Plugins can make your website more secure and faster, save you time, increase traffic, or make it safer.
Problem? Before you think about installing plugins, take a few minutes to consider if your WordPress website really needs them.
In essence, there are two types of WordPress plugins :
These are the “hit and run” type – they work for a while until you find that all of your shared hosting plans suddenly have a problem because one of the plugin filescannot be written to disk.
These are the kind that are needlessly installed on every WordPress website – they don’t really add any functionality but make your site heavier and slower . They also use up memory, CPU, and other valuable resources.
Plugins can sometimes conflict with each other or with the core WordPress files. Sometimes a plugin may not load correctly and causes your site to stop working.
You may not have any plugins installed at all, but you are probably using a number of the pre-installed plugins that come with WordPress itself.
There are many thousands and thousands of WordPress plugins available. Over 58,000 plugins are in the WordPress library alone.
There are many good plugins. There are many plugins that you don’t need, and can do more harm than good for your site.
This list contains the top WordPress plugins I believe to be the best for 2021. These plugins have been tested extensively and I’ve used them for many years.
Most plugins listed do not collect any personal data. If they do, you’ll find a description with a data protection notice.
The less plugins the better!
Before I get into details, let me warn you. WordPress plugins are no different from other things.
Less is more!
Too many plugins can slow down websites and make them more vulnerable to hackers. Even well-respected plugins can cause problems that you didn’t anticipate.
Therefore, I recommend that you only install plugins that are absolutely necessary.
You should delete plugins you don’t use anymore. Hackers can use inactive plugins to execute malicious code on websites.
Speeeed! You get even more speed Your WordPress website will be faster!
These 6 powerful performance plugins will be of great help to you:
WP-Rocket can optimize loading times by being an all-in-one plugin.
This plugin not only provides a great page caching function with preloading, but also offers many other functions that you would normally need to install additional plugins for.
- Minimizing CSS and JSP
- Generation of critical CSS (my favourite function!)
- Deactivating embedded
- Preloading and merging Google Fonts
- Lazy loading of images, videos and embedded iframes
- Data cleanup
- By adding missing height and width information to images, you can reduce layout shifting during loading and improve the CLS.
WP Rocket is the reason I get PageSpeed scores ranging from 90 to 100 at Dcreato Academy for all pages (mobile/desktop).
WP Rocker enables you to achieve very high PageSpeed-Scores
It helped me tremendously in optimizing Core Web Vitals, and reaching the threshold values required for FID, CLS, and LCP.
WP Rocket allows you to fine-tune the Core Web Vitals. WPRocket’s automatic settings (e.g. rewriting of URLs, image optimization) sometimes requires you to adjust the values of your WordPress core configuration parameters on a per-site basis.
Not just on the pages they are actually used, but everywhere.
The Contact Form 7 plug in is a prominent example.
It was usually only on the contact page. It is loaded on all pages, categories pages, and posts.
Perfmatters is a small, but clever plugin that provides a solution.
The built-in Script Manager allows you to enable or disable loaded JS or CSS globally, or just for a specific post type or URL.
This will allow you to make sure that Contact Form 7 is only displayed on the contact page.
Contact Form 7 with perfmatters deactivated
Perfmatters also offers many settings that can be used to delete unnecessary functions and scripts from WordPress. :
- Deactivate the Emoji script
- Deactivating embed
- Deactivation of XML -RPC
- Remove jQuery Migration
In case you were wondering:
Perfmatter is great when used in conjunction with optimization and caching plugins like WP Rocket, Cache Enabler, or Autoptimize. In combination with PageSpeed modules, the actual loading time of your website will be reduced.
ShortPixel Image Optimizer
Modern day websites are not in any way static documents you can just dump a picture on it, but rather they are complex applications offering different elements to their users. Images also have become important due to the visual experience and highimpact they have on the users.
