Disclosure: This page may contain affiliate links. If you purchase something using those links, we may receive a commission, but it will not cost you anything extra.
The core WordPress software is quite minimal. It does not contain many of the essential features that every site requires.
The solution for that is to use plugins.
The plugins work by making use of hooks, which are specific points in the core to which you can attach custom code.
There are two types of hooks: actions and filters. Actions are used to add additional functionality while filters are used to modify the output. Plugins can also define custom hooks to which other plugins can attach their functionalities.
The WordPress plugins directory contains nearly 60k free plugins. But you only need a couple of them. By the way, too many plugins can bloat your site’s codebase and can make it slow. Also, using unnecessary plugins can make the site difficult to maintain.
It is not possible to recommend an exact combination of plugins that works for all websites. Because you should choose your plugins based on the site’s requirements.
But there are certain functionalities that are essential for all websites. And that’s what we are discussing in this post. Also, the WordPress plugin collection is so vast that you often find more than one plugin doing the same job. So I will mention the alternative as well.
Unlike many website builders, WordPress is not well-optimized for SEO out of the box. So it is essential to install an SEO plugin to make it perform well on search engines.
These plugins do a lot of things. For instance, SEO plugins automatically generate XML sitemaps which you can add to the Google Search Console. Sitemaps make it easier for search engines to find the pages on a website.
SEO plugins also help you to polish the pages for better on-page SEO. This includes adding custom titles, meta descriptions, open graph tags, and schema markups.
Apart from that, these plugins can also help in writing articles optimized for a focus keyword. They even give useful suggestions to improve readability, keyword density, and much more.
Currently, I am using the Yoast SEO plugin on this website. It has more than 5 million installations.
Other SEO plugins you can consider are:
- Rankmath – 1m+ installations
- All in One SEO – 3m+ installations
Even after taking all the security measures, something can still go wrong. No websites in the world are hack-proof. Even a slight human error can take your site down from the web.
In all such situations, keeping proper up-to-date backups can give you peace of mind that no other security measures can guarantee.
There are several WordPress plugins that allow you to take backups. Out of all those, the one I like the most is UpdraftPlus.
The free version of UpdraftPlus has lots of features. It allows you to take full-site backups, which includes database, uploads, and files. You have the option to store the backup files locally or on some remote cloud storage.
The available storage options include FTP, Amazon S3, Dropbox, OpenStack, DreamObjects, Google Drive, Rackspace, etc.
The premium version offers more features including incremental backups, which puts less load on the server.
Also, the premium plugin supports more storage options like Microsoft Azure, Google Cloud, and Backblaze B2.
Updraftplus is also one of the most popular plugins in the WordPress directory with over 3 million active installations.
You might also want to check my other post where I had described in detail how to use Updraftplus to take WordPress backup.
The core WordPress software is quite secure. But as you and more plugins and themes, new vulnerabilities creep in.
However, I must say that a security plugin is not a necessity, especially if you have a habit of regularly updating the core, themes, and plugins.
But still, it is highly recommended to use at least a basic security plugin. It helps you in doing many things such as hardening, checking file integrity, blocking unnecessary PHP execution, and so on.
Advanced security plugins can even help you to set up a firewall to block bad bots, implement rate-limiting, etc.
Sucuri Security is one of the plugins that I use on my sites it does three things:
- Check the file integrity: Compare the files on your server with the original ones in the repository.
- Implement basic hardening: Disable code editor from the admin area, block PHP execution, etc.
- Check the malware status: Checks against Google Blacklist and other databases.
The plugin has 800k+ installations.
If you are looking for an advanced security plugin then Wordfence is a great choice.
We know that WordPress is mainly used for blogging. It has a built-in comment system that allows users to post their opinions.
But unfortunately, people have learned the art of misusing anything, even the ones that began with a good intention. That’s the case with comments as well.
For many blogs, the number of spam comments they receive is often more than the number of genuine comments.
That’s why an anti-spam plugin is a must. However, if you are using WordPress as a static site without blogging & commenting, then you do not need it.
Some anti-spam plugins work remotely while some others work locally on the same server.
Local plugins can be beneficial if you are highly concerned about privacy. Antispam Bee is one such plugin. It uses a simple honeypot technique to block spambots.
However, in my experience, Antispam Bee is not so effective in blocking determined human spammers. But as a quick measure to fight spam bots, the plugin is quite helpful.
Akismet is another plugin that works remotely. The plugin sends the newly submitted comments to their server where it gets analyzed for potential spam.
