I’m here at my desk once again starting a new website, struggling for inspiration. Every time this happens, I start installing the latest WordPress version on a new domain along with the plugins I intend to use.

The same question erupts all the time. What plugins do I need for this website? The WordPress plugins that I need depend on the project I have to complete. Not every website has the same needs, nor the same plugins. But there is a list of necessary plugins that I always use and present below.

Having used a lot of different plugins in my previous projects, I have concluded which are the usually necessary plugins for me. Alongside these, I’m also considering if I need an extra plugin to complete my new website. That means that I once again got to get into the WordPress plugins tank searching for new ‘tools’ that will give me more capabilities.

What is a plugin and why do you need it

Plugins are extensions for the WordPress platform that add functionality and new features to your WordPress website. They are written in PHP and usually, they combine HTML and CSS files. 

The functionalities that the WordPress platform has by default can help you start a blog or a website with many pages. Once you need something extra like a contact form or a forum or a slider, then you will probably search for a plugin. 

WordPress is the most popular CMS (Content Management System) in the world and is used by 35% of all the websites being created. A vast majority of them use plugins, so will you.

Are WordPress plugins free?

There are two places where you can search for your desired plugin. The official wordpress.org marketplace and other marketplaces outside the WordPress community like themeforest.com. 

Usually, the outside marketplaces have a one-time fee but everything is included plus the support of the developer for at least one year. 

Everything inside the official marketplace is free to download and you’ll only have to pay for addons that extend the plugin. You can enjoy the benefits of the free plugin and when you want to take it a little bit further you may add that extra. 

An example here is the woocommerce plugin that transforms your website into an e-commerce platform quite easily. You can use the option of selling products and getting paid on delivery or by PayPal, but if you like to add stripe or visa payments as well, you will have to buy an extra add on from the woocomerce platform. 

Another form of getting an addon is through membership subscription. These are usually get renewed yearly and give you one license (or more some times). 

Generally, a license is per WordPress install. Even the free plugins include a license, a free one.

How to install a WordPress plugin and activate it

There are three ways to install a WordPress plugin. 

Method 1: Through WordPress backend

Open your WordPress backend and navigate to the Plugins section. Press the button “Add new” and you will enter the WordPress marketplace. You can search for the plugin using a keyword. 

Let’s say we need a contact form plugin. We use the term “contact” and we get some results. We install and then activate the plugin we choose.

Method 2: Through a marketplace

After visiting the wordpress.org plugins tank or buying one from themeforest.com or any other website, we download our plugin. Then we once again enter our WordPress backend and navigate to the Plugins section. 

This time after hitting “Add new” we press the “Upload Plugin” button and then we choose our file as it is compressed in our computer and press the Install Now. Once the installation is completed, we activate the plugin.

Method 3: Through FTP

Sometimes because of uploading restrictions, you may not be able to upload your downloaded plugin through WordPress backend. This can happen with a large file like WPML multi-language plugin and the right way to overcome this boundary is by adjusting your server’s PHP settings. 

But sometimes we may need to install the plugin as soon as possible without losing time configuring the server. 

We start by extracting the plugin zip file. Then we connect to the server through FTP or a file manager (included in Plesk or Cpanel) and navigate to wp-content > plugins. This is the folder that contains all the installed plugins and this is where we upload our extracted folder. 

Once uploaded we go to our backend and in the Plugins section we find the new plugin and we activate it.

Can WordPress plugins contain viruses?

Unfortunately yes. They contain files that hackers are trying to hack every day so they can harm your website. But on the other hand, there are security plugins that prevent these actions.

Hackers will do their job (if we can name boredom this way) and you shall do yours. You have shields of protection and you should use them every time.

WordPress community is offering continuously better and stable versions of its product minding security as well. That’s why it is so important that you upgrade your WordPress to its latest version as soon as it goes online.

The same principle affects the plugins as they are easier to hack. You have to update them regularly and use the minimum amount of plugins that you can.

It will add value to your website if the plugins you’ve picked have been created with safety in mind. One way to help you pick the right plugin will be its reviews and the date that they have been updated. 

Also, a rule of thumb is if it has been tested with the latest WordPress version. I never install a plugin that hasn’t been tested yet.

We need the WordPress platform and we also need the plugins, so there has to be a way to overcome these vulnerabilities. 

Luckily, there are security plugins and services that help us run our website without getting anxious about it. 

Services that update our plugins while we are sleeping and security plugins that monitor our website and block hackers who try to access our backend or upload files.

What are the most important and recommended plugins

Even though WordPress.org doesn’t categorize plugins, they are being categorized by their functionalities. And by saying this I’ll explain first the differences in this field.


Many plugins extend the security of your website. In my opinion, the best in this field is Wordfence. It has a high rating and over 3 million installations. 

