Updated By 
In many ways, plugins are a killer feature for using WordPress. They can add nearly any imaginable functionality to WordPress – from eCommerce to social networking to dancing unicorns. But what are the truly must-have WordPress plugins?
There’s a balance. Since the most popular and needed features get added to core WordPress, WordPress already comes with tons of functionality out of the box.
And as a general rule of thumb, the fewer plugins you have, the better. Plugins add a lot of overhead to your installation and can be a drag on performance. Always try to use WordPress’ core features or manually add snippets to the functions.php file instead of adding yet another plugin. This is why any post that has more than 6 “essential” plugins isn’t really helping things.
That said, there are 6 must-have plugins for WordPress that provide functionality that nearly every website that wants to grow traffic will need in some form or fashion.
Disclosure – this website receives customer referral fees from companies and products mentioned on this website. All data & opinions are based on ShivarWeb staff’s independent research and professional judgment.
Essential WordPress Plugins
All these are classified by type of plugin, and then the specific plugin I use for that role.
Security Plugin
WordPress is one of the (if not the) most widely used content management systems on the Internet. That makes it quite a target for hackers. If you keep WordPress updated and follow basic security measures, it’s a secure content management system. But you can make it even more secure with a security plugin.
It’s sort of like going from locking your house door to installing a security system. It makes your website less likely (though still not impossible) to get hacked.
There are a few good options that take care of all the recommended measures to “harden WordPress”. For a hosted security plugin, I use the security features built into the JetPack plugin for WordPress.
I used to use iThemes Security – one of the oldest and most used self-hosted solutions. But my site speed suffered as attacks on my site rose with my site traffic. Eventually, I needed a hosted solution off my site – and that’s what made me go with the security features built into JetPack. It’s already synced w/ my spam & safety solution (see next point), so it’s easy to use and worth the money.
If your site is small, iThemes Security is fine. You should also look at WordFence which is a bit more efficient.
NB: Remember that security (just like for your house) goes beyond installing a plugin and thinking it’s “secure.” It also means using good passwords, only installing reputable plugins and other security protocols.
Spam Plugin
Akismet is an anti-spam plugin for WordPress (it’s built into JetPack). If you’ve been on the Internet for even a short time, you know that spam is a ridiculous problem. Akismet is essential, especially if you accept comments, forms or any sort of user-generated content on your website. It comes bundled with every install of WordPress. All you need to activate it is an API key from the Akismet website.
The API key allows the plugin to do 2 things. First, it helps Akismet filter all the incoming spam based on its database of spam signals. It also allows your site to share new information with Akismet to help it identify more signals and filter spam more efficiently. It’s free for a personal blog. If you are using it commercially, it’s just $5/mo.
Safety Plugin
At some point, whether through user error, hack, data center disaster or a bad developer – you will probably lose your website. It’s not a certainty, but it is likely enough that it’s essential you prepare.
And nothing helps you prepare and keep a peace of mind like a backup plugin. To backup and restore your website, you need your site’s database and your site’s files. You can do this manually. But let’s face it, anything you do manually on a regular interval will be procrastinated.
There is a halfway point where you can manually download your files by FTP and rely on iThemes Security to automatically backup your database.
For this plugin, I use VaultPress which is built into my JetPack subscription. It’s seamless, simple, and automatic. They include storage and one-click restore. For larger sites, it’s worth every penny.
For my smaller sites, I use either BackWPUp or WordPress Backup to Dropbox.
Both are simple to use with options to backup files and database. WordPress Backup to Dropbox also solves the storage issue if you don’t want your backups in your email (and certainly don’t just put backups on your hosting server).
SEO Plugin
WordPress is one of the most SEO-friendly content management systems out of the box. It does, however, have plenty of room for improvement and customization.
That’s what makes the RankMath SEO plugin so essential. The plugin goes beyond just easy title tag and meta descriptions to fixing a lot of technical SEO issues and integrating really cutting edge SEO features directly into WordPress.
In 2019, I switched to RankMath due to its lean code, bundled features, incredible onboarding and Yoast’s continued update issues.
The most popular WordPress SEO plugin is still Yoast SEO though. If you go with that, be sure to use my WordPress SEO by Yoast beginner’s setup guide here…
Speed Plugin
WordPress is fairly lean and fast out of the box. However, once you start adding posts, images, plugins, themes and everything else – website speed can quickly become an issue, regardless of hosting. And every website owner will tell you that speed is critical online.
WP Super Cache is one of the original and most popular “caching” plugins for WordPress. It creates a static HTML version of web pages requested by users so that your server doesn’t have to do work “creating” each page from the database every single time it’s requested. The concept gets complicated, but the short story is that you need WP Super Cache…especially for that day your website gets featured on CNN or something.
It’s simple to use. It’s owned and maintained by WordPress.com/Automattic (aka it has a business model to keep it updated). It does what it says it will do. It’s also used by some of the largest blogs on the Internet.
Some (actually, a lot) of people argue for Total Cache. It is solid, and offers a lot of functionality…but too much in my opinion. Functionality is only good as far as it can be used, and WP Super Cache wins on that count.
Read more about WP Super Cache here…
If you want a few extra features and better performance – I’d still recommend against Total Cache. Instead, I’ve started using WP Fastest Cache. It’s fast, amazing and has many more advanced features than Super Cache without the overwhelming clutter and instability of Total Cache.
Spying Plugin (aka Analytics)
Google Analytics is a free enterprise level analytics package offered by Google for any website. You can easily implement the Google Analytics code without a plugin. However, the Google Analytics for WordPress plugin is essential for a few reasons.