Developed by Automattic, Akismet comes pre-installed with WordPress. It is highly effective in blocking most spam comments. However, the disadvantage is that it is not free for use on commercial websites.
I have also written another post listing some of the best alternatives to Akismet.
5. Contact Form
If your website is just a personal blog where you post your musings, a contact form may not be a necessity. Otherwise, it is a must for all professional websites. Because people need some way to contact you.
A contact form can be a simple one asking for name, email, and message, to more complex ones, asking for location, phone number, address, preferences, and other details, depending on the nature of your business.
Not only contact forms, but you may also need other types of forms such as newsletter subscriptions, lead generation forms, etc.
Several form plugins are available for WordPress, which allows you to create all sorts of forms we can think of. This includes free, freemium, and premium ones.
Check out the post on the best form plugins for WordPress.
One of the most popular among them is WPForms, which has over 5 million active installations as of now. It is a drag and drop form builder that offers both free and premium versions. The free version is enough for creating simple contact forms.
Another choice is Gravity Forms, which is a complete form builder plugin for WordPress. However, it does not offer a free version.
Have you ever encountered the “WordPress not sending emails” issue?
By default, WordPress uses the wp_mail() function to send or all emails such as contact form emails, admin emails, and notifications. The problem is that it depends on the PHP mail() function, which does not involve any authentication.
So when WordPress sends email from a generic address like [email protected], major email providers like Gmail and Yahoo consider it as spam. Because it has no way to find out whether the email originates from you or from a spammer spoofing your email address. You may end up missing important emails because of that.
The solution is to use an SMTP server instead of directly sending the emails from the webserver. The SMTP server allows WordPress to authenticate with it and send emails on your behalf.
To do that, you need at least a custom cPanel email address or a professional email address from an email hosting provider.
There are many options available such as Google Workspace, Godaddy Professional Email, Hover, etc. The only requirement is that it should support POP/IMAP protocols.
You can use a plugin called WP Mail SMTP to configure WordPress to use the SMTP server.
WordPress is a dynamic system, which runs multiple PHP scripts and database requests to generate a response. So serving pages just like that can make them load slowly.
- The solution is to use caching. But remember that there can be several layers of caching such as database caching, application-level caching, server-level caching, etc.
Implementing all of these at once may not be necessary for most sites. But it is highly recommended that you enable at least page caching.
Now, what is page caching?
With page caching enabled, WordPress saves an HTML copy of the response when someone visits a page. And for subsequent requests, the system sends this HTML copy instead of running all the scripts and database queries to generate a fresh response.
This can greatly reduce the time needed to generate the responses, thereby giving the users a better experience with faster loading pages.
WP Fastest Cache is one such plugin that is quite easy to use for beginners. It allows you to enable page caching, in addition to some nitty-gritty things like browser caching and file modification.
If you want to take it a step further then W3 total cache is another advanced WordPress caching plugin.
It allows you to set up multiple layers of caching including database caching, object caching, in addition to page caching. If your server supports varnish, you can integrate that too using W3 Total Cache.
However, the problem with the W3 Total Cache plugin is that it is not so user-friendly. Beginners may find it quite difficult to configure.
If you are looking for a feature-rich yet simple plugin, then you can consider WP Rocket Cache, which is a premium WordPress caching plugin.
8. Image Optimization
Images contribute significantly to the overall size of a page. That’s why it is necessary to compress them to the maximum.
By default, WordPress does perform a couple of things to optimize images. For instance, it generates multiple thumbnail sizes when you upload a new image to the Media Library or to a post.
But still, that may not be perfect. Resizing does not mean that the images are properly compressed.
But manually compressing the images is not practical either. That’s why there are image optimization plugins.
Apart from compression, these plugins also convert the images to WebP, which is a next-generation format.
EWWW is one such plugin. It allows you to compress the images in bulk or individually. As a free plugin, there are no limits to the number of images that you can compress. The compression and conversion happen on the server itself.
There are also other image compression plugins that work remotely using an API. The processing happens remotely, which puts less load on your server compared to a local compression plugin like EWWW. Shortpixel is an example. Smush is another.
However, it imposes a limit on the number of images that you can compress in a month using the free plan. If you want to optimize more images, then you need to purchase a premium plan.
As I have said in the introduction, using too many plugins can slow down your site. So it is always better to keep the number of plugins to a minimum.
I hope this post helped you to get familiarised with some of the essential plugins that can be beneficial for everyone.