Best WordPress plugins: Boost functionality on your site easily
Add new features to your WordPress site without writing code, courtesy of our pick of the best WordPress plugins
WordPress is a phenomenally successful content management system, which now powers almost half of the web. One of the reasons for that success is its extensibility. Even novice users can add to its core features by installing plugins using the built-in gallery, or by importing them directly through the WordPress dashboard.
It’s impossible to know exactly how many WordPress plugins there are, but the WordPress plugins directory alone puts the number at more than 60,000. That doesn’t include add-ons that can only be downloaded from third-party sites or commercial stores, or plugins developed for private use.
With so many to pick from, it can be difficult to know which will make an appreciable difference to your site. So, we’ve picked seven of the best, covering security, communication and optimisation. You’ll find our recommendations below; but first, we offer a little help on how to choose one plugin over another.
Best WordPress plugins: At a glance
- Best security plugin: Wordfence Security | Free – £786
- Best speed optimisation plugin: WP Super Cache | Free
- Best utility plugin: Pretty Links | Free – £328
How to choose the best plugins for your WordPress site
How do you pick between similar plugins?
With so many plugins to choose from, it’s inevitable there will be several that perform the same task. To choose between them, first check that your preferred option has been tested against the version of WordPress you’re running. If you access the plugin library through your WordPress dashboard by hovering over Plugins in the sidebar, and then clicking Add New in the fly-out menu, you’ll see that the details on each plugin card confirm whether it’s compatible, incompatible or untested with your version of WordPress.
If this still leaves you with several plugins to choose between, check when the plugin was last updated, how many people have installed it, and its rating. Again, each of these can be found on the plugin card. If a plugin hasn’t been updated in a long time, it may no longer be actively supported. And, if one plugin has far fewer active installations than another, you may find that there’s a less vibrant user community to offer help and guidance should you ever need to search for an answer.
Can you install too many plugins?
We’ve never hit the limit… yet, and can’t find any official guidance on this matter. However, we would advise only installing plugins you’re actively using – and, if there are any you no longer use, at the very least deactivate them through the dashboard. If you want to take the belt-and-braces approach, you might choose to delete them, too – again through the dashboard. This could help to keep your installation secure if vulnerabilities are later discovered in a plugin that’s still installed, but no longer updated or used.
Do you have to install plugins from the official repository?
No. And in fact, not every plugin is available through the repository built into WordPress itself. Many are exclusively sold through commercial marketplaces. To install one of these, hover over Plugins in the WordPress sidebar and click Add New on the fly-out menu. Then, click the Upload Plugin button at the top of the next page. Navigate to the Zip file you downloaded, and upload it. Once it’s uploaded, click the Activate button to start using it.
How do you delete a plugin?
Hover over Plugins in the WordPress sidebar and click Installed Plugins on the fly-out menu. Find the plugin you no longer need and click Deactivate. Once it’s deactivated, click the red Delete link.
How we test WordPress plugins
With so many WordPress plugins to choose from, it’s inevitable that many will cover the same ground. When drawing up a shortlist, then, one of the factors we consider is how many users each already has. While we’re not averse to recommending a little-known gem, and we would certainly review such a plugin, opting for popular plugins means you’ll have a better chance of finding support within the community if you need it.
We check how recently the plugin was updated and which is the latest version of WordPress that it supports. We don’t want to recommend plugins that appear to have been abandoned, or haven’t been tested against the latest release of the CMS if that release has already been around for a month or so.
Next, we look at its documentation. Is everything properly explained, and is it clear what it does before we click Install? Is the installation routine well handled and, once it’s up and running, are we guided through any additional steps via prompts in the WordPress dashboard, on post writing screens, or elsewhere?
Finally, does the plugin offer anything unique, or do anything better than its competitors? As we said, there are thousands of plugins out there: installing too many risks slowing down your site, so you want to make sure the ones you do add earn their keep.
READ NEXT: Best web host
The best WordPress plugins you can buy in 2023
1. Wordfence Security: Best security plugin
Price: From free to $950 (£786) per year | Download from WordfenceWordPress is now so popular that sites running it are often probed by less scrupulous characters for vulnerabilities and misconfigurations. One of the most common ways in is the brute-force attack, where they hammer your site with countless password guesses, exploiting the fact that we all have a preference for easy-to-remember rather than hard-to-crack credentials. This is a human failing, rather than any problem with WordPress.
