Must-have WordPress plugins

Whilst WordPress gets a lot right out of the box, there’s always room for enhancement, customisation, and extension.

Whilst every site is unique and has different requirements, I frequently find myself turning to the same set of foundational plugins to help manage data structures, performance and administrative tasks.

Here are my must-haves (in no particular order), which help to take WordPress from a blogging platform to a fully-featured, enterprise-ready CMS.


Redirection or Yoast SEO Premium

Redirection (and the similar functionality in Yoast SEO Premium) is a phenomenally powerful tool for managing 301 (and other types of) redirects, for logging 404 errors, and for maintaining lists and sets of redirect rules.

I’ve written about the critical role it plays in managing how Google and other bots interact with your site – how they continually and indefinitely request old URLs, invalid URLs, and URLs you didn’t even know about, and how failing to manage this impacts your performance and user experience.


Advanced Custom Fields (Pro)

If I’m building or working on a site which has complex content structures (anything more nuanced than a block of body content), ACF is a powerful and flexible solution for defining content elements and their components, and managing that content easily.

Building content like recipescomplex lists and reviews often requires more structured content storage rules and admin workflows than a simple text editor can easily manage (without building lots of messy HTML directly into the content editor).

The ‘Pro’ version unlocks more advanced functionality around nested and repeating component fields, which is a must-have for building complex content workflows.


Akismet

Whilst this ships with WordPress and does a great job of capturing spam comments, many people don’t realise that it also comes with an extensive API which can be used to spam-check any user-submitted content.

If you’re building custom forms, processes or interactions which take inputs, you can pipe user fields and metadata (including IP, HTTP header information and more) to an endpoint which will immediately classify the submission.

With a little extra work, you can also build administrative workflows to flag ham submissions (false positives) and train the system to do a better job of classifying your inputs.


Admin Menu Editor

Any site which is running more than a handful of plugins and custom functionality can soon become cumbersome to manage. In particular, WordPress’ native admin menus begin to sprawl and difficult to navigate – especially if you’re using plugins which add functionality to different sections and submenus.

Admin Menu Editor lets you take control, to hide or move links, and to create new groupings. You can also restrict visibility by role and other variables, making it a great way to keep things simple and streamlined.

One minor annoyance is that the plugin stores the entire refactored menu code as a single field in the wp_options table, which in some cases can lead to performance issues in the back end (on lower end hosting).


Query Monitor

When I’m building complex WordPress sites and projects which involve lots of custom functions, PHP and database interactions, Query Monitor is my tool of choice for diagnosing performance and issues.

It spots bottlenecks, slow or duplicated queries and PHP errors, as well as outlining how my pages are constructed and rendered.


Relevanssi

WordPress’ default search sucks. It’s barely suitable for even the most basic blogs and websites, and lacks the customisation required to provide a good experience for most complex websites.

Relevanssi builds its own index, and enables heavy customisation of weighting, inclusion/exclusion, and fuzzy matching logic, and searching of custom fields. It’s particularly powerful for sites which don’t assume that recency should be the primary sorting option.

For particularly complex or bespoke requirements, developers can hook the WP_Query object into the relevanssi_do_query function to build completely bespoke search functionality on top of the powerful matching engine.


Rewrite

Based on your permalink settings, WordPress automatically defines a set of regex patterns for different URL types. It specifies the kinds of URL structures which should return pages, posts, archives and other result types.

However, many sites will use only a fraction of the default types. Single author blog posts, for example, don’t need support for author indexes. Rewrite lets you edit, add or remove all of the defined rewrites, and to streamlined and customise your URL matching logic.

Whilst there are plenty of plugins available to control the behaviour of these templates (e.g., to noindex or return a 404 for unwanted result types), it feels cleaner to disable the functionality altogether through this approach.

Lastly, whilst it’s relatively straightforward to define these rules within a theme, the rewrite interface gives you a convenient and safe environment to test, manage revisions, and to see all of your URL logic in one place.


User Role Editor

Any site with more than one owner/editor should carefully consider its policies on access, publishing, deletion and administration. Whilst the WordPress default roles cover most of the basics, sometimes it’s helpful to have more fine-grained control over specific permissions.

