February 18, 2019

Recommended WordPress plugins

Whilst WordPress gets a lot right out of the box, there’s always room for enhance­ment, custom­isa­tion, and extension.

Whilst every site is unique and has differ­ent require­ments, I frequently find myself turn­ing to the same set of found­a­tional plugins to help manage data struc­tures, perform­ance and admin­is­trat­ive tasks.

Here are my must-​haves (in no partic­u­lar order), which help tlo take WordPress from a blog­ging plat­form to a fully-​featured, enterprise-​ready CMS.

Yoast SEO

The famous ‘Yoast’ plugin handles most of the SEO basics out of the box. For an aver­age site, this will provide support for most of the basics you’ll need; from struc­tured data and meta tags, to XML sitemaps and index­a­tion control. 

For more complex sites, there are hooks and filters for proced­ur­ally modi­fy­ing titles, descrip­tions, canon­ical tags and similar. It’s relat­ively straight­for­ward to refine, enhance or over­write the inbuilt logic for indi­vidual pages, templates or scenarios. 

Advanced Custom Fields (Pro)

If I’m build­ing or work­ing on a site which has complex content struc­tures (anything more nuanced than a block of body content), ACF is a power­ful and flex­ible solu­tion for defin­ing content elements and their compon­ents, and managing that content easily.

Building content like recipescomplex lists and reviews often requires more struc­tured content stor­age rules and admin work­flows than a simple text editor can easily manage (without build­ing lots of messy HTML directly into the content editor). 

The ‘Pro’ version unlocks more advanced func­tion­al­ity around nested and repeat­ing compon­ent fields, which is a must-​have for build­ing complex content workflows. 


Whilst this ships with WordPress and does a great job of captur­ing spam comments, many people don’t real­ise that it also comes with an extens­ive API which can be used to spam-​check any user-​submitted content. 

If you’re build­ing custom forms, processes or inter­ac­tions which take inputs, you can pipe user fields and metadata (includ­ing IP, HTTP header inform­a­tion and more) to an endpoint which will imme­di­ately clas­sify the submission. 

With a little extra work, you can also build admin­is­trat­ive work­flows to flag ham submis­sions (false posit­ives) and train the system to do a better job of clas­si­fy­ing your inputs. 

Admin Menu Editor

Any site which is running more than a hand­ful of plugins and custom func­tion­al­ity can soon become cumber­some to manage. In partic­u­lar, WordPress’ native admin menus begin to sprawl and diffi­cult to navig­ate – espe­cially if you’re using plugins which add func­tion­al­ity to differ­ent sections and sub-menus. 

Admin Menu Editor lets you take control, to hide or move links, and to create new group­ings. You can also restrict visib­il­ity by role and other vari­ables, making it a great way to keep things simple and streamlined. 

It’s worth point­ing out one minor annoy­ance, however. The plugin stores the entire refact­ored menu code as a single field in the wp_​options table, which in some cases can lead to perform­ance issues in the back end (on lower end host­ing, or poorly configured setups). 

Query Monitor

When I’m build­ing complex WordPress sites and projects which involve lots of custom func­tions, PHP and data­base inter­ac­tions, Query Monitor is my tool of choice for diagnos­ing perform­ance and issues. 

It spots bottle­necks, slow or duplic­ated quer­ies and PHP errors, as well as outlining how my pages are construc­ted and rendered. 


WordPress’ default search sucks. It’s barely suit­able for even the most basic blogs and websites, and lacks the custom­isa­tion required to provide a good exper­i­ence for most complex websites. 

Relevanssi builds its own index, and enables heavy custom­isa­tion of weight­ing, inclusion/​exclusion, and fuzzy match­ing logic, and search­ing of custom fields. It’s partic­u­larly power­ful for sites which don’t assume that recency should be the primary sort­ing option. 

User Role Editor

Any site with more than one owner/​editor should care­fully consider its policies on access, publish­ing, dele­tion and admin­is­tra­tion. Whilst the WordPress default roles cover most of the basics, some­times it’s help­ful to have more fine-​grained control over specific permissions. 

User Role Editor allows you to create, modify or remove role types, as well as the abil­ity to create/​assign specific permis­sions to indi­vidual users and posts. It adds a huge amount of flex­ib­il­ity when it comes to managing your people, posts and permissions. 

Transients Manager

For websites with complex or bespoke func­tion­al­ity and template logic, it’s often good prac­tice to cache results of complex quer­ies and slow processes. Typically, this uses the WordPress tran­si­ents cach­ing system, which caches and stores strings directly in the data­base (or extern­ally, if you’ve configured external cach­ing) for quick retrieval. 