Wordfence functionalities include:

  • Firewall – It identifies and blocks malicious traffic focused on WordPress security. Protection at the endpoint, no encryption breaks, and no data leakage. The Malware scanner blocks all requests that include malicious content. 
  • Security Scanner – The Malware scanner also checks themes, plugins, and core files for malware. Compare your files, themes, and plugins with the wordpress.org repository and report to you giving you also the ease in repairing them by using your dashboard.
  • Login Security – Let’s start by saying that Wordfence adds security to XML-RPC. This is the way your website integrates with external sources (Facebook, WPengine) and usually is the door that hackers attempt to open. Also, the most secure way to login, the Two-Factor Authentication (2FA) is available along with CAPTCHA that stops bots from logging in. Finally, Wordfence blocks logins for administrators who use known compromised passwords.
  • Security tools – Live Traffic monitors visits and hack attempts in real-time showing how much time they spend on your site by IP. You can block the attackers and build advanced Rules.
  • An online platform, the Wordfence Central, where you can monitor all your sites in one place. This is handy if you manage more than one website. 

Wordfence offers all the above services for free but if you want more security you can opt for the Premium plan. 

In a nutshell, it provides country blocking, real-time IP blacklist, real-time firewall rule updates, real-time Malware signature updates, and Reputation checks.

Contact Forms

When it comes to communicate with your users and receive their messages a contact form is a must on your website. Even the simplest website has a dedicated contact page with a form inside it.

The contact form is responsible for accepting your visitor’s messages and send an automated email back if you prefer. This is the moment where you and your visitor are starting to bond.

The simplest yet powerful plugin is Contact form 7. It is the most flexible plugin that can do literally anything. It supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering, and many add-ons that come to the rescue once needed.

It has great documentation, online community and it is very lightweight. As I said, you can add extra functionalities through CF7 plugins like Flamingo, which saves submitted forms in the database or Bogo if having a multilingual site.

Because of its simplicity and the extra need for HTML knowledge, you may prefer some alternatives. Check out WPForms or Ninja Forms.

SEO – Search Engine Optimization

When it comes to SEO, hands down the best plugin you can get is Yoast SEO. 

It is counting over 12 years supporting marketers to achieve better recognition for their website and higher ranking in search engines. It makes everything simple for you and continues having your back on the SEO factor by checking your content instantly.

Some aspects that Yoast SEO offers are:

  • Title and meta description for better branding
  • Consistent snippets in the search results
  • Taking care of your Breadcrumbs
  • Canonical URLs automation
  • XML sitemap generation
  • SEO analysis of your writing
  • Social media snippets editing

and many others included for free. Premium plans also available for extra support if needed.


If you want to sell products through your website you are going to need a well-designed system that takes orders, accepts payments, and informs both you and your client about the order status.

Even though there are platforms specifically for eCommerce, you can add this kind of functionality to your WordPress. Website owners say that you should prefer OpenCart instead if your inventory exceeds the number of 100 products.

If you still Thinking WordPress, as I do, the most common eCommerce plugin is WooCommerce. It is a flexible free solution and has some add-ons that can satisfy every extra wish you may have in the future.

After installing you instantly get:

  • Product, Cart, and Checkout pages
  • Secure payments by PayPal, credit card, etc.
  • Shipping options
  • Categories, Coupons, Sales functionalities
  • The option of selling physical or digital products(ebooks, tickets, subscriptions)

It has been translated into 55 languages and the community can always help you whenever you like.


A long time ago, Html websites only needed one backup when you had it completed and you were safe with it. Platforms like WordPress are living organisms who need our monthly attention at least. 

New additions of content, comments to be approved or plugin upgrades will be needed along the way. If something goes wrong in any of the above steps, it’s good to have a backup available.

UpdraftPlus is the most popular backup plugin and promises to simplify your backups and restoration. It has a great reputation and trusted by millions. This is something you definitely need.

You can store your backups safely to your server or into the cloud (Dropbox, Google Drive, Amazon, etc.). The options get multiplied in the paid version connecting to Microsoft One-Drive, Azure, SFTP, WebDAV, Google Cloud Storage, and Backblaze. 

You can create manual Backups whenever you are about to start amendments or updates in your WordPress. 

The best feature though is the automatic backups. You can schedule daily, weekly or monthly backups, and keep them stored as long as you like. Also, you can schedule incremental backups in the paid version.

A great alternative is Duplicator. I’m using it only for migrations though.


Build your online community around your favorite topic using wpForo Forum plugin. It is powerful with a modern and responsive layout and different styles to choose from. 

It hasn’t been around for a long time but I find it ideal for a modern website. You can build either a small or a large community that integrates with other membership plugins.

