February 18, 2019

Recommended WordPress plugins

Whilst Word­Press gets a lot right out of the box, there’s always room for enhance­ment, custom­isa­tion, and exten­sion.

Whilst every site is unique and has differ­ent require­ments, I frequently find myself turn­ing to the same set of found­a­tional plugins to help manage data struc­tures, perform­ance and admin­is­trat­ive tasks.

Here are my must-haves (in no partic­u­lar order), which help tlo take Word­Press from a blog­ging plat­form to a fully-featured, enter­prise-ready CMS.

Yoast SEO

The famous ‘Yoast’ plugin handles most of the SEO basics out of the box. For an aver­age site, this will provide support for most of the basics you’ll need; from struc­tured data and meta tags, to XML sitemaps and index­a­tion control.

For more complex sites, there are hooks and filters for proced­ur­ally modi­fy­ing titles, descrip­tions, canon­ical tags and similar. It’s relat­ively straight­for­ward to refine, enhance or over­write the inbuilt logic for indi­vidual pages, templates or scen­arios.

Advanced Custom Fields (Pro)

If I’m build­ing or work­ing on a site which has complex content struc­tures (anything more nuanced than a block of body content), ACF is a power­ful and flex­ible solu­tion for defin­ing content elements and their compon­ents, and managing that content easily.

Build­ing content like recipescomplex lists and reviews often requires more struc­tured content stor­age rules and admin work­flows than a simple text editor can easily manage (without build­ing lots of messy HTML directly into the content editor).

The ‘Pro’ version unlocks more advanced func­tion­al­ity around nested and repeat­ing compon­ent fields, which is a must-have for build­ing complex content work­flows.


Whilst this ships with Word­Press and does a great job of captur­ing spam comments, many people don’t real­ise that it also comes with an extens­ive API which can be used to spam-check any user-submit­ted content.

If you’re build­ing custom forms, processes or inter­ac­tions which take inputs, you can pipe user fields and metadata (includ­ing IP, HTTP header inform­a­tion and more) to an endpoint which will imme­di­ately clas­sify the submis­sion.

With a little extra work, you can also build admin­is­trat­ive work­flows to flag ham submis­sions (false posit­ives) and train the system to do a better job of clas­si­fy­ing your inputs.

Admin Menu Editor

Any site which is running more than a hand­ful of plugins and custom func­tion­al­ity can soon become cumber­some to manage. In partic­u­lar, Word­Press’ native admin menus begin to sprawl and diffi­cult to navig­ate – espe­cially if you’re using plugins which add func­tion­al­ity to differ­ent sections and sub-menus.

Admin Menu Editor lets you take control, to hide or move links, and to create new group­ings. You can also restrict visib­il­ity by role and other vari­ables, making it a great way to keep things simple and stream­lined.

It’s worth point­ing out one minor annoy­ance, however. The plugin stores the entire refact­ored menu code as a single field in the wp_​options table, which in some cases can lead to perform­ance issues in the back end (on lower end host­ing, or poorly configured setups).

Query Monitor

When I’m build­ing complex Word­Press sites and projects which involve lots of custom func­tions, PHP and data­base inter­ac­tions, Query Monitor is my tool of choice for diagnos­ing perform­ance and issues.

It spots bottle­necks, slow or duplic­ated quer­ies and PHP errors, as well as outlining how my pages are construc­ted and rendered.


Word­Press’ default search sucks. It’s barely suit­able for even the most basic blogs and websites, and lacks the custom­isa­tion required to provide a good exper­i­ence for most complex websites.

Relev­anssi builds its own index, and enables heavy custom­isa­tion of weight­ing, inclusion/​exclusion, and fuzzy match­ing logic, and search­ing of custom fields. It’s partic­u­larly power­ful for sites which don’t assume that recency should be the primary sort­ing option.

User Role Editor

Any site with more than one owner/​editor should care­fully consider its policies on access, publish­ing, dele­tion and admin­is­tra­tion. Whilst the Word­Press default roles cover most of the basics, some­times it’s help­ful to have more fine-grained control over specific permis­sions.

User Role Editor allows you to create, modify or remove role types, as well as the abil­ity to create/​assign specific permis­sions to indi­vidual users and posts. It adds a huge amount of flex­ib­il­ity when it comes to managing your people, posts and permis­sions.

