It is simpler to configure than most, you can choose how frequently and at what time you want automated backups to occur, and you can back up all of your files plus your database to a single zip file for easy downloading. There is also a “run now” option to create a manual backup before performing major site updates.

3). WP Rollback

screenshot of the plugin interfaces for Wordfence and WP Rollback, showing the rollback link to the right of the edit linkThis plugin adds a link to the theme and plugin management panels that allows you to roll the theme or plugin back to a previous version. Very handy when an update creates problems.

4). Email Address Encoder

Did you know that spammers have automated programs crawling the internet searching for email addresses all the time? Posting an email address to a website is a lot like broadcasting a giant CALLING ALL SPAMMERS message. Email Address Encoder recognizes email addresses on your site automatically, and obscures them with code behind the scenes, so that they are visible to humans, but not to spammer bots. There is nothing to configure – just install it, and it works in the background.

Image of page source code for email address before installing Email Address Encoder

Email address in web page source code (Ctrl-U in most browsers).

Image of much more complicated source code that doesn't look anything like an email address after Email Address Encoder is installed

Email address after installation of Email Address Encoder.


5). Automatic Copyright Year

This nifty little plugin adds a shortcode that you can insert into your footer where you want your copyright year to be, which automatically updates the year when it changes. Keeping your copyright date current may not seem very important, but search engines look at “freshness,” so an outdated copyright year can impact your page rank.

Speaking of freshness, Automatic Copyright Year hasn’t yet been updated for compatibility with the latest version of WordPress. It still works, but I hope the plugin author will check it soon, just to be sure it doesn’t harbor any vulnerabilities.

Screenshot of the code for the copyright message showing the shortcode [wpsos_year]

Copyright shortcode entered in footer widget.

Screenshot of the copyright message as it appears on the website

Copyright as it appears in the footer of this website.


6). Modular Custom CSS

Screenshot of the two custom css fields the Modular Custom CSS plugin adds to WordPress CustomizeThere are many custom CSS plugins, but Modular Custom CSS is the only one I’ve found that adds TWO custom CSS panels to Customize. Your CSS for each theme is saved and loaded whenever that theme is activated, but you can also separately save CSS that applies across all themes. Other plugins apply the same code to all themes, or even “reset” (delete!) your CSS if you change themes.

This is handy if you like to explore different themes. Switching themes is also an important troubleshooting step for many WordPress issues. With Modular Custom CSS, you don’t have to remember to manually back up your customizations every time you want to change your theme.

7). Yoast SEO

There are several popular SEO plugins. I like the Yoast plugin the best because it teaches you how to write more SEO-friendly posts with a user-friendly color code system (a little dot turns from red to green as you improve the SEO of a post).

Screenshot of Yoast SEO widget on home page, showing how many posts have good and bad SEO using colored dots

Not on the List

Akismet. You may notice certain widely-used and much-recommended plugins that are not on my list. For example, Akismet, which is included by default in every WordPress installation. Akismet filters comment spam, and does it very well. However, since there are now so many WordPress sites that don’t include a blog (therefore, no comments), it may be time to rethink the automatic inclusion of Akismet. Also, there are other comment spam filters that are a little easier to set up (you must have a WordPress.com account to use Akismet). I use Akismet myself, but for WordPress beginners, I usually recommend another install-and-forget-it comment spam plugin, and/or a captcha-type plugin.

Jetpack. Jetpack was originally intended to provide self-hosted WordPress users some of the nice widgets that are built in to WordPress.com sites. However, it has mushroomed into a gigantic plugin with 3 dozen (yes, you read that right) different modules. Some of these modules are great for most people, and many of them improve on things native WordPress could do better (the Comments box, for instance).

However, the extensive list can be pretty daunting to beginners, and as with Akismet, a WordPress.com account is required to activate Jetpack. Also, the popularity of Jetpack has drastically reduced the demand for other plugins that provide a single one of Jetpack’s many functionalities. This in turn has caused plugin authors to abandon many plugins, which reduces the options available for people who prefer not to use Jetpack, or need features not found in the Jetpack version (which is usually pretty basic).

I don’t quite understand why some of these features (such as above-mentioned improved comments box) aren’t simply being incorporated directly into WordPress. At least, I didn’t until Jetpack’s recent release of a Pro (paid) version. The additional services offered in Pro can be had for free using other plugins, but Jetpack is clearly being positioned as an all-in-one plugin.

I am concerned that the move towards the monetization of Jetpack has therefore become a disincentive to improve the WordPress core. If taken to its logical conclusion, this commercialization may one day leave a lot of people scrambling to replace functionality on their website that is no longer available outside of Jetpack because free Jetpack put the competition out of business. Not a pretty business model.

It’s a shame to see a project that began with a service-oriented vision become a profit vehicle. Because of this, and the uncertainty about just how far they will take that, I am moving away from the use of Jetpack and back to individual plugins on my sites. I am advising my clients to do the same, unless they plan to use at least 5 of Jetpack’s modules. I have also become more diligent about posting reviews for alternate plugins to encourage the authors to maintain them.

Paying for Plugins

It’s easy to expect a lot from plugins, without giving much thought to where they come from. In the high-profile, constantly changing world of WordPress, it can be a lot of work to create, support and update a plugin. Some plugin authors do the work for free, which is great for users – until something changes and they no longer have the time to maintain the plugin.

Other plugin builders choose from a variety of models to earn some recompense for their labor, such as offering paid support or premium versions of the plugins, or advertising other non-free products through their plugin’s Dashboard interface.

When you install a plugin, think about how it has helped you. If it’s useful enough to keep, take the time to go to the plugin’s page in the WordPress plugin repository, and post a favorable review. You can also support plugin developers by purchasing the premium version, or if you don’t want the premium version, it’s OK to send them a donation, too!

If you request and receive support from the plugin author, be nice, and say thank you. WordPress wouldn’t be the amazingly flexible tool it is without plugins, so let plugin writers know that we appreciate how much they help us create the websites of our dreams.

Talk to me!