(This post may include affiliate links. Here's my disclosure statement for more info.)
My Favorite Essential WordPress Plugins
I’ve used a lot of plugins in my career as a website developer and small business owner. My toolkit has evolved over the years as I grew more knowledgeable. Right now, here are my essential WordPress plugins that most websites would benefit from installing. You can see more of my favorite picks for website development, design, and small business ownership here.
Yoast SEO, Really Simple SSL, and Redirection < RankMath
I’ve written before about my switch to RankMath. But to give you an idea of my SEO trinity, I would usually use the plugins Really Simple SSL, Redirection, and Yoast SEO together.
I can’t stress how important it is to get an SSL certificate for your website. It has only become more important as Google places more importance on it, security becomes a present issue, and gaining user’s trust. For anyone who may not know, HTTP stands for hypertext transfer protocol. It is the set of tech rules browsers follow loading websites. Getting an SSL certificate means a website will enable encryption by having a “public” and “private” key and verified server identity.
When you get an SSL certificate for your website, you have to make sure all your visitors use it. Very often, you’re linking to the HTTP instead of “HTTPS.” Or your visitors are still going to your HTTP version website. The easiest way to make sure everyone uses the SSL certificate is to use a plugin like Really Simple SSL.
Really Simple SSL has very rarely failed me as I managed countless websites over the years. If you’re not going to use RankMath but need an easy way to migrate your site over, try this plugin.
Along with Really Simple SSL, I’ll often use Redirection. It’s a straightforward way to create redirects. Redirects are codes the server responds with to tell your browser to load another address instead. Redirects are useful if you delete a webpage and want to give people a better page to visit. Or maybe you change the URL of a page and need to make sure people go to the right address.
And of course, we have Yoast. The golden child of WordPress SEO for as long as I’ve been in the business. It’s a stable free (with available premium versions) plugin that does all the necessary technical and on-page SEO tasks—meta tags, sitemaps, canonical tags, all the good stuff every self-respecting website has.
I used Yoast almost exclusively for WordPress until recently. I was never in love with it and sometimes side-eyed the things it would do (or suggest I do). That is why I’ve been so excited about RankMath. So far, I’ve loved this essential plugin and installed it in place of Yoast on all my personal websites. I gush all about it over here if you want to read about why I love it so much.
I love it because, with RankMath, it takes care of all the things Yoast did and more. I could uninstall Redirection and Really Simple SSL. I love being able to have my websites as lightweight as possible. Having a less bloated SEO plugin that can replace three of my usual plugins makes me a happy dev.
UpdraftPlus for Automatic Backups
This is probably the most essential WordPress plugin to install. I’ve seen some stuff in my career. I’ve seen websites hacked up beyond repair and no way to resurrect it because the client never put a backup system in place.
If you only do one thing for your website, at least have a backup of it. Or better yet, have an automatic system to do it for you. There’s a lot of ways to backup your website. Most hosting providers provide you a backup service that you should use. It often comes with your basic hosting package. There are also services like Codeguard that can handle your database and file backups.
I highly recommend storing (at least a copy) of your website backup off your server. Website hacking happens, and it happens more often than you think. If your only backup is on the same server, it will likely be corrupted too. So keep a copy of all your files and database on a drive or Dropbox somewhere. Just in case.
I like to make sure every client has at least ONE backup set up for them. UpdraftPlus serves this purpose well. By default, it saves the backup in the server, but you can configure it to backup to your Dropbox, Google Drive, or some other places you store files. I like that you can schedule automatic backups however often you like. If you regularly update your website, you’ll probably want more regular backups than a brochure website that’s updated once or twice a year.
You can also make sure it only stores a limited number of backups. Even with putting your backup as a zip file, having copies of your website can take up a lot of space. During troubleshooting a website my employer managed, I realized no one had set a number of backups to keep. So it had a year’s worth of copies of their website. It took up all their space so that no one could upload or make any changes to the website anymore.
I also like having two different ways to backup a website. You never know. I’ve had one or two nightmare scenarios when a backup didn’t quite “work” well. I almost revived it, but there would be weird quirks or missing pages. Have a backup to the backup. I tend to be a careful developer like that. It’s good to keep an ace in the sleeve.