As anybody who’s worked with cach­ing will know, it’s frus­trat­ing to test and debug systems, and you’ll frequently find your­self want­ing to condi­tion­ally bypass or purge specific or global cach­ing layers. 

The Transients Manger plugin gives you all of this – you see the data types, expiry and details of all tran­si­ents and interrogate/​alter/​delete indi­vidual rows. You can also tempor­ar­ily suspend all tran­si­ents as you work, to avoid trip­ping over your cach­ing logic as you develop it. 

WP Crontrol

If you’re schedul­ing events and processes, WP Crontrol is an excel­lent tool for gain­ing complete insight into everything in the cron queue, the func­tions each action hooks into, and the argu­ments passed. 

It’s also a great tool for diagnos­ing perform­ance chal­lenges arising from plugins or processes back­ing up or multiply­ing out of control – some­thing which happens frus­trat­ingly often with poorly build themes and plugins! 

WP Rocket or W3 Total Cache or Autoptimize

Each of these handle a ton of clever perform­ance optim­isa­tion bits, ranging from static page cach­ing, to header manage­ment, and a myriad of minor things which all combine to make a site run super-​fast. Can’t live without them. 

WP Rocket gives you a great boost out of the box, but lacks fine control over indi­vidual elements. 

W3 Total Cache provides an incred­ible degree of fine-​level control, but each site needs manu­ally config­ur­ing and in-​depth tinker­ing to get the best results. 

Autoptimize focuses on really fine-​tuning CSS and JS loading.

They’re both great solu­tions, but neither’s perfect or always the best choice. Results may also vary in both cases, based on your site structure/​setup and infrastructure. 

Both plugins integ­rate also seam­lessly with your CloudFlare account (as well as your Varnish setup). 

Sucuri Security and/​or iThemes Security Pro and/​or WordFence

When it comes to harden­ing and secur­ing your WordPress site, it’s best to over-​protect than it is to risk leav­ing gaps. 

Between these three plugins, you can cover everything from sched­uled filesys­tem scans and backups, to access logging, IP black­list­ing, to data­base obfus­ca­tion, and much more. 

Don’t leave home without at least a couple of these in place, but make sure to tailor and config­ure to your envir­on­ment and setup. 

Also, use with care. It’s remark­ably easy to lock your­self out of your system, block your IP address, or break (some complex or poorly built) plugins if you’re not care­ful. Backup, test settings, and work through step-by-step. 

Worthy mentions

I’ve delib­er­ately kept the focus on architectural/​foundational plugins, which means that I’ve left out a bunch of other favour­ites which only apply in certain use-cases.

Some of these still bear mention­ing, however, so here are a few extras which you should defin­itely consider, based on your needs:

  • Asset CleanUp, which helps manage which CSS/​JS loads on which pages/​templates.
  • wpDiscuz, which is an excep­tion­ally good replace­ment for the default WordPress comments system.
  • wp-Typography, which does some cool stuff like adding CSS hooks to numbers and symbols, and prevent­ing phrase orphaning.
  • WP-PageNavi, which replaces the clunky default WordPress ‘next/​previous post’ pagin­a­tion with some­thing a bit more sensible.
  • Nelio Content, which is an excel­lent collab­or­at­ive content & promo­tion work­flow platform
  • DuracellTomi's Google Tag Manager for WordPress, which handles GTM injec­tion and creates a soph­ist­ic­ated datalayer object
  • WP Offload S3 is useful if you’re host­ing your images on S3 and want to sync/​move your media and/​or source refer­ences, etc, without break­ing your media library [can have some hiccups when used in conjunc­tion with WPML]
  • Gravity Forms is the de-​facto form plugin, though there are some good simpler altern­at­ives like WPForms if you need less firepower.
  • WP-DraftsForFriends lets you gener­ate share­able but private links to draft/​unpublished posts, so that you can share or get feed­back on content without having to publish and open it to the world.
  • Plugin Organiser is a useful tool for select­ively managing scripts, styles and plugin load­ing on a per-​page/​template level. I’d always recom­mend doing this through func­tions and hooks, but some­times that’s not possible or straightforward.
  • Gmail SMTP allows you to config­ure your site to route all of your emails through an SMTP systems like GSuite.
  • WP Pusher, which allows you to sync GitHub repos to themes and plugins – makes it easy to juggle multiple envir­on­ments, and to avoid mess­ing around with FTP’ing files between differ­ent versions of your site.