Remember the Apple campaign “There’s an App for That” from 2009? Well, the same principle now applies to WordPress.
It doesn’t matter what kind of functionality you’re looking for — enhanced security features, SEO assistance, advanced booking systems — there’s a plugin available which will meet your needs and then some (as of this writing, WordPress lists a whopping 55,785 plugins).
In such a vast sea of choice, how do you know which plugins will provide you with real value?
Web designers and digital marketers alike continually encounter websites hosting dozens of plugins which are in conflict with each other, no longer supported by WordPress, or are so convolutedly customized that touching them threatens to shatter the very fabric of the Earth, let alone the website.
If you’re building or maintaining WordPress sites for clients, how do you know which plugins are actually worth it? Let’s take a look at some of our top choices below.
1. Wordfence Security
Wordfence Security is the most popular firewall and security scanning plugin available for WordPress, with more than 2 million active installations.
It’s a highly customizable tool that protects your site by:
- Blocking brute force logins.
- Banning IPs.
- Running routine scans and alerts.
Wordfence is a freemium app — you’ll get the plugin’s basic functionalities either way. But you’ll get more with the premium offering, including:
- Two-factor authentication.
- Real-time malware signature updates.
- Country blocking.
While Wordfence is a great tool to have, it’s still just a tool. It isn’t a replacement for manual monitoring of your site.
Some users report issues with PHP exception permissions and with memory limits on the hosting account interfering with the service.
2. Really Simple SSL
SSL (Security Sockets Layer) is the standard tech for creating an encrypted link between a browser and web server which ensures all data traveling between the two remains secure (and private).
Google has given a final warning to webmasters regarding SSL — if your site is not secure before October 2018, you could see your bounce rates increase significantly as a result.
Really Simple SSL takes care of the SSL configuration for you.
A common mistake people make when installing an SSL certificate is misconfiguration, which can lead to warnings in site visitors’ web browsers. The plugin will automatically detect your settings and set your site to run correctly over https without warnings.
Keep in mind that you will need to purchase and install an SSL certificate separately on your server/hosting package prior to implementing the Really Simple SSL plugin.
Setting up is incredibly easy. Just activate the plugin and enable SSL with one click.
A lot can go wrong when you’re maintaining a website:
- Your site may get hacked.
- You could install a plugin or theme that breaks everything.
- Your database can become corrupted.
So it’s essential that you have a disaster recovery plan (especially when multiple people are working on your site).
Backing up your site is critical, and BackWPUp is the plugin to do it with.
This service is entirely free (although there is a separate paid version), and can be used to schedule daily, monthly, or yearly backups to Amazon S3, Dropbox, FTP, and more.
Backing up your themes, database, and files is all done simply from your dashboard.
Watch out, though — if you don’t have the ability to edit your PHP settings via your hosting plan or server, you could run into some pretty annoying issues.
4. Yoast SEO
Yoast SEO has been around since 2008 and is a popular SEO plugin for WordPress.
Its robust platform allows non-coders to make on-page optimizations for things like deindexing categories and tags without diving into the intimidating backends of their sites.
Yoast also offers on-page guides for writing page titles and meta descriptions, as well as other things like page readability. Its bulk editing feature and snippet previews for Google search results are among users’ favorite features.
One headache users have with Yoast is that it tends to conflict with some other plugins. If you’re experiencing issues, All-in-One SEO is a reliable alternative, although not as robust.
Users must remember that running Yoast isn’t a viable substitute for actual SEO knowledge.
A Yoast plugin bug caused some site owners’ rankings to drop earlier this year — history can repeat itself!
5. Gravity Forms
Contact forms are integral to conversions and lead generation in the digital age.
No matter what you use them for, you need to ensure they:
- Attract attention.
- Are not too busy.
- Actually accomplish what they are meant to.
Gravity Forms helps you do just that.
This paid plugin allows you to build powerful online forms with one simple-to-use builder. From over 30 form fields to their “Conditional Logic” feature, there are many ways to customize your forms.
The plugin also offers integrations with various other platforms (e.g., MailChimp, Slack, PayPal Payments Pro, Stripe), depending on which version you have (Basic, Pro, or Elite).
There are only paid options available — something that turns some potential users away. Consider if your clients will reimburse you the Basic $59 yearly fee using your contact forms — if so, then the plugin is undoubtedly worth it.