As its name suggests, Wordfence Security bolsters your existing protection with a sophisticated firewall that lets you block specific IP addresses, or even whole countries, and offers the option to implement multi-factor authentication to stop unknown users gaining access just because they guessed your password. At the same time, it keeps an eye on the files that make WordPress tick to check they’re not out of date and haven’t been overwritten on your server, which could potentially open up another unauthorised entry point.
There are both free and premium versions of Wordfence Security, the latter costing $119 (£98) per year. The free tier gets you theme and plugin monitoring, a security scan every three days, brute-force protection, intrusion alerts and multi-factor authentication, but firewall rule and malware updates are each delayed by 30 days. These are updated immediately on the Premium tier, and you also benefit from unlimited scans and the IP and country-level blocking mentioned above. Two further tiers, Care and Response, are targeted at business owners.
Key specs – Type: Security; Current version: 7.9.1; WordPress compatibility: Tested up to WordPress 6.1.1; In plugins repository? Yes
2. Yoast SEO: Best SEO plugin
Price: From free to £120 per year | Download from YoastSearch engine optimisation (SEO) can feel like a dark art if you don’t know what you’re doing. Fortunately, working with a content management system (CMS) such as WordPress can help, since what you publish will automatically be better structured – which search engines like. Better yet, since every page will be more or less the same in terms of elements and flow, a tool such as Yoast SEO knows exactly where to slot in the metadata that search engines are looking for to improve your search performance.
When you first install Yoast SEO, you’ll see that it adds several fields to each post-writing page in the WordPress interface, which ask for key details such as an optimised title and description. There’s live guidance on how long these should be, and a preview of what the result will look like on a search page. If you also provide a target keyword for which you would like to perform well, it will grade both your post content and the additional text against that term. These grades also appear in the posts overview page and as an aggregate on the WordPress dashboard, so you can immediately see where you could improve matters.
There are free and Premium versions, with the free edition delivering basic readability analysis and monitoring of a single keyword for each post. Upgrading to the Premium edition (£120 per year) switches on premium readability analysis, automatic redirect creation when you move a page, multiple keyword analysis and warnings when your most important pages haven’t been updated for six months, which can act as a helpful reminder to check that they’re still relevant.
If you’re serious about upping your search performance, Yoast SEO is a far better option than crossing your fingers and hoping for the best. Think of it as an SEO coach, watching as you write every post.
Key specs – Type: Optimisation; Current version: 20.2.1; WordPress compatibility: Tested up to 6.1.1; In plugins repository? Yes
3. WP Super Cache: Best speed optimisation plugin
Price: Free | Download from WordPressIt’s no secret that slow sites are unpopular. Visitors click away, and search engines rarely put them at the head of the results. Anything you can do to speed things along – such as joining the 2m+ WordPress users who have installed WP Super Cache – has the potential to pay dividends. It’s produced by Automattic, the organisation that oversees the development of WordPress itself, so should integrate smoothly with your blog.
WP Super Cache takes the dynamic content that WordPress serves up whenever someone lands on your site and produces static versions of each post or page. Then, the next time someone who’s not logged in, hasn’t left a comment or isn’t looking at a password-protected post – in other words, the vast majority of your visitors – arrives at your site, it serves them static content instead. Since this doesn’t need to be retrieved from your database to be slotted into your page template before being displayed, it should appear more quickly, immediately making your site feel more responsive thanks to the reduced overall load time.
There are several configuration options, allowing you to specify the compression and caching settings, but if you’re not comfortable tweaking then you can instead opt for Simple mode and let it decide the bulk of the settings for itself.
Key specs – Type: Optimisation; Current version: 1.9.4; WordPress compatibility: Tested up to 6.1.1; In plugins repository? Yes
4. Smush: Best image optimisation plugin
Price: From free to $7.50 (£6.18) per month| Download from WordPressThey say that a picture is worth a thousand words, but that’s not the whole story. A thousand words might occupy just a few bytes on your web server and load in the blink of an eye; but a poorly optimised image could take up as much space as a million words – or more – and take several seconds to appear. By that time, your visitor may have clicked away, and could be gone for good.