ShortPixel Image optimizer will optimize image files without losing quality
This plugin provides many features that allow you to individually set rules for images and maximize their compatibility with various devices:
Add watermarks to individual images or entire sets of images at once. It is possible to define a height and width forthe watermark and add a filter to the picture.
This will also serve as a protection against unauthorized usage of copyrighted images. The image optimization can be scheduled so that it is done automatically after every change in your website content.
ShortPixel also offers a feature to convert JPEG pictures into WebP format. This allows you to save valuable bandwidthand at the same time it will be easier to display your pictures on older devices such as mobile phones or tablets.
With WebP, you can reduce the size of an image by 33% without losing any quality. This means that for every 3 images saved in JPEG format, one can also be saved in WebP format. As a result,you can optimize your loading time by up to 100%.
Note: The WebP format is only supported on Google Chrome and Chromium (the open source version of Google’s browser). ShortPixel offers an extension for this browser that allows the user to view images in a PNG format if it cannot display webp.
Clearfy is an excellent plugin that will help you get rid of all the unnecessary weight from WordPress.
You can deactivate various features such as Google Fonts and Google Maps Embeds, EmojiScript, Gravatars, Gravatars, or the comment function.
It also offers functions that make WordPress administration simpler, clean up the dashboard, and make it more secure.
Clearfy is only recommended if you have a good understanding of the software. Clearfy can cause your design to be distorted or plugins not to work.
If WP Rocket is not affordable for you,
It’s not a problem!
You can also get fast loading times by using Autoptimize with a caching plugin such as Cache Enabler.
The advantage of Autoptimize is that it allows you to adjust your website layout manually and offers a lot of settings for individual plugins. Unfortunately, the compatibility with other cache plugins such as WP Rocket is not ideal and can cause conflicts and distortions in your design. WP Rocket
In conjunction with a caching system such as Cache Enabler, the loading times of your website can be reduced to an absolute minimum and even further optimized.
One major advantage of this plugin is that it offers many features at a reasonable price. If you often work on websites with complicated structures and/or if you plan toexpand your business, WP Rocket is definitely recommended.
WordPress users also know the cache plugins W3 Total Cache or Hyper Cache. You can make use of these two caching systems to create a simple and powerful combination with Autoptimize
However, both of these solutions have an expiration time that you can’t manually adjust. If you want to do this, you will have to use WP Rocket.
Other useful optimization functions include:
- Eliminate the emoji text
- Google Fonts can be merged, reloaded or completely removed
- Lazy loading
- High Performance Images
EWWW Image Optimizer
Uncompressed images are a common cause of slow loading WordPress blogs.
EWWW Image Optimizer is a solution. It optimizes every uploaded image automatically without affecting its quality.
You don’t have to subscribe to a cloud service as the optimization happens on your server.
It can optimize not only newly uploaded images but all images in your media collection, unlike many other optimization plugins.
Another feature that will save you a lot of space on loading your website is:
Page output caching. (Engl. Page caching (Engl.) is one of the most critical, if not the most important, measures to optimize the loading time for a WordPress website.
The Cache Enabler plugin is the easiest to use, as it doesn’t usually need to be configured.
It is reliable and can deliver top loading times.
Alternatives to Cache Enabler are WP Super Cache and WP Rocket.
It is possible for WordPress to not display the correct image sizes if you make any changes to your theme.
It can happen that they become stretched or larger than necessary.
A solution is the plugin Regenerate Thumbnails. This plugin recreates all images generated by WordPress.
Over time, there is a lot of garbage in the WordPress database. This eventually causes it to swell into an unattractive size.
WP-Sweep can help you remove all this garbage.
Before you use your database, please make sure to back it up!
Lazy Load to Comment
Commentaries are an important part of your loading time.
You should display Gravatar images from commentators, especially if your blog has more than 100 comments.
Lazy Load for Comments plug in is the solution. It only loads comments when a visitor is actually interested in them.
