Every developer and content manager has their favorite plugins that they can’t live without, whether to make content creation or sharing easier, to connect social media, or to add features and functionality. But not every site needs every plugin or even every type of plugin. If your site doesn’t allow user registration, then there’s no need to add a plugin to help you define and expand user roles or to control access to content.
Certainly, if you have a particular “thing” you need, you can search for the top plugins for that thing: top social media sharing plugins, the top bookmarking plugins, the top forms plugins, the top help desk plugins, the top security plugins (you get where I’m going).
But there are four plugins we think every WordPress site should have.
In fact, the first thing we do when we create a new WordPress installation for our clients is install these four plugins.
WordFence is a security plugin with more than 22 million active installations and is the most popular WordPress security plugin currently available. This plugin is well maintained and updated to protect WordPress sites from new threats as they arise.
In fact, Wordfence reports there are more than 26,000 attacks happening per minute.
With the overwhelming number of new hack attempts on WordPress sites worldwide each day, you can’t afford not to install a security plugin on your site. This plugin offers both a free version and a paid version with numerous features to block hack attempts and alert you to any issues.
The WordFence “Threat Defense Feed” actively monitors new threats and how hackers compromise sites in order to update firewall rules and scan engine to identify and block the latest malware.
WordFence also blocks brute force attacks which can cripple a site by locking out users with too many login failures or sign-in attempts with invalid usernames. The plugin also allows administrators to manually block countries* or individual IP addresses in addition to those which are placed automatically on the WordFence IP Blacklist.
The malware scanner compares your core files, themes and plugins against those within the WordPress.org repository and notifies you of any changes a hacker may have made to your site.
The pro version also checks to see if the site IP is generating spam. This is particularly important on a shared hosting platform where an IP could become listed as a source of spam through no fault of your own, This version also checks if the site is “Spamertized,” or being used to aggressively send spam emails
See the comparison chart below for a complete list of security features.
While WordPress is already pretty good for search engine optimization, (SEO), pretty good just isn’t good enough in an increasingly competitive online landscape.
Enter Yoast SEO.
Yoast allows you to configure your site and to optimize various technical aspects such as XML sitemaps, RSS optimization, and meta and link elements. It also forces content creators to think more carefully about SEO and keywords while writing.
The Snippet Preview allows authors and editors to enter a focus keyword for a page or post. Yoast then monitors how well that keyword is used in the title, content and URL. The snippet preview also allows users to edit the “snippet” that appears on a Search Engine Results Page (SERP). These snippets are best when written to prescribed character limits and include the focus keyword.
As you edit your snippet, Yoast will tell you how well you are doing in improving your on-page SEO.
Yoast will also analyze your text for word count, use of your keyword, structure of your text and link usage.
Additionally, Yoast will analyze your post for readability. This include looking for sub-heads, which can make content easier to read, as well as sentence structure, paragraph length, and use of passive voice.
Additionally, Yoast allows you to customize your Facebook and Twitter previews with an easy-to-use editor — no need to know how to add Open Graph meta content to your pages or source code.
This plugin comes in both paid and free versions. The paid version has some great features to help identify internal linking opportunities and to implement redirects when page URLs change.
A lot can happen to a website. A malicious hacker could inject code throughout your site files. A novice user could accidentally delete all your blog posts. Theme and plugin updates could cause unexpected display issues due to code conflicts.
Because of this, we always recommend having a backup plan in place, whether you manually take a backup of your files and database, rely on your hosting backups or use a plugin.
We recommend Backup Buddy. While it’s easy enough to log into your cPanel and create an archive of your file and a backup a database, who really wants to do that once a week, three times a week, or even daily?
Backup Buddy, a paid plugin from iThemes which has been utilized by about half a million sites since 2010. It allows you to create scheduled backups of your database and files and to send these files to the iThemes server (“Stash”) or other remote locations (Dropbox, Google Drive, Amazon S3, Rackspace).
You can set different back-up schedules depending on what you want to backup and how often. For example, your theme might not be updated very often compared to plugins or to your content. With Backup Buddy,, you can schedule your theme to be backed up every month, your plugins every week and your database every day.
Not only can you restore your site should something bad happen. You can also use your backup to migrate your site to a new host.
Every website should have Google Analytics installed. If you can’t measure it…
There are a number of good WordPress plugins with various degrees of customization and reporting through the WordPress dashboard.
A number of years ago, a basic plugin that allowed a site administrator to simply add the Google Analytics property ID might have sufficed.
But these simple plugins which did no more than add the basic Google Analytics (GA) tracking script to each page of the site, required much more set up in GA as well as customization of links or code to create better event and conversion tracking..
Like plugins of old, MonsterInsights makes it easy to connect your site to GA with a few simple clicks.
But this plugin also provides an analytics dashboard right in your WordPress site. This allows you to get a little bit of information about your visitors, their page views, popular posts and other real time stats without digging through GA and the overwhelming amount of data it contains.
It also leverages GA features such as custom dimensions, download tracking outbound link tracking, event tracking and more without having to create custom URLs and link code.
MonsterInsights has a lite version available in the WordPress.org repository and offers a Pro version on their website
One more for good measure: WP Smush
WP Smush from WPMU was previously only available as part of a WPMU subscription. However, the developers of the plugin recently released a free version on the wordpress repository and included a Pro version for WMPU subscribers. WP Smush scans images you upload or which are on your site already and compresses your images to improve site performance and speed, which is good in Google’s eyes as well as being good for your users.
There you have it! Are there any other plugins that you’ve heard of or used that you think are important for a WordPress site? Tell us in the comments below.