WordPress has over 50,000+ plugins in its open-source repository alone, along with thousands more on various third party websites. Plugins secure your site, speed it up, add features or styles, add communities or profiles, and hundreds of other things.
You can easily fill up your site with 20 or even a hundred plugins! That said, we strongly recommend you keep your plugin usage to a minimum. Here’s some best practices.
Only Use What You Need #
Using plugins add extra code that WordPress has to load every page visit. The more plugins you have, the more code WordPress loads. This adds up and will slow down your site overall. Therefore, to reduce bloat and decrease page load time, we strongly recommend you only use the plugins that you need on your site and deactivate and remove ones you don’t need.
Furthermore, using many plugins also opens up your site to various attack vectors. Vulnerbilities are frequetnyl found in WordPress plugins, and the more you use them, the more likely a vulnerability will apply to your site!
Vulnerabilities can lead to your website getting hacked, your data getting stolen, and even your losing all your files!
Use Lighter Alternatives #
Yoast SEO is a popular SEO plugin. However, it’s also huge, and let’s face it — do you really need all the features it offers? Most likely not.
Instead, using a plugin like Rank Math or SEO Framework will help decrease the amount of code that needs to be loaded, making your site faster and more secure.
Elementor or Beaver Builder are good alternatives to Divi page builder.
Update Your Plugins #
Well-maintained plugins has contributors that release plugin updates frequently. Using a plugin that is actively under development is always a good idea so the plugin keeps up with the latest practices and updates.
Frequently update plugins are also more likely to be compatible with your website, as WordPress standards are constantly changing.
When an author releases a minor update (ie, 1.4.X) it’s advisable to install the update immediately, as they usually contain security patches, bug fixes, and other non-breaking features. You may want to wait a few days for major updates (ie, X.1.2) as there might be some broken features or bugs that need to be ironed out first.
Not updating your plugins when there is an update available opens up your site to the possibility of attacks again. Outdated plugins can sometimes contain vulnerable code that attacks can use to gain access to your site and files.
Recommendations #
Plugins are an essential part of WordPress. Here are the plugins we recommend for all installs:
- WordFence (For security)
- WP Super Cache or WP Fastest Cache (For site speed)
- CynderHost Cache (For high-performance plans only)
Optionals (only if you need them!) #
SEO Plugins: Rank Math or SEO Framework
Page Builders: Elementor or Beaver Builder
Speed Optimization: WP Rocket or Autoptimize
Image Optimization (recommended): reSmush.it
Ecommerce: Woocommerce
Contact Form: Contact Form 7 or WP Forms
Anti-Spam: Askimet or WordPress Zero Spam
Backup: WPVivid Backups
Newsletter: Mailchimp
Community/Forum: bbPress and/or BuddyPress