You can choose from two display types in the plugin options. You can scroll or click to load comments
Lazy Load Comments plugin settings
Simple, but effective.
You can find many great plugins to help your website rank higher on Google.
Here are some of my favorites.
Rank Math, the new standard SEO plugin, replaces Yoast SEO.
One simple reason:
Yoast SEO Basic has the same functionality as Premium (yes, Premium!) It is also completely free.
It also offers higher performance and can be further developed faster.
These are the most crucial functions of Rank Math
- Add meta title and description
- Indexing settings for individual posts or post types
- Creation of XML sitemaps
- Keyword analysis using scoring system
- Monitor 404
- Manager redirect
- You also have some additional functions such as adding schema data and breadcrumbs. Verification for Google Search Console is also possible.
You want more?
Some functions of Yoast SEO and Rank Math may not be necessary for search engine optimization. You will need to set up indexing settings and be able to input a meta description and meta title. You can also create redirects which is very helpful and saves you from redirection. If you want to look for additional features, you will need to install other plugins.
Over time, there are more and more files in the WordPress upload folder /wp-content/uploads/. The Clean Up plugins from Gambito makes it possible to clean up all of them with a single click.
Lucky WP Table Of Contents
LuckyWP Table of contents is a great WordPress plugin for blogs, online magazines and other websites that publish long articles.
You can display a table or contents list in articles and pages automatically, or via shortcode (similar to Wikipedia).
It is also used here on my blog (see the table of contents).
Tables of contents allow your readers to jump quickly to the content they are most interested in. The meta description of Google search results may include jump marks, which can increase clicks to your articles.
This table of contents plugin also has the following advantages:
- Simple Table of Contents
- It is lightweight and doesn’t have any impact on loading times
- You can insert it via shortcode, Gutenberg Block and widget
- It is regularly updated
Broken Link Checker
Google and visitors will not like links that lead nowhere.
Every few months, I run the Broken Link Checker to ensure that outbound and inbound links point to the correct web pages.
The best thing about the plugin is:
Contrary to external link checkers like You can replace or delete links in WordPress using Screaming Frog
Broken Link Checker can cause server resource strain, so I recommend you use it only occasionally and then delete it when it is no longer needed. Http Headers
Redirection is an excellent plugin to create redirects in WordPress quickly.
This is useful if your server doesn’t have the right permissions to modify the.htaccess file or you don’t have access to them.
Redirection also logs 404 errors. This allows you to find broken or old internal links and create redirects.
It is recommended to disable IP logging in your options. By default, IP addresses are stored in the forwarding and 404 logs.
Yet Another Stars Rating
You can use Yet Another Stars Rating to include star ratings in blog posts (user ratings and your own ratings).
It’s also useful for receiving feedback about your work. The star ratings can also be displayed in search results. This significantly increases click rates and can help you get more visitors through Google.
If a user votes for a star, their IP address is saved in the WordPress database. This can be done in the plugin settings, under “Do you want to save IP address?” Disable (enabled default).
This section contains a variety of plugins that will make it easier to complete tedious tasks or add useful functions and functionality to WordPress.
WP Staging should be included in every WordPress installation.
It was too late for me to realize it.
You can create a copy of your website to test it in just a few clicks.
Your live website is not affected by the test environment. This means that you can test WordPress without risk by making changes, such as Plugin upgrades, code changes, or a complete redesign.
It’s amazing, isn’t it?
The staging environment’s backend looks identical to your live website, with an orange top bar to differentiate.
Work with the WP Staging Pro mode
There are two types of WordPress staging:
WP Staging Pro and the free basic version.
The Pro version is what I use because it allows you to transfer changes from the test environment to the live site. This is particularly useful for major changes such as need to make a complete redesign.
Minor changes can be made with the free version.
You would like to know more about the plugin and its benefits. Check out my complete guide to WordPress staging. It is detailed here.
