WordPress is a powerful Content Management System, and nowhere is that power more seen than in its extensive plugin system. But with great power comes great responsibility. Security, performance, and extensibility problems are rampant among poorly written plugins. The fastest way to ruin a great WordPress site is to use poor quality plugins!
Start with Minimalism
In WordPress like life, less is often more. When you think about which plugins you should install on your WordPress site, target the essentials. Adding features for the sake of adding features will not help you, the website owner, or your customers. With nearly 50,000 plugins available, you must avoid the temptation to add vanity features that don’t serve your real goals.
It may be helpful to think of your site as a system. Take a step back and look at your website as a whole. What features does your theme have? What features do your current plugins have? Which features are good and which are lacking? How can you offer those same features with less? Achieving this will give you a website that is much more easily managed, and you won’t be nearly as scared to hit the update button. It may be helpful to break it down on a whiteboard.
Are you using any plugins that have a bunch of features, but you are only using one or two? That’s a good target for replacement. Or, do you have several plugins that offer functionality that is included in a single better plugin?
The 10 Essential WordPress Plugins
Now that you’ve taken a few minutes to clarify your goals, you’re ready to see our list. Consider these plugins as a starting point for adding essential missing features or replace existing functionality with a better implementation.
We have a lot of experience building WordPress websites. We’ve stumbled in the pitfalls and we’ve tried many different ways to solve different problems. Our goal is to help you avoid those same mistakes!
1. Hierarchy
Ok, transparently we started with this plugin because there’s every chance you have never heard of it. But it’s awesome.
One of the pain points of managing a large WordPress site is that the admin dashboard can become incredibly cluttered. Every Custom Post Type adds a new menu item and this can quickly result in a dashboard that is hard to navigate and scrolls way too much for comfort.
Hierarchy solves this by moving all of your custom post types into a single menu, “Content”. Here’s how it looks on our site:
It may take a few days to get used to the new navigation, but you will love it when you do. This is an especially great candidate for larger client sites.
2. Yoast SEO
Chances are you’ve heard of Yoast SEO , and that’s for a reason. It provides a suite of SEO minded tools to ensure your website can be read by Google correctly, as well as tools to improve your writing as you target specific keywords. (We’re using it right now!)
It also handles generating an XML sitemap, which means you’ll be able to remove any sitemap specific plugins you may already be using.
If for some reason you don’t want their SEO tools and you feel that your theme already sends the correct meta data, you can add an XML sitemap alone by using Google XML Sitemaps . (Never say we didn’t give you options!)
3. My Eyes Are Up Here
Does your website have images of real people? Have you ever added a headshot only to find that the thumbnail splits the person’s face in half? My Eyes Are Up Here solves this.
Using facial recognition, My Eyes Are Up Here scans each image as you upload it and identifies faces in the photo. It then controls the thumbnail generation to make sure that cropping respects the important content.
For those rare cases it can’t find a face, it also allows you to identify the faces manually. How awesome is that?
My Eyes Are Up Here on WordPress.org
4. VaultPress
Fact: Your website needs backups.
Double fact: YOUR WEBSITE NEEDS BACKUPS!
Your host may offer state of the art backups, and that’s great. You still need to do your own backups. If your backups aren’t redundant, you don’t have backups you can trust. And if you have a bigger e-commerce site with more skin in the game, a third or fourth backup is wise. (Also, always test your backups…the day you need them is the worst possible day to find out your backups don’t really work)
VaultPress does a great job of solving backups. It’s super easy to install and use and you can initiate restores of single files or tables, or a whole site restore right from their dashboard.
It costs about $3.50 a month for daily backups. But we really recommend you consider their $9 a month plan. It includes security scanning which can detect and mitigate malware before it wreaks havoc on your website.
Which is increasingly really important! Many of us have experienced that dreaded malware warning that means your site has been flagged by Google as hosting malware. Recently Google announced that it will be penalizing sites that are repeat offenders for longer periods of time. So a few slip-ups can be costly.
