Which WordPress Plugins Should You Use?

Search Google for wordpress plugins and the options available are seemingly endless. However, not all plugins are created equal.

Due to various security considerations, WordPress is becoming increasingly effective at policing unloved, uncared for and neglected plugins.

Anyone can build a plugin to provide a specific functionality. Good people, indifferent people and also, bad people. Bad plugins can contain scripts and codes designed to hack sites and servers. In essence, if you aren’t careful you can upload an invisible backdoor into your site and your server, where bad people can later run riot.

For this reason, it is a very good idea to only choose plugins from WordPress approved channels.

The easiest place to find suitable, safe plugins is by clicking the ‘Add Plugin’ button in your WP backend, adding a search term for the task you want the plugin to perform and choosing from the list.

You will be able to see only WP approved plugins and this list does change over time.

If a plugin isn't maintained by the developer, it will be dropped from the WP approved list and you will start ot see messages saying that the plugin has been abandoned in your backend - at least you will if you use a decent security plugin - more on security plugins a little later.

How many Wordpress Plugins Do I Need?

The rule of thumb is to use as few plugins as you need to perform the functions you need to perform.

Each additional plugin has an impact on the code bloat your site will gain.

Even deactivated plugins bulk up your site code.... so fewer always = better.

Which Plugins Should You Add?

We have an initial build process which includes adding the core plugins that we use on almost all our builds.

Our Favourite Wordpress Plugins Usually Are:

  • Yoast
  • Updraft
  • Wordfence
  • iSecurity
  • Autoptimise
  • Async javaScript
  • Classic Editor
  • TinyPNG
  • Far Future Expiration Plugin
  • GDPR Cookie Consent
  • Lazy Load by WP Rocket
  • MiniOrange 2FA
  • SEO redirection
  • Share Buttons by Addthis
  • Smush

We don't necessarily always require all of these, but they each serve a different function to aid performance.

The question to ask is, "do you gain more from the functionality than you lose in code bloat?"

See All Security Approved Wordpress Plugins here

The Wordpress Plugins We Use & Why We Use Them


Simply the best SEO plugin we have ever used. It does everything you need it to do. You can manage all your meta tags, sitemaps, schema data and more.

It will also show you step by step how well optimised your content is and what you need to do to improve optimization and readability.

You can also set the specific Social Media sharing data so a specific image and description is used whenever someone shares each page, post or product from your site.

Yoast is in our opinion the best Wordpress plugin for search engine optimisation.

It allows you to optimise each element of your page content. Additionally, Yoast also incorporates the Flesch Reading Ease Test so that your written content passes search engine readability examination.


The best back up plugin we have found. Backs up on a schedule to Dropbox and many other cloud storage solutions, so you will always have a recent copy of your site safe and sound in a second location.

Your WP site has a load of files that it needs to work properly, as well as the database that contains your content.

If either of these fails, gets hacked, becomes corrupted etc. you will need to reinstall your whole site.

If you don't have an up to date backup then you will have big problems restoring everything to the latest version.

Updraft Pro will backup everything you need automatically to many cloud storage locations, including DropBox which is our Storage of choice.

Problems occur with websites, no matter how well you maintain your online security, so be prepared for any eventuality and keep a current backup of all your WP site files.


A great security tool to maintain a clean, healthy Wordpress website. Will email you with error warnings, file changes, uploads, and outdated plugins.

Wordfence also has a great scanning tool for checking your entire sites health.

*It's important to note that good as it is, on occasion, Wordfence doesn't detect 100% of malicious files, so if you have been hacked or suspect that you may have been, use a second security plugin as a qualifier.

We use Sucuri & iSecurity for heavy lifting if we need to, which thankfully doesn't happen very often.


iSecurity offers a few tools that Wordfence doesn't. You can harden your site security by employing several of their very useful tools.

You can set a daily login schedule to secure access attempts out of your normal hours, set high security SALTs which help to protect your core files. Additionally you can set secure file permissions, exclude login IPs, countries, etc.