WordPress Advanced Bulk Edit
WordPress Advanced Bulk Edit has 500 downloads on CodeCanyon. This is in contrast to its sister plugin WooCommerce Advanced Bulk Edit which has been downloaded over 8,000 times.
But, you are completely wrong! It has saved me a lot of time and effort in many situations.
It allows for mass editing of WordPress post. It does this much faster and more comprehensively than multiple actions in WordPress.
The plugin outputs pages, posts, and custom posts in an Excel table that can be sorted or filtered according to specific criteria. You can modify each post property individually or in bulk. You can, for example, reassign the tags or categories of hundreds of posts simultaneously.
You can also modify custom fields with the plugin, such as Yoast SEO Meta Title or Description.
Yoast SEO metadata can be customized with WordPress Advanced Bulk Edit
Better Search Replace
Better Search Replace allows you to search your WordPress database looking for specific words and strings, and then replace any instances as necessary.
This has saved me many days, if not weeks of work.
This can be useful when you want to change your domain or switch WordPress from HTTPS to HTTPS, or make changes to one permalink or the entire permalink structure, or rename shortcodes or CSS classes.
Search & Replace can be used to search for words and strings throughout the database. You can also create a backup of your database in one click.
WP Add Custom CSS
WP Add Custom CSS lets you quickly and easily insert your CSS instructions into your blog, and adapt the theme’s design.
It is what I love the most about it.
You can add CSS to the entire site, or each post individually. Alternative: You can use the customizer to integrate CSS for a specific post or all of your website.
Are you looking to create a blog post or design pages that are the same structure as others?
It’s not a problem!
Duplicate Post allows you to make a copy of any page, post or article in one click.
The settings for the post (e.g. Keywords, descriptions, meta title, and keywords are all included. These are also adopted.
This saves you the effort of manually copying entire posts or post settings.
It’s amazing, isn’t it?
Simple Image Sizes
WordPress allows you to adjust the dimensions of images that are uploaded to the media library.
WordPress plugins and themes often have their own image sizes, which you can’t change in the media settings. Some themes or plugins don’t allow you to adjust the image size in their respective plugin or theme settings.
What do you do if your featured images are in 4:5 instead of 2:3?
Use the Simple Image Sizes plugin!
This adds to the media settings a list of all images generated by the theme or plugins. You can also specify their height/width:
Image sizes are increased by Simple Image Sizes in media settings
Enable media replacement
Don’t get me wrong.
WordPress’ media library is a huge favorite of mine.
But, I do find one thing really irritating:
You must first delete an image in the media library that you wish to replace. If you upload the same file name twice, the original file will be retained and a new file created (with a number added as a suffix). image-2.jpg
Enable Media Replace has made this a distant memory!
This plugin adds to the media library and individual media files with QuickEdit link Replace. You can quickly and easily replace any image, video, or other file by using this plugin.
Replace files using Enable Media Replace
This is a must-have, because I often have to replace images in my tutorials!
Privacy & Security
Data protection is becoming more important since the GDPR. These plugins will help make your WordPress website safer and more privacy-friendly.
Borlabs Cookie is a cookie I have used on many blogs.
This allows you opt-in to any service such as Integrate the Facebook Pixel and Google Analytics, Matoma, or Google AdSense into a website.
Only cookies can be set if the user consents to it.
Borlabs Cookie privacy settings
It also has a practical reload feature that allows embedded content from YouTube and Vimeo to be loaded only after the user clicks on a button.
This demo page will show you how it looks in action.
Additional benefits of the plugin
It is being actively developed and has a clear user interface. Benjamin Bornschein, the developer, provides fast and competent support.
This is a must-have item for any WordPress website.
A backup plugin like BackWPup is a good choice, especially if your hosting provider doesn’t offer backup services.
Because believe me:
There is nothing worse than a WordPress installation that has failed or a system failure without a backup.
