This is part five in our series on starting your own website. The “super power” of WordPress is the extreme flexibility and customization that is possible. While we’ve already seen this in custom post types, nowhere is the power of WordPress more evident than in the available plugins. However, with the myriad of plugins available, where do you even start? We’ll cover some essential plugins, but everything else comes down to the needs of your specific site. I’ve often said, “if you can dream it, you can build it with WordPress”. Plugins are where you find much of the functionality to “build your dream”. So yes, “you must have plugins!”

Free vs. Paid

You’ll find over 50k plugins on the WordPress.org plugin repository, and there are thousands of free and paid plugins elsewhere. But which should you choose for your site? Both, maybe… When you are first starting your website, there’s absolutely nothing like getting a bunch of free plugins. And while we make our money from plugins, I would recommend starting out with 100% free plugins. Why?

Unless you have some need that only a paid plugin will fill, there are apt to be multiple options for any given functionality. From form plugins, to SEO plugins, anti-spam plugins, and block plugins, there are plenty of options. Trying to figure out where to spend your hard-earned money when you’re starting out is just going to add extra stress to the decision. Also, you’re still learning, so some feature you think you need might not be that essential down the road. At the beginning, it’s best to keep it simple and avoid unnecessary complexity.

As you build your site, and work on it over the first months, you’ll discover exactly what features are essential. Then, once you have a better handle on things, and once you can afford to invest more in your site, you can start paying for some premium functionality. Many of the free plugins will have premium versions, or premium services that you can purchase.

Personally, even if I can make do with a free version of a plugin, I try to find a way to support the author or company that makes the plugin. If it’s adding value to my site, and I’m making money from that site, then I support the folks that make that possible. Some plugin authors don’t want any money, and will even recommend other ways you can show your appreciation. Leaving a plugin review is a great way to show your support for a plugin in either case.

Must Have Plugins, the Essentials

Beyond the core WordPress functionality, there are a few sorts of plugins I consider essential. These include things like contact forms, anti-spam, page caching, and security plugins. Most websites need a contact page, and you don’t normally want to post your email online for spammers to steal. Likewise, anti-spam and security plugins are like the locks on your website. Sure, you could run a business without locks on the door, but that would be stupid… And what is page caching? Well, let’s start there then!

Caching Plugins for Site Performance

There are a lot of things you can do to make sure your site is fast and doesn’t discourage repeat visits. One of the easiest ways to start things off right with performance is to install a page caching plugin. But what does it do, and why do you need one?

As with most content management systems (CMS) like WordPress, all the information for your website is stored in a database. That information is retrieved by PHP code and then turned into HTML code the browser can read. For a simple page, that might be relatively quick, but adding plugins to your site can slow it down.

A caching plugin saves the HTML that is generated, so that accessing the database isn’t necessary. That can increase the performance of your site dramatically. There are a lot of cache plugins, but a couple good ones are Cache Enabler and WP Super Cache. Of course, all our paid plans come with our SWIS Performance plugin that includes page caching, but keep in mind what I said earlier about free & paid plugins.

Caching Caveats

Now, some web hosts include page caching at the server level, and then you may not need a cache plugin. Check with their support team, or just test it out and see if a caching plugin makes your site feel any faster. Cache plugins don’t cache visits for logged-in users. So be sure to test things while logged out–in a separate browser, or an incognito window.

Some cache plugins will automatically purge/clear the cache when you update your site. However, certain updates might not be detected by a cache plugin, so sometimes you need to manually purge the cache. So if you find yourself wondering why something on your site isn’t updating, look for the cache purge function.

Contact Forms

Unless you’re a hermit, you probably want your visitors to be able to contact you. This is even more likely if you’re starting a business website. Like I said earlier, you don’t want to post your email online, though you certainly might make your mailing address and phone number available. A contact form is a great option to allow folks to get in touch. As a business, you can even use a contact form to help you collect additional information that will make it easier to help your customers.

Two of the most popular free options are Contact Form 7 and WP Forms Lite. Both will allow you to easily build a contact form, or other simple forms. I’ve used both, but have been using WP Forms Lite more recently because the interface is easier to use. With any contact form, you’ll probably want it to send you an email, so make sure that functionality is working. That takes us to a category of plugin that gets an honorable mention.

SMTP Plugins for Email Delivery

Depending on your web host, you may need to setup an SMTP plugin with a transactional email service to ensure your web site can send emails. Whether it is for contact form notifications, password reset emails, or order confirmation emails, you want to make sure those emails get delivered. Some ESPs (email service providers) like Postmark have their own plugins, but FluentSMTP is a great free option that works with multiple providers.