Smush optimises your images by compressing them, while also being careful about the resulting quality. As a result, your site should retain its professional edge and deliver a more pleasant browsing experience.
Optimisation can be done automatically in the background, and Smush can identify which images are slowing down your site because they’re the wrong size. You can also optionally enable lazy loading, which only loads an image when it’s visible on the screen. That way, if a visitor hasn’t yet scrolled that far, it won’t be loaded in advance and slow down the loading of the content they can actually see.
The free version of Smush is fully featured, and a great example of a set-and-forget tool that you can install, activate and ignore for months to come. However, there’s also a Pro edition, at $7.50 (£6.18) a month, which adds CDN access and the option to serve images in WebP format. Paying to upgrade also gets you access to developer WPMU DEV’s other pro plugins, which include security, backup and optimisation tools.
Key specs – Type: Graphics; Current version: 3.12.6; WordPress compatibility: Tested up to 6.2; In plugins repository? Yes
5. Really Simple SSL: Best plugin for visitor confidence
Price: From free to $39 (£32) per year for Pro edition | Download from Really SimpleVisitors are getting wise to checking for the padlock when they visit a website and, increasingly, browsers are throwing up warnings when you land on an insecure site. Make sure your blog doesn’t trigger an alert by taking advantage of an SSL certificate if your web host offers one. Once it’s been issued, Really Simple SSL can help configure your site to make sure it’s being used to its full potential.
At its most basic, it will ensure that visitors are correctly routed to the secure version of your site, across a range of server technologies. However, it can also be used to generate an SSL certificate if you don’t have one or you haven’t been issued one by your host. It then rewrites links to content on your site so they automatically use the more secure https:// rather than http://.
Key specs – Type: Security; Current version: 6.2.2; WordPress compatibility: Tested up to 6.1.1; In plugins repository? Yes
6. Pretty Links: Best utility plugin
Price: From Free to $399 (£328) for Super Affiliate tier | Download from Pretty Links Pretty Links shortens web addresses in a similar fashion to TinyURL and Bit.ly, but does so within your own domain. So, if your domain was example.com, you could create the links example.com/reviews, example.com/abc or whatever else you might choose, and point each one at a longer, more complex address. Why would you do this? Several reasons: you could use the links to provide easy access to pages buried deep on your site. Or you could use it to obscure affiliate links from which you earn money.
That’s only half the story. Links aren’t just created and left to fend for themselves. Pretty Links keeps track of them and, more importantly, how often they’re clicked. That way, you can monitor which outgoing links are most popular, and you can use this information to decide the content you should produce more of.
You can also use Pretty Links to set up redirects for content you’ve moved on your site (or to a different domain) to ensure your visitors aren’t presented by a Page Not Found screen the next time they try to find it.
The free version of Pretty Links is a fully featured and powerful plugin, but there are three upgrade options – Beginner, Marketer and Super Affiliate – starting at $199 (£163) per year that add a range of advanced features. These include indexing links by tag or category, automatic creation of shortened links for new posts or pages, and the option to set an expiry date on any of your links.
Key specs – Type: Utility; Current version: 3.3.3; WordPress compatibility: Tested up to 6.1.1; In plugins repository? Yes
7. Contact Form 7: Best contact plugin
Price: Free | Download from WordPress Contact forms are a great way to mask your email address. By requiring your visitors to get in touch by filling in a form, you can reduce the amount of spam you receive, and ensure they include all necessary information.
Creating a new form is a simple case of adding tags for text and email boxes, additional fields such as phone numbers and date, freeform entry boxes, checkboxes, dropdown menus and more. You then define where the form contents should be sent when the visitor clicks Send, and embed the result in your site. You can design several different forms for use in different scenarios and different locations across your blog.
Once defined, you can embed a form in a post or page using shortcodes, and use CAPTCHA and Akismet spam filtering to reduce the number of unwanted messages landing in your inbox.
Key specs – Type: Communication; Current version: 5.7.4; WordPress compatibility: Tested up to 6.1.1; In plugins repository? Yes#