To protect yourself further, I suggest that backups not be sent to your server but to remote locations, such as e.g. to another FTP server, or to the cloud (e.g. Google Drive or Dropbox
BackWPup masters are both.
UpdraftPlus can also be used to create automatic backups for your blog. It is also very easy to set up for beginners.
Anti-Spam Bee plugin is a great tool to combat comment spam.
It has been a great tool for my WordPress sites over the years. I highly recommend it. It reduces spam commenting and can even delete it all by itself.
Antispam Bee, unlike the Akismet plugin that is widely used and other antispam plugins in general, is compatible with GDPR.
Antispam Bee filters do not collect any personal data or are anonymized.
You can also set the settings to allow comments only in certain languages (the first three words of the comment are sent to Google Translate), and to block comments from certain countries. The IP address of the commenter is then shortened and sent to IP2Country. However, the developer of this plugin says that it is not necessary.
These are the most frequently asked questions about WordPress plugins.
How do I install a plugin
There are three main ways to install WordPress plugins.
You can upload the ZIP file to WordPress by going to the WordPress admin under Plugins>> Install> Upload plugin
Upload the unzipped plugin files (in the directory wp-content>plugins) to your FTP server
Direct installation via the WordPress repository
How many plugins should I install?
This cannot be generalized because it all depends on your plugins and the functionality you want.
Based on my many years of experience in WordPress service providers, I can tell ya:
20%-30% of plugins that you have installed are unnecessary if there are more than 20.
How can I avoid security threats from plugins
WordPress plugins are one of the most dangerous security threats to WordPress installations.
These 6 safety rules will help to reduce the risk.
- Only install plugins you actually need
- You should check regularly if you still require the plugins you have installed.
- You can delete a plugin completely if you don’t need it anymore. Deactivated plugins could also be a security risk.
- Only install plugins from trusted developers who are regularly updated.
- Update your plugins regularly
- Stay current with security holes in plugins (e.g. Use the WPScan Vulnerability Database
What are the most dangerous threats to WordPress installations?
Security threats to WordPress installations can be caused by faulty plugins and outdated themes.
It’s been estimated that up 90% of all hack attempts on the web go through a WordPress installation. This is because WordPress headlines the top use of websites on the internet – one in five websites are built using this content management system.
In other words, if you have your own website or blog and want to avoid attacks from hackers, then make sure you’re running a secure version (currently 5.8) and keep your plugins updated, as well as updating your theme constantly where necessary. If you’re ever not sure with these technicalities, find someone who knows for certain because skipping these steps could cost huge money!
How can I avoid security threats from plugins?
The safety rules below will help reduce the risk:
Only install plugins you actually need
You should check regularly if you still require the plugins you have installed. You can delete a plugin completely if you don’t need it anymore. Deactivated plugins could also be a security risk.
Only install plugins from trusted developers who are regularly updated
Update your plugins regularly Stay current with security holes in plugins (example use WordPress Scan Vulnerability Database) What are the most dangerous threats to WordPress installations? Security threats to WordPress installations can be caused by faulty plugins and outdated themes. It’s been estimated that up 90% of all hack attempts on the web go through a WordPress installation. This is because WP headlines top of websites on internet- one in five websites are built using this content management system. In other words if you have your own website or blog and want to avoid attacks from hackers, then make sure you’re running a secure version (currently 5.8) and keep your plugins updated, as well as updating themes constantly where necessary.
Should I install a plugin if it’s not necessary?
NO! This is a decision that must be made by the website owner. You can delete plugins and activate or deactivate them on an as-needed basis.
Is it possible that an unzipped plugin file is infected with malware or is corrupted in some way when uploaded to my server and causes damage on my installation of WordPress?
Theoretically, yes. If someone malicious wanted to attack your installation of WordPress, one way they could do it would be to upload a corrupt plugin file. You should always check the source of any file when you download and install it from elsewhere on the internet to make sure that is not a risk.