6. Simple 301 Redirects
301 redirects are a critical component of any SEO strategy. Being able to create redirects quickly is particularly useful when launching a new website and causing the URL structures of pages and posts to change.
Simple 301 Redirects is very straightforward — it gives you the ability to directly and quickly apply 301 redirects to old URLs in order to send users to the desired destination. Third-party integration for bulk redirect uploads is also available via CSV.
Oh, and this plugin is free.
Simple 301 Redirects only allows for redirecting within one domain — external cross-domain redirects are not supported. If you’re looking to perform more complex redirects (like dynamic redirects for an ecommerce store), they are best done directly in the .htaccess file.
7. Akismet Anti-Spam
You know what the problem with spam is? It’s always evolving — so much so, that it’s tough for us humans to catch everything.
If you have a blog section on your website, the last thing you want to do is pre-screen comments manually (especially if you run a popular blog with regular comments).
Akismet Anti-Spam takes care of that for you (for free).
Once the plugin is installed, it will automatically begin cross-referencing comments on your blog with its global spam database. Once it has decided whether a comment is malicious, it will inform your blog section (you can easily see which comments have been allowed or filtered out).
You are also able to integrate Akismet with Contact Form 7 — the spam database and email lists will be referred to before allowing users to submit forms, therefore blocking suspicious users from doing so.
Just know that it won’t always catch everything!
Managing a lot of websites can be tough. It can be a big struggle handling backups, updates, and databases for multiple clients.
InfiniteWP makes it a whole lot easier.
This free plugin allows its users to manage an unlimited amount of WordPress domains all from their own server, streamlining their jobs and getting rid of some of those aforementioned struggles. For all those “busy” tasks that are necessary, yet time-consuming, InfiniteWP is the time-saving solution.
That said, you should still perform more substantial WordPress updates and theme updates directly on the site (and do full backups) to make sure they go smoothly.
Be careful if you have clients who have custom themes that can’t be updated without self-destructing (we recommend keeping them out of the dashboard altogether).
9. Advanced Custom Fields
Have you ever been working in the backend of WordPress and wished that you could do just a little bit more with the edit screens, or maybe just tweak the way something is functioning?
More than a million WordPress sites have Advanced Custom Fields installed — a tool that allows users to take control of edit screens and custom field data.
The plugin’s field builder is intuitive, detailed, and very useful. It offers an easy way for non-techy people to maintain multiple custom objects and fields across numerous pages and sections of their website.
Fields can be added to anything from posts, users, media, comments, and just about anywhere else.
It’s not all a walk in the park, though. It takes some time and effort to build out the fields and objects initially.
Implementation and deployment will also require some basic coding knowledge — a potential roadblock for some.
Whether it’s due to the fact that website admin and owners spend more time focusing on content creation and marketing or simply just forget, they often overlook the importance of optimizing technical aspects that impact a site’s speed.
Autoptomize offers an automated solution to this issue. It is able to:
- Defer scripts to the footer of your website (which makes loading pages faster).
- Cache files (decreasing server load and increasing speed).
- Aggregate and minify HTML, CSS, and JS files.
If you’re using another service like Cloudflare, the two may begin to conflict with each other, so try to opt against using multiple caching/compression plugins.
WP Smush is an image optimization plugin that uses superior servers to compress your images sitewide.
You may not realize that large files are slowing down your website. So having a reliable compression tool is vital to the speed of your site.
Smush is an award-winning plugin and proven crowd favorite for it’s speed and quality.
Their servers handle the load and even strip bulky (and hidden) information from images without sacrificing any quality.
Smush is also able to compress images stored using Amazon S3, NextGEN, WP Offload S3, and on every WordPress plugin and theme package.
WordPress is a mammoth of a platform, with a truly wild amount of plugins and add-ons available to supplement it.
However, don’t go crazy with your plugins!
Make sure you only install WordPress plugins you know you are going to use and benefit from. Overloading your websites with outdated and useless plugins will never end well for anyone.
Always make sure to check reviews and online chatter surrounding plugins before you take the plunge on them, and ensure they are compatible with your version of WordPress.
In particular, beware of plugins that haven’t been updated in several years, as they can lead to your site being compromised or hacked. No one wants that!
More Web Development Resources:
- 10 Awesome WordPress SEO Plugins to Optimize Your Site
- 6 WordPress Plugins That Will Speed up Your Site
- Moving a WordPress Website from HTTP to HTTPS: A Complete Guide
Screenshots taken by author, July 2018