Tran­si­ents Manager

For websites with complex or bespoke func­tion­al­ity and template logic, it’s often good prac­tice to cache results of complex quer­ies and slow processes. Typic­ally, this uses the Word­Press tran­si­ents cach­ing system, which caches and stores strings directly in the data­base (or extern­ally, if you’ve configured external cach­ing) for quick retrieval.

As anybody who’s worked with cach­ing will know, it’s frus­trat­ing to test and debug systems, and you’ll frequently find your­self want­ing to condi­tion­ally bypass or purge specific or global cach­ing layers.

The Tran­si­ents Manger plugin gives you all of this – you see the data types, expiry and details of all tran­si­ents and interrogate/​alter/​delete indi­vidual rows. You can also tempor­ar­ily suspend all tran­si­ents as you work, to avoid trip­ping over your cach­ing logic as you develop it.

WP Crontrol

If you’re schedul­ing events and processes, WP Crontrol is an excel­lent tool for gain­ing complete insight into everything in the cron queue, the func­tions each action hooks into, and the argu­ments passed.

It’s also a great tool for diagnos­ing perform­ance chal­lenges arising from plugins or processes back­ing up or multiply­ing out of control – some­thing which happens frus­trat­ingly often with poorly build themes and plugins!

WP Rocket or W3 Total Cache

Both handle a ton of clever perform­ance optim­isa­tion, static page cach­ing, header manage­ment and a myriad of minor stuff which all combine to make a site run super-fast. Can’t live without them.

WP Rocket gives you a great boost out of the box, but lacks fine control over indi­vidual elements.

W3 Total Cache provides an incred­ible degree of fine-level control, but each site needs manu­ally config­ur­ing and in-depth tinker­ing to get the best results.

They’re both great solu­tions, but neither’s perfect or always the best choice. Results may also vary in both cases, based on your site structure/​setup and infra­struc­ture.

Both plugins integ­rate also seam­lessly with your Cloud­Flare account (as well as your Varnish setup).

Sucuri Secur­ity and/​or iThemes Secur­ity Pro and/​or Word­Fence

When it comes to harden­ing and secur­ing your Word­Press site, it’s best to over-protect than it is to risk leav­ing gaps.

Between these three plugins, you can cover everything from sched­uled filesys­tem scans and backups, to access logging, IP black­list­ing, to data­base obfus­ca­tion, and much more.

Don’t leave home without at least a couple of these in place, but make sure to tailor and config­ure to your envir­on­ment and setup.

Also, use with care. It’s remark­ably easy to lock your­self out of your system, block your IP address, or break (some complex or poorly built) plugins if you’re not care­ful. Backup, test settings, and work through step-by-step.

Worthy mentions

I’ve delib­er­ately kept the focus on architectural/​foundational plugins, which means that I’ve left out a bunch of other favour­ites which only apply in certain use-cases.

Some of these still bear mention­ing, however, so here are a few extras which you should defin­itely consider, based on your needs:

  • wpDis­cuz, which is an excep­tion­ally good replace­ment for the default Word­Press comments system.
  • wp-Typo­graphy, which does some cool stuff like adding CSS hooks to numbers and symbols, and prevent­ing phrase orphan­ing.
  • WP-PageNavi, which replaces the clunky default Word­Press ‘next/​previous post’ pagin­a­tion with some­thing a bit more sens­ible.
  • Nelio Content, which is an excel­lent collab­or­at­ive content & promo­tion work­flow plat­form
  • DuracellTomi’s Google Tag Manager for Word­Press, which handles GTM injec­tion and creates a soph­ist­ic­ated datalayer object
  • WP Offload S3 is useful if you’re host­ing your images on S3 and want to sync/​move your media and/​or source refer­ences, etc, without break­ing your media library [can have some hiccups when used in conjunc­tion with WPML]
  • Grav­ity Forms is the de-facto form plugin, though there are some good simpler altern­at­ives like WPForms if you need less fire­power.
  • WP-Drafts­ForFriends lets you gener­ate share­able but private links to draft/​unpublished posts, so that you can share or get feed­back on content without having to publish and open it to the world.
  • Plugin Organ­iser is a useful tool for select­ively managing scripts, styles and plugin load­ing on a per-page/tem­plate level. I’d always recom­mend doing this through func­tions and hooks, but some­times that’s not possible or straight­for­ward.
  • Gmail SMTP allows you to config­ure your site to route all of your emails through an SMTP systems like GSuite.
  • WP Pusher, which allows you to sync GitHub repos to themes and plugins – makes it easy to juggle multiple envir­on­ments, and to avoid mess­ing around with FTP’ing files between differ­ent versions of your site.