Lock the Doors with Anti-Spam Plugins

If you allow folks to comment on your pages or blog posts, you’ll soon find rogue bots posting links for questionable goods in the comments section of your site. Scammers will stop at nothing to get their links out on the Internet, and an unprotected website is a hot target for them. The first thing you can do, is to set comments to require moderation under the Discussion settings. That way, no comments show up until you approve them.

Then, you can install a plugin like Antispam Bee or Akismet to stop spammers in their tracks. Akismet is free for non-commercial and personal use, so if that doesn’t describe your site, go with Anitspam Bee. With free anti-spam plugins, you may get mixed results, and I’ve switched plugins for various reasons. Some have been discontinued, or bought up by larger security firms, which makes me a little nervous.

However, Antispam Bee has been working well for the last couple years and I’m planning to use it on more sites. I’ve been using Titan Anti-spam for quite a while, and I have to give them credit for protecting the sites where it is installed. But they added a bunch of extra stuff I don’t use, so it’s one I’m watching closely. That said, if you’re in the market for a full-blown security plugin, you might even want to pay for their pro service.

Spammers will also target contact forms, so you may be able to use the same plugin to protect your site from “contact form spam”. Certain form plugin forms will have anti-spam built-in, or integrate with anti-spam services like Cloudflare Turnstile, hCaptcha or Google ReCaptcha.

Install Dead-bolts with a Security Plugin

Sometimes, scammers aren’t content with spamming your comments. They want your whole site/domain so they can inject their content directly onto an “authoritative” domain that’s already showing up in search results. The more traffic you get, the more you need to protect your site. The most common attacks are “brute force” login attempts, and as usual, there are a bunch of plugins you can use for this (even the aforementioned Titan Anti-spam). My personal favorite for login security is a free plugin called Apocalypse Meow.

If your site allows users to register accounts, a plugin like Apocalypse Meow is essential to prevent spammers from registering thousands of fake accounts on your site. They’ll use these fake accounts for various purposes, but cleaning up thousands of bogus accounts isn’t something you want to worry about, trust me… it’s not fun.

Some web hosts, like WP Engine, also have more advanced firewalls to help protect your site from hackers. But at the very least, you’ll still need a login protection plugin. I also use Malcare for an extra layer of security on our site, but you need to be careful with security plugins, as some of them use a ton of server resources when scanning files. This can get your site throttled or completely disabled by your web host.

So pay close attention to the scanning settings, and make sure whatever plugin you install isn’t using too many resources. You can check with the plugin support to see what they recommend, but it’s also worth checking with your web host as they’ll know which plugins have been problematic on their platform.

How to Choose a Plugin

Most likely, you’re going to need more than these “must have” plugins, so there are some things to look for when choosing a plugin. One of the first things I do is check the reviews and see if there are a lot of happy users. Negative reviews aren’t often helpful, as the folks who leave bad reviews often don’t bother to ask for help either. So the next thing to look at is the support forum for a particular plugin to see how they handle support questions.

While it’d be great if all plugins were supported for free–probably not, that’s sarcasm–having a paid team behind a plugin can give you some extra assurance that the plugin won’t disappear some day. I recommended starting with free plugins earlier, and some plugins are intentionally free, like Antispam Bee, with no plans to monetize them. But I’ve seen plenty of plugins disappear or fade into obscurity, because the original developer just didn’t have the time to keep it up to date.

Inevitably, most plugins will need updates at some point, so the Last updated and Tested up to values on the plugin description can also help to see if a plugin is being updated. Plugin developers can update both of these without releasing a new update, and this helps you see if they are keeping an eye on things still. Certainly, good plugins might fall behind a couple releases, and some might not need any actual updates for quite a long time. However, if a plugin hasn’t been tested since WordPress 5.0, or was last updated 4 years ago, run away!

More Customization?

You can do just about anything you could imagine with plugins, but there is also a lot you can do within themes. We’ll dig into themes in our next article, but regardless of what your theme can do, certain plugins are still essential. Make sure your site is speedy (we can help with that by the way), make sure folks can get in touch with you, and keep your site secure. But above all, don’t stress out, and just have fun experimenting. Take your time learning what plugins your site needs, discover what WordPress is capable of, and grow at your own pace.

Starting Your Website: the Complete Series

  1. Domain Names and DNS
  2. Web Hosting: Shared, Managed, or Dedicated?
  3. Email Hosting and Delivery
  4. Pages and Posts and Blocks? Oh My!
  5. You Must Have Plugins: Essentials
  6. Making Your Site Shine with Themes

Shane Bishop