One of the best things about WordPress is the wealth of incredibly useful plugins that are available. With these it is possible to expand WordPress’s Functionality at the click of a button.

Below I have included a list of essential plugins that we use on almost every WordPress site we build. From Security to SEO, these plugins will give you the necessary functionality.

Starting with the most important aspect of your website, SECURITY! I used capitals there because it’s VERY IMPORTANT! Your website represents your business online, first impressions are everything. Due to WordPress’s popularity it has a big target on its back for wannabe hackers. For this reason it is important that you at least get the basics right.

There are lots of WordPress security plugins but from my experience there are 2 that stand out. You do not need both as they cover very similar areas. Choose whichever you feel fits your needs best.


wordfenceOne of my favourite features about WordFence is its real-time login protection and visitor throttling. Until I started using this plugin I had no idea how many bots and scripts were attempting to brute force our login page. In its default form WordPress allows you to guess a password as many times as you wish without letting anyone know this is going on. It also gives hints to whether or not the chosen username exists or not.

With WordFence’s real time protection you can block IP addresses that guess too many incorrect passwords within a set timeframe. It will also throttle attackers from attempting too many page views within a set time. This can help protect against DNS attacks and stop an attacker from being able to effect site response times.

As well as the above WordFence can run scheduled scans of all server files looking for known malicious code, out of date plugins, edited core files and many other things. If anything is found it will email you with a summary of what needs attention.


sucuri-517x198The free version of Sucuri doesn’t offer real time blocking of login attempts and request throttling. It does offer site scanning of core files to check for any malicious code but these can’t be scheduled. It does however offer some very handy 1 click hardening tools.

Sucuri will scan your site and server and detect potential vulnerabilities. It will then explain what potential risks may be present and will even fix it with the click of a button. Carrying these changes out alone will not make your site bomb proof but it will remove any low hanging fruit for attackers to exploit.

Sucuri’s paid plans offer more intensive protection and a very nice feature is there cloud back up service. Once subscribed they will take regular backups of your site files and databases. Should you suffer an attack for any reason they will be on hand to restore your site to its former glory as soon as possible.

Gravity Forms

ggavityformsIf your site has any forms for users to fill out, contact forms, subscription forms etc. Then Gravity forms could save you a huge amount of time whilst giving you a lot of added value.

Gravity forms is not free but from $39 you get a lot of bang for your buck. It has a drag and drop interface that allows you to generate simple or complex forms with ease. With a wealth of field types from simple text fields to date pickers and formatted address fields. It even allows you to create multi page forms, for sign up processes or similar.

All entries can be emailed to multiple email addresses and can even be routed based on the user’s choices. Entries are also saved in the WordPress database and can be viewed, managed and exported to an excel file based on your selections.

If you are a web developer, the developer license is only $199 and is worth its weight in gold.

Yoast SEO

wordpress-seo-by-yoastIf you want your site to succeed online it needs to be found. SEO is a much bigger subject but implementing the necessary changes is made much easier with Yoast’s SEO plugin.

There are a lot of technical elements that are taken care of automatically using this plugin, like canonicalization, XML sitemaps and URL tidying. As well as giving you access to a large amount of customisable options to control your URL structures, Breadcrumbs, Title and Meta tags.

One nice features is the on page feedback on the pages content and set up. If you enter your target keywords for the page you will be given a summary of how often your keywords appear and where they should be added. This is also visualised in a handy traffic light system.

Remember, balance your SEO with usability. Cramming keywords in all over the place will not make you rank 1st for competitive keywords and will likely leave your content making little sense at all to potential customers.

Yoast Analytics

yoast-google-analytics-pluginA useful accompaniment to the SEO plugin above, Yoast’s analytics plugin allows you to add analytics code easily to all pages of your site easily. It also gives advanced analytics control on how your user’s interactions are recorded in analytics.

With options for automatically tracking outbound links and control of the more technical aspects of analytics setup, this plugin is a must for implementing accurate tracking.

W3 Total Cache

W3-Total-Cache-LogoPage load speed is something that affects the users visiting your site as well as affecting how search engines rank your website. That’s right, if you didn’t know already, search engines take into account your average page load speeds when ranking you for keywords.

Out of the box W3 Total Cache allows you to carry out many site optimisation processes with the click of a button. Minifying of HTML, CSS and JavaScript reduces file sizes quite drastically. Always check your site thoroughly after activating this as some scripts can break if minified. Especially your contact forms or conversion related elements.

Page, Database, Object and Browser caching allows for faster response times and overall quicker page loads. If you have caching enabled by aware that your changes may not automatically be visible on your site. Always empty your cache after making changes to content or code.

There is also built in support for Content Delivery Networks. This is a process where the sites files are delivered to the user from different servers based on their proximity. Instead of sending files from the UK to visitors in the USA, a more local server in the USA will provide the files meaning a quicker download speed and time. We use NetDNA but many popular CDNs are supported.