User Role Editor allows you to create, modify or remove role types, as well as the ability to create/assign specific permissions to individual users and posts. It adds a huge amount of flexibility when it comes to managing your people, posts and permissions.


Transients Manager

For websites with complex or bespoke functionality and template logic, it’s often good practice to cache results of complex queries and slow processes. Typically, this uses the WordPress transients caching system, which caches and stores strings directly in the database (or externally, if you’ve configured external caching) for quick retrieval.

As anybody who’s worked with caching will know, it’s frustrating to test and debug systems, and you’ll frequently find yourself wanting to conditionally bypass or purge specific or global caching layers.

The Transients Manger plugin gives you all of this – you see the data types, expiry and details of all transients and interrogate/alter/delete individual rows. You can also temporarily suspend all transients as you work, to avoid tripping over your caching logic as you develop it.


WP Crontrol

If you’re scheduling events and processes, WP Crontrol is an excellent tool for gaining complete insight into everything in the cron queue, the functions each action hooks into, and the arguments passed.

It’s also a great tool for diagnosing performance challenges arising from plugins or processes backing up or multiplying out of control – something which happens frustratingly often with poorly build themes and plugins!


WP Less

Managing complex and interdependent stylesheets in WordPress can be a nightmare. WP Less adds LESS support right within the theme editor and filesystem – allowing you to write mixins, functions and variables within your CSS, as well as to manage dependencies and relationships.

You don’t need to do anything complex; just enqueue your LESS files in the same was as you’d enqueue normal CSS. The plugin processes the LESS files and creates (and then caches) optimised, minimised CSS files.

I should note that whilst LESS has fallen out of fashion in favour of SCSS, I’ve found the latter to be less well-supported – and it’s worth sacrificing some of the extra shiny features in favour of simplifying the workflow.


WP Rocket or W3 Total Cache

Both handle a ton of clever performance optimisation, static page caching, header management and a myriad of minor stuff which all combine to make a site run super-fast. Can’t live without them.

WP Rocket gives you a great boost out of the box, but lacks fine control over individual elements.

W3 Total Cache provides an incredible degree of fine-level control, but each site needs manually configuring and in-depth tinkering to get the best results.

They’re both great solutions, but neither’s perfect or always the best choice. Results may also vary in both cases, based on your site structure/setup and infrastructure.

Both plugins integrate also seamlessly with your CloudFlare account (as well as your Varnish setup).


Yoast SEO (WordPress SEO)

The famous ‘Yoast’ plugin handles most of the SEO basics out of the box. For an average site, this will provide support for most of the basics you’ll need; from structured data and meta tags, to XML sitemaps and indexation control.

For more complex sites, there are hooks and filters for procedurally modifying titles, descriptions, canonical tags and similar. It’s relatively straightforward to refine, enhance or overwrite the inbuilt logic for individual pages, templates or scenarios.


Above The Fold Optimisation

This plugin is relatively new to my arsenal, but it packs a punch. This layers extra speed and performance optimisations on top of WP Rocket / W3 Total Cache to really dial things up.

Of particular note, it provides methods for automatically and asynchronously loading JavaScript and CSS, and for defining above the fold / critical path rendering.

Takes a little bit of effort to configure for each site (you’ll need to extract your critical path CSS), but well-worth the effort. It makes it pretty straightforward to achieve a 100/100 Google PageSpeed score, which is always a treat (even though the PageSpeed scoring is nonsense).

Plays surprisingly nicely with WP Less and enque’d resources.


Sucuri Security and/or iThemes Security Pro and/or WordFence

When it comes to hardening and securing your WordPress site, it’s best to over-protect than it is to risk leaving gaps.

Between these three plugins, you can cover everything from scheduled filesystem scans and backups, to access logging, IP blacklisting, to database obfuscation, and much more.

Don’t leave home without at least a couple of these in place, but make sure to tailor and configure to your environment and setup.

Also, use with care. It’s remarkably easy to lock yourself out of your system, block your IP address, or break (some complex or poorly built) plugins if you’re not careful. Backup, test settings, and work through step-by-step.