- It makes setting up Google Analytics straightforward
- It unlocks all sort of features for Google Analytics that are difficult to put in place consistently without a plugin (ie, event tracking on links)
- It makes implementing the newest version of Analytics seamless
Go read more about Google Analytics for WordPress here.
That is all the essential WordPress plugins there are. The type of site you have will dictate all the other plugins you need. And remember, for the sake of security, speed, and simplicity, keep plugins to the minimum.
Now, as a publisher, there are a few other plugins that I use in a few cases. They are safe, free and do things that I love to profile.
Non-Essential Plugins I Love
I get a ton of emails about different plugins I use. Here’s a list of my favorite non-essential plugins that I use on this site.
JetPack
Even though WordPress is free open-source software, there are a lot of advantages of being part of an “ecosystem.” That is, apps and services that all work seamlessly together. WordPress.com and Automattic created JetPack, which is like an umbrella plugin that allows a self-hosted WordPress website to access many of the services and apps that run on the WordPress.com ecosystem.
There are plenty of detractors of JetPack. It’s also definitely not required. However, it does have a lot of easy to use functionality that you can roll out as you like. It’s not essential, but I love it.
Beyond the default, I have Stats, Related Posts, Subscriptions, Security and VaultPress enabled.
NB: JetPack does have an annoying habit of automatically activating modules. Keep an eye on it.
Learn more about JetPack here…
Redirection
Redirection is a simple, but powerful plugin that permanently redirects a URL to another URL. It’s essential because, over time, your links within your site and to your site will change. When they change, users and search engines get a 404 Not Found page, which is no fun for anyone.
With Redirection, you can take the old URL and permanently 301 redirect it to another URL. It helps preserve user experience and search engine signals.
Read more about Redirection here.
If you use RankMath as your SEO plugin, though Redirection is unnecessary since it includes a redirection manager.
Social Plugin
Although the creator of WordPress used to call share buttons the “mullets of the Internet”, the now ubiquitous share buttons are essential for getting traffic and visibility. WordPress does not come bundled with the functionality. While it’s possible to install share buttons manually without a plugin, it’s tedious, easy to break when networks change their code and don’t allow you to focus on things that matter.
The problem is that 98% of share button plugins (especially the ones in the WordPress repository) are awful – really awful.
I’ve used every hundreds and used to love Social Warfare…but now I’m back to using Simple Share for Genesis (my theme). It’s basic and does the job.
The other alternative is JetPack’s Share that you can install on any WordPress site via JetPack.
OptinMonster
I’m not a fan of pop-ups or interrupted user experience…but I am a fan of email and segmentation. OptinMonster is lead collection & call to action software made by the same folks behind Google Analytics for WordPress.
It’s not strictly a WordPress plugin, but their WordPress plugin makes the software even more powerful. I use it on this site – and many of my client’s sites. It’s as classy as you want it to be and worth the cost compared to other competitors due to versatility, scalability, and ease of use.
Read more about OptinMonster here…
Compress JPEG & PNG images
Images are awesome – but they can also slow down your site. Every time someone navigates to a webpage, they have to request and download the images on the page. The smaller file size that you can make your images, the better.
There’s a ton of options out there to “losslessly compress” (in the jargon) your images. This plugin is by far and away the best in terms of quality, quantity of reduction and usability.
Get Compress JPEG & PNG Images here…
Fast Secure Contact Form
Contact forms. For the user, they seem so simple. But if you’ve ever tried to implement one, they can be deceptively tricky. I’m a fan of Fast Secure Contact Form because of its feature set depth and versatility. It’s not the prettiest plugin in the world, but it consistently gets the job done.
If you want something super simple, the contact form within Jetpack is solid.
Learn more about Fast Secure Contact Form here…
Display Widgets
Display Widgets allows you to define where and when to show certain widgets. Simple, but super handy.
JetPack recently added a module called “Visibility” that does something very similar. I still like the super-specific control that Display Widgets provides.
Learn more about Display Widgets here…
Really Simple CSV
Sometimes I need to bulk upload a lot of information to WordPress. This plugin is how I get it done.
Whether I’m rewriting hundreds of titles or adding thousands of new pages, Really Simple CSV is how I work smart, not hard within WordPress.
Learn more about Really Simple CSV here…
Syntax Highlighter Evolved for WordPress
Syntax Highlighter allows me to add code to a post…without having it execute. It’s great for showing examples of HTML, CSS, PHP or JavaScript without messing up the page.
Read more about Syntax Highlighter Evolved for WordPress here…
Next Steps
If you don’t have the must-have WordPress plugins installed, I recommend heading right to your Plugins section and getting them all downloaded and configured.
When finding new plugins with specific functionality, filter them with these questions:
- What is the core functionality you need?
- Can you do that within WordPress or with a snippet of code?
- Can you do that functionality with a plugin that is already installed?
- Is the functionality you want better stand-alone or as part of a more comprehensive plugin?
Once you’ve found some potential plugins:
- Are they well-maintained? How are is the plugin supported?
- Can you test it out?
- How are the reviews insightful?
- Are the ratings insightful?
- Is it listed in the WordPress plugin repository? Why or why not?
- What are common issues with the plugin?
- Is it compatible with your current plugin set?
- Have you compared it to alternatives?
Once you’ve installed it:
- Is your site performance still good?
- Did any features or design break?
Have fun building your site! If you have any comments or feedback, please leave them below. If it’s 60 days after the publishing date – let me know via contact form and I’ll manually add it to the comments.
