skip to Main Content

There Are No Must Have WordPress Plugins

WordPress logo with a plugin icon

A few years ago I jumped on the bandwagon and wrote a post titled “Must Have WordPress Plugins”. Why? Because everyone was doing the same thing.

But a while ago I began to realise that there are no “must have” plugins for WordPress sites.

Yes, you need some plugins. But you don’t need the ones everyone else tells you you need.

I remember working on a client’s WordPress site that was a complete disaster, and I do mean a disaster.

She had 56 plugins installed when the site only needed about 8.

So what’s the issue with having too many plugins?

There are a couple of issues to think about.

  1. Every plugin you install contains code (PHP, HTML, Javascript etc.). All the code will add “weight” to your WordPress website and cause it to slow down.
    How much code is in the plugin and what the plugin does determines the loss of speed. More plugins results in more speed loss.
  2. There are many insecure plugins out there, which could leave your site vulnerable to hackers. Remember that roughly 25% of all websites are WordPress so many people try to hack them.

Even the most popular plugins can be dangerous.

My go to contact form plugin was Fast Secure Contact Form by Mike Challis. In June 2017, the plugin was sold or given to a new owner. The new owner placed spam ads to payday loan sites in the plugin’s code. At the time, FSCF was installed on over 1 million WordPress sites.

When everyone updated to the next version, the spammy links were put on the website.

WordPress (the company) took the plugin off the official WP plugin repository soon after. According to this thread on the official WordPress forum, the plugin is now defunct.

You’ll also need to check when the plugin was last updated. If it was more than a year ago, it could have been abandoned. WordPress will also tell you if a plugin is compatible with the latest version of WordPress.

Only download plugins from the official WP repository.

That’s my advice to be safe. But I know there are talented and reputable people out there making WP plugins that are 100% safe and legit. One place to get “offsite” plugins is codecanyon. Before buying from there, check the number of sales, the support offered and the reviews.

One example is the EventOn event calendar I bought through codecanyon a few years ago. The author updates it regularly and offers great support. It has over 34,000 sales and 1600+ ratings.

How many plugins should you use?

No more than you need.

You will probably need a contact form plugin. I use Ninja Forms. Contact Form 7 is another popular one.

If you’re going to do some SEO, you’ll need a plugin if your theme doesn’t have it built in.

I use the SEO Framework, but the most popular SEO plugin is Yoast’s SEO plugin.

There are plugins out there for pretty much every need, but do a little checking before you get carried away. And always ask yourself if you really need it.

Unused plugins should be deleted, not just deactivated.

And when you get more experience using WordPress, you might want to look at caching and security plugins.

Wordfence security has 2+ million active installs as I write so it must be doing something right. I don’t use it as I have other methods of securing my WP sites.

Always do your research on plugins and never install a plugin if you’re not sure where it came from.

If you have a website that’s too slow or has other issues you like sorted out, contact me to see if I can help.