5. Ninja Forms
Does your website have a contact form? (If not, you are in an extreme minority and you can skip to the next plugin!)
Ninja Forms provides flexible and powerful form editing and creation. You can setup a contact form and drop it on a page in minutes. And their base plugin is totally free.
But Ninja Form is capable of way more than contact forms. They have dozens of powerful add-ons that can be used to build incredibly advanced functionality, including e-commerce. We’ve used it for surveys and even a contest entry system that included the ability for members to save their entries and resume them later. The possibilities are virtually endless.
And their recently rewritten version 3.0 includes one of the best form editing experiences we’ve seen.
(Another premium plugin we love is Gravity Forms , which offers many of the same features. It’s probably wise to look at the add-ons you might need before making a selection.)
6. WP Migrate DB Pro
Brace yourself for the awesome. WP Migrate DB Pro is probably the single most useful plugin we use. WP Migrate DB Pro makes migrating a site a beautifully easy process. We use it to keep our local dev environments (don’t have one? get one!) in sync with production, as well as updating our staging sites.
You can pull or push changes from one WordPress site to another. And their add-ons allow syncing media files too.
They have a free and paid version, but honestly we recommend skipping straight to the paid version as the additional features are indispensable.
We cannot praise WP Migrate DB Pro enough. We could not do our jobs as well without it.
WP Migrate DB (Free Version) on WordPress.org
WP Migrate DB Pro (Paid Version) on DeliciousBrains.com
7. Force Strong Passwords
Force Strong Passwords does what the name suggests: it forces privileged users (those who can make changes) to use strong passwords.
So many sites use terrible admin and editor passwords, often including the name of the site in the password. This is a huge target for hackers, who exploit these weak passwords to install malware.
It may not be sexy but it is incredibly important. Keep your passwords strong and don’t give you or your admins the option of using bad passwords.
Don’t like using strong passwords? That’s probably because you’re not using a password manager like 1Password .
Force Strong Passwords on WordPress.org
8. Limit Login Attempts
Limit Login Attempt is our second security related plugin, and like the last the name says it all. In addition to strong passwords, detecting intruders is crucially important.
Limit Login Attempts will lock user accounts for a period of time after a definable number of attempts. This makes brute force attacks nearly impossible.
It’s essentially a one click install, so there’s no reason not to install it right now.
Limit Login Attempts on WordPress.org
9. Advanced Custom Fields
Advanced Custom Fields may be one of the more controversial plugins we’ve included on our list. For some, it’s a plugin waiting to be abused because it has so many features.
But we include it for one reason: superior user experience
Advanced Custom Fields allows you to create meta boxes for custom fields or posts, users, categories (and other taxonomies) etc. And it includes powerful features like Flexible Content Sections which allows developers to create elegant and minimalistic page building interfaces.
We use it to give our clients the ability to drop in pre-defined content blocks and sort and resort them. It’s a great experience for users and we think it should be considered for most sites.
Like other plugins in our list, they have a free version but you’ll probably want to consider the pro version as it includes many powerful features.
Honorable mention: Our friend Justin Sternberg wrote the very popular plugin CMB2, which provides code defined meta boxes. It has some advantages over ACF (mainly it’s easier to version control your meta boxes in your code repository). But more advanced features like sortable sections or controlling user uploads are not currently supported natively.
Advanced Custom Fields on WordPress.org
10. WP Sent Mail
We would be remiss if we didn’t include our favorite in-house plugin, WP Sent Mail .
We (selfishly) love WP Sent Mail because it allows us to see inside the blackbox that is WordPress email. WP Sent Mail logs every email as it is sent, allowing us to see exactly what emails are customers are being sent.
And it includes advanced features such as the ability to turn off outgoing emails (but still log them) or re-send an email a customer didn’t receive.
A Note On Caching Plugins
We explicitly left out caching plugins from this list because we have our own approach to performance. We’re going to detail this in another post soon!
Summary
That’s it. We hope this list is helpful, and please remember that you should never add a plugin to your website that you don’t really need to best serve your customers.
Have a question? Ask us in the comments.