Sucuri is a great security scan plugin for finding malicious code that Wordfence might miss. Security plugins often use databases of known issues and file changes rather than actually identifying malicious code in its own right.

Our experience is that between the two plugins you will identify anything untoward contained in your Wordpress installation.


Autoptimise works best hand in hand with Async Javascript to allow you to "Eliminate Render Blocking Resources" and thus speed up your site load speed.

In standard trim, Wordpress will attempt to load the complete page, all your content and functionality before rendering the page.

This has the effect of slowing your site down.

Render blocking resources can be deferred allowing the above the fold section of your site to load on demand.

The rest of your content can then load at a more leisurely pace.

A common message in Google Page Speed Tool is "Eliminate render-blocking JavaScript and CSS in above-the-fold content".

This basically means that there are elements of your site which are loading before the page can be displayed.

Many of these don't need to load instantly (Google Analytics code for example) so can be deferred for a second or two, allowing the page to display faster.

"Above the Fold" & "Autoptimise" work together offering all the settings you need to achieve Google page load speed scores in the 90's.

Classic Editor

A personal preference that is shared throughout our offices. The classic editor allows you to edit your site code much more easily.

Gutenberg is more of a WYSIWYG drag and drop interface which we find irritating more often than helpful.


Image compression is one of the biggest issues for Wordpress. Large uncompressed images will slow down any website and most website owners don't even realise that they need to compress images before adding them to their blog posts etc.

TinyPNG solves much of this for you by having a pretty good go at compressing images as they are uploaded.

It is always preferable to resize images and compress them before they are uploaded.

TinyPNG automates this compression process, but is by no means foolproof. It can’t for example guarantee that image quality is maintained during compression.

Far Future Expiration Plugin

This is a great plugin & in our opinion, not used anywhere near often enough.

Many files in your website don't change from day to day, week to week and even month to month.

Everytime a page is requested all the files are transmitted. However, by using an effective Cache policy, all those files that rarely change can be saved for future use by the site visitor.

This reduces the amount of data that needs to be sent for your page to load, so it loads faster.

GDPR Cookie Consent

GDPR Cookie Consent is a the best cookie popup policy plugin we have found.

Many other cookie plugins load your site with far too much bloat and backend page content that will negatively impact your page performance.

This plugin lets you tick the GDPR box and comply with legal requirements without affecting your site performance negatively.

Lazy Load by WP Rocket

Another great plugin to speed up any website.

Lazy loading images means that instead of all your page images loading before your page can render fully, it will instead only load the images required to render the above the fold section of the page.

As you then scroll down the page, additional images will load on demand.

Images are often the largest blocks of data on a page so lazy load is a very effective way of delivering only the data you need when you need it.

MiniOrange 2FA

2 Factor Authentication takes login security to the next level. When you attempt to log into your site you will be asked for a 6 digit code that is available on a 2FA App on a linked device.

This means that to log into your site anyone needs your standard login details and access to your mobile phone too.

SEO Redirection

When rebuilding or restructuring a website, it is common for the URLs of pages to change. When this happens, and the old URL is no longer published, it's important to redirect potential visitors towards the newer content or alternative content.

If you don't redirect you will deliver a 404 error page. If you deliver enough of those, Google will mark you down in their SERPs listings. You will also lose those potential visitors many of whom will seek out a better managed website instead of yours.

All old page URLs should redirect somewhere.

Share Buttons by AddThis

Making your content easily shareable is an important part of the Social Media Marketing process. This plugin is one of the least 'Bloaty' we have found and allows people to quickly and easily share your offer, product and services pages across their soail media channels.

The ability to share content shouldn't be underestimated. Each share is a recommendation & Google look at these as a part of their search ranking algorithm.

If real people are willing to share your content then it must be useful content.

Make sharing as easy as possible.


Smush is another image compression plugin we use from time to time. The paid Pro version is superb, whilst the free basic version is a good start for optimizing images on your site.

The free version will reduce image sizes by up to 20%, the paid version will do an additional 20% on top of that.

Depending on the type of site that you have this can be a good solution for trimming file sizes, but isn't ideal for all.


Wordpress Security