The best alternative is the famous bbPress, which has been used for many years from website owners (me included) with a much simpler interface. 


If you want to build a multilingual website, there are some free choices that you have. Thinking that a free plugin can give you extra functionalities in additional cost, by selling add-ons, you should be thinking of buying a complete paid solution.

The king here is WPML. You can’t download it in wordpress.org but instead through their website. 

You have three buying options. For one multilingual blog at 29$, for three WordPress sites at 79$ or an unlimited third package at 159$.

There is nothing that can’t be translated with WPML, it is compatible with every theme, and they provide full support for their product. They have a refund policy of 30 days, so it’s a one-way choice.

 The common freemium alternative is Polylang that many users chose. It depends where are your limits.


Every website has to have an SSL key. It is a google requirement since 2018. The name means Secure Sockets Layer and it is an encryption-based internet security protocol.

An SSL key connects as a record to your domain and can be installed by your hosting company or by you.

After installing the key everything that stands as a URL changes from http to https. This is something that most of the time creates redirection problems.

The simplest solution is to install and activate the Really Simple SSL plugin. It automatically detects your settings and configures your WordPress to run over https. It is time savior!

I’ve never used any other SSL plugin, so I cannot recommend anything else. I think you’re good to go.

Block Editor

WordPress used to come with a classic editor where you could write your content, add photos, and expand it through shortcodes. 

Since WordPress 5.0 the default editor is Gutenberg, a well-coded and light editor that aims to revolutionize the entire publishing experience. Nowadays the upgrades in Gutenberg are the major differences we experience in every new WordPress release.

There are also other Page Builders that can help you create an astonishing website even through your frontend. Even though they aren’t as lightweight as the default editor, they are more advanced.

My favorite Page Builder is WPBakery, a plugin that you can’t find in wordpress.org library but you can download it through wpbakery.com or even better by buying a theme that has it installed. I always choose themes that say “WPBakery included”.

Except for the ability to edit your pages in the frontend, you can add ready page layouts, advanced grid system or element presets like sliders, image filters, maps, faqs, carousels, tabs, accordions, buttons, etc.

The most popular alternative is Elementor. It is much easier to build your website with Elementor, but it’s not that limitless as the WPBakery. If you want something fast with the minimum involvement in other WordPress backend sections, you should go for Elementor.

But, if you are a developer or need to create a network of sites without any compromise, you should choose WPBakery. In my opinion, it’s more reliable at this time.


One last task you should do before or just after going live is to optimize your website. That means loading your pages faster and making google your best friend.

To start with, I would suggest that you run a check at gtmetrix.com to see your overall performance. Then you can try different plugins to see what suits you best.

I’m not suggesting one plugin specifically because some might work better on your website. Here is a list of my favorites:

  • W3 Total Cache: It has many settings you can tweak to make things faster. W3TC improves the SEO of your website by increasing performance and reducing load times.
  • Autoptimize: It is a much simpler and faster solution by default. If you don’t have much time to spend you can just activate it.
  • WP-Optimize: Except for the caching feature like the previous, WP-Optimize also cleans your database and compress your images in the same package. Extremely easy to set up as well.
  • LiteSpeed Cache: It has a free CDN available and also many settings to tweak.

Whichever you choose, remember that you should only use one cache plugin, or else you can break your site.

Finally, don’t ever go mad about getting 100% in gtmetrix.com results. It isn’t that important.

How many plugins should I use

Try to use the lowest amount of plugins on your website. Researches say that you should never exceed 20 but I suggest using up to 12 plugins.

Every plugin you have activated slows down your website and every plugin installed may be an open door for a hacker. I suppose that I convinced you already.

How to create a plugins starter package with your favorites.

If you are a professional web designer and built websites often, you’ll probably have your favorite plugins that you install from the beginning.

In my case, I was tired of starting a website from scratch so I created my starting point in a Duplicator zip file. 

This starter has the WordPress core installation, my credentials, and all my plugins to start with. By using Duplicator I downloaded the zip file and every time I want to start building a website, I upload the file, create a new database, and run the installation. Then I upgrade everything to its latest version.

A great alternative is using WPCore Plugin Manager. You start by creating an account to their site wpcore.com and then you create a collection of plugins for a starter pack. 

You can create up to 2 collections and you can also browse public collections. Here you can download mine https://wpcore.com/collections/nqziNpAdY2HB4BKV7Gx1


Well, these are the main categories of important plugins you will probably search for. Keep in mind to limit the number of plugins installed in your WordPress below 15, as they tend to make your site more vulnerable to external enemies.

One way to keep your WordPress in a safe state is to choose well-tested plugins like the ones in the list above and update them twice a month or more frequently.

I hope that you found helpful content in my article and built astonishing websites thinking WordPress.