Wordfence for Security
WordPress, being the most popular CMS, can be an easier website to hack. If you don’t take some of the necessary precautions in place, it can be easier.
Seriously, even leaving your WordPress version outdated can make you a target. I’ve seen it plenty of times, and it is not fun trying to piece together a hacked up site.
Wordfence is a solid wall of protection. It provides measures against malicious and brute force attacks, can help you enforce strong passwords, keep an eye on all logins, and even give you a glimpse into live traffic.
I never found the premium version to be necessary. However, I always like configuring Wordfence’s settings since the defaults can be annoying. For example, I don’t want Wordfence to email me warnings of someone trying to login (and failing). I do want it to email me if there is an actual “break-in.” I like putting a short leash on how many times someone can attempt to login and a set time for how long they’re blocked once they exceed that limit.
You can even set up two-factor authentication, one of the best ways to protect against unauthorized logins.
So definitely have some security in place. Wordfence is an excellent option to consider.
If you allow comments or have any forms on your website, you need to put anti-spam measures in place. Otherwise, you’ll be forever annoyed (and occasionally mortified) by all the spam. It’s impressive how much spam will find a lowly, otherwise nondescript, website.
Akismet can be a paid-for service, but the free version is usually sufficient. Sign up, and you’ll be able to set it up for free.
Akismet is great because of its giant library of captured spam to help it do its filtering. It works smoothly with WordPress because the same people behind WordPress.com own it. So it works especially well with other popular plugins like Contact Form 7.
Email Address Encoder
Did you know there are bots crawling websites to find emails? Encoding your email address is a way to help with this. Page scanners are typically searching for email addresses formatted like email addresses. So encoding them is a way to hide them in plain sight. You will see an email address, but the page scanner will “see” characters and entities in the code.
You’ll usually only need to use the HTML entities setting with this plugin. But if you find you’re having a spam problem even in this setting, the plugin offers more rigorous protection. Some spambots are programmed to outsmart the HTML entities trick, so there are three other methods to try.
The email address encoder plugin also tries to protect phone numbers too.
And if you don’t want to use a plugin, you can encode your email address yourself. It’ll give you a better idea of how this trick works too.
I’ve tried several different caching plugins. Litespeed Cache is the one that has given me the least problems.
Litespeed has all the useful features you’d want: image optimization, file minification, lazy loading, CDN support, asynchronous loading, and a clean interface. It’s easy to purge your site cache and automatically does when making backend updates. I like some extras like removing WordPress emoji (just awful) and loading Google fonts asynchronously.
Some of the settings I have are:
W3 Total Cache and WP Super Cache are useful, but they’d occasionally give me enough problems to seek a better solution. However, sometimes different plugins work better for other websites due to their plugins and theme. It’s something to experiment with and see for yourself.
I am a big fan of Tasty Pins. Admittedly, it was initially meant for recipe bloggers but has become incredibly useful for anyone using Pinterest. With this plugin, you can set up your page or post’s Pinterest description, title, and images. It will hide your Pinterest images on the page while letting visitors get the right photos when pinning from the page. It also adds the “pin image” hover button.
I love this plugin so much that it is the only premium plugin on this list of must-haves. I even appear on the Tasty Pin’s testimonials page. It’s only $30 annually for one site license. You can purchase this essential WordPress plugin here: Tasty Pins
Bonus: Elegant Themes
This is not exactly an essential WordPress plugin.
I don’t like page builders, but I understand their usefulness. Sometimes, you just need to get a website you can use up and running. That can be the most crucial factor in a website for many people.
If you are not tech-savvy or want an easy to use page builder with WordPress, I advise you to check out Elegant Themes! Elegant Themes use the Divi page builder plugin and have a vast variety of features. The themes are usually highly customizable and intuitive to figure out.
I like Elegant Themes because you pay once for access to all their themes and plugins. Often when you purchase a WordPress theme, you can be disappointed with it but feel stuck with it since you paid for it. Having a library of premade themes and plugins is a solution to that.
Plus, you’ll get premium support, good documentation, and access to their community. If you’re ever stuck with a problem, you’ll have guidance at your fingertips.
Not to mention, there’s a money-back guarantee, which is unusual with premium WordPress themes.
What are your Essential WordPress Plugins?
Let me know in the comments! I hope my list is helpful in finding the best tools for your website!