Worthy mentions

I’ve deliberately kept the focus on architectural/foundational plugins, which means that I’ve left out a bunch of other favourites which only apply in certain use-cases.

Some of these still bear mentioning, however, so here are a few extras which you should definitely consider, based on your needs:

  • Yet Another Related Posts Plugin, for managing ‘related post’
  • AdRotate, which is an excellent ad management tool
  • wpDiscuz, which is an exceptionally good replacement for the default WordPress comments system.
  • wp-Typography, which does some cool stuff like adding CSS hooks to numbers and symbols, and preventing phrase orphaning.
  • WP-PageNavi, which replaces the clunky default WordPress ‘next/previous post’ pagination with something a bit more sensible.
  • Nelio Content, which is an excellent collaborative content & promotion workflow platform
  • DuracellTomi’s Google Tag Manager for WordPress, which handles GTM injection and creates a sophisticated datalayer object
  • Broken Link Checker, which is a handy (but sometimes performance-intensive) tool for spotting broken links in your content
  • WPML, which is the de-facto internationalisation plugin [may require a LOT of modification/extension based on your requirements but does a good job of handling much of the heavy lifting]
  • EWWW and Kraken.io are both good choices for automatic image compression and optimisation
  • WP Offload S3 is useful if you’re hosting your images on S3 and want to sync/move your media and/or source references, etc, without breaking your media library [can have some hiccups when used in conjunction with WPML]
  • Gravity Forms is the de-facto form plugin, though there are some good simpler alternatives like WPForms if you need less firepower
  • Controversially, Jetpack. For a long time, this felt like little more than bloated widgetware. However, recent upgrades see it starting to take on the role of filling out a lot of useful core functionality.
  • Plugin Organiser is a useful tool for selectively managing scripts, styles and plugin loading on a per-page/template level. I’d always recommend doing this through functions and hooks, but sometimes that’s not possible or straightforward.

Anything missing?

Is there anything missing from my core set? Are there any worthy mentions which should make the list? Let me know!

Leave a Reply

14 Comments on "Must-have WordPress plugins"

Notify of
avatar
Sort by:   newest | oldest | most voted
Andrew CS
Guest

Suspect they’re just “so obvious” oversights but just in case, a couple I use on optimisey.com:

* a Google Analytics plug-in. There are lots, I use: Google Analytics Dashboard for WP (GADWP). If you cannot track traffic data you’ve no idea if what you’re doing is working

* Head, Footer and Post Injections – useful for SEO stuff generally – but mostly I use this to inject Google Tag Manager code – which opens up a world of other options including using GTM to add schema mark-up etc.

Laurence Caro
Guest

Gravity Forms for me! Nearly every website I push live has Gravity Forms installed. The Pro version of the form builder plugin is brilliant and well supported too.

Andrew Girdwood
Guest

The S3 Offload tool from Delicious Brains and EWWW. Jetpack too, I think.

Thanks. I’m going to check out Above The Fold Optimisation

rudi
Guest

i use wpSEO instead of Yoast SEO, good list!

Mike Gracia
Guest

Great post Jono!
I like the ‘plugin organiser’ plugin as gives the ability to disable plugins on a per-page basis, avoiding stuff like JS libraries being included on pages they are not needed 🙂

You can also save a profile with rules defined and select to use that profile on specific pages etc.

Might not be everyone’s cup of tea, but I like it 🙂

Mike Gracia
Guest
Agreed, doing manually through hooks / a theme’s functions.php is better in the long run and more efficient, the plugin can work quite well in some circumstances though, especially for clients who want some degree of control, but don’t have the tech devs to support. Performance-wise from anecdotal only (as not measured in a test with a control or anything sensible like that 😀 ), I usually see net gains in terms of load time (testing with silly page speed tools and also waterfall in inspector etc), especially if there’s a few plugins that are spewing JS and CSS into… Read more »
Andrew CS
Guest

“What do you use for template injection?”

It’s literally called “Head, Footer and Post Injections” on WP. More details here: https://www.satollo.net/plugins/header-footer

kimhak
Guest

Yoast is the first plugin that i install in every oy my website.

wpDiscuz