WordPress: 5 Plugins

Here are our hot takes on what 5 WordPress plugins to install first.

HOT BYTE NUMBER 1 WordPress: 5 Plugins artwork. the WordPress Logo is a trademark of the WordPress Foundation.
HOT BYTE NUMBER 1 WordPress: 5 Plugins artwork. The WordPress Logo is a trademark of the WordPress Foundation.

All of the plugins mentioned below can be installed directly from the WordPress dashboard.


Because WordPress is an open source content management system, third-party developers develop themes and plugins to add more functionality to the core system. However, this increases the likelihood of vulnerabilities and makes WordPress a target for hackers. On average a WordPress site is attacked every 22 minutes and according to a white paper produced by Patchstack in 2021, "29% of WordPress plugins with critical vulnerabilities received no patch".

So, our first plugin recommendation is Wordfence and it will help mitigate against these security threats. The service uses a combination of firewall rules, malware signatures, and IP blocklists to monitor your site. In short, any requests to access parts of your site will be processed through Wordfence first, analysed and then approved or denied. If you're interested to know more about this process, read their How the Wordfence Firewall Works blog post.

There are different pricing tiers for Wordfence. The free version has a 30 day delay on receiving the latest firewall rules and malware signatures, but for smaller sites this should be adequate. The free version also includes settings to enable CAPTCHA challenges and a setting to require all uses to use 2 factor authentication on login for additional security. For larger sites and sites that process sensitive data, consider upgrading to one of the paid plans for real-time protection, premium support and other benefits. View pricing for more information.

Alternative suggestions: Defender, Jetpack


The majority of attacks on WordPress sites target known vulnerabilities in plugins and themes, but if hackers cannot detect these in the first place, then no attempts will be made to hack into the site.

So our second recommendation is a security plugin designed to mask WordPress. WP-Hide hides all the signature fingerprints of a WordPress site including core files, plugins and themes. It does so without modifying any files or directories and therefore does not have a detrimental effect on search engine optimisation.

Whilst the free plan masks WordPress- there is also an option to pay and upgrade to WP-Hide Pro which adds additional features including support for WordPress Multisite, full Nginx support, an option to change WP Ajax calls and the ability to white label plugins and themes. There is also a firewall included which can block malware and malicious code. For a more comprehensive list of all the features that the professional version includes, check out their Plugin Features page.

Alternative suggestion: Hide My WP Ghost


The General Data Protection Regulation (EU GDPR / UK GDPR) is a European regulation that regulates the processing of personal data. Privacy and data protection is likewise regulated in the California Consumer Privacy Act (CCPA) amongst others. Such frameworks necessitate the need to include cookie statements that detail information on what cookies are present on the website, what data they track, for what purpose, and where the data is sent to. There also needs to be an option for the visitor to be able to opt-out of cookies all together.

CookieYes is one of many WordPress plugins that make it easy to conform to these requirements. It generates a cookie banner on your site which is fully customisable and includes an option for the viewer to opt-out of site cookies if requested.

Other notable feature of this plugin include the option to deep scan your website to easily identify and list all cookies present and to schedule this regularly to ensure all cookies are accurately referenced in the cookie table and to be able to generate a consent log of each time a visitor approves, rejects or partially approves cookies on the site. The cookie banner can also be auto-translated into over 30 languages triggered by the viewers browser language. This Features page lists all of the features available.

The free version includes most features mentioned, but is limited to 25,000 page views a month and customisation of the cookie banner is basic. If your site is attracting more page views than this or if you want to have more options to brand and customise the banner then there are multiple paid upgrades available. See their Pricing & Plans page for the details.

Alternative suggestions: Cookie Notice, Complianz, Jetpack

Site Kit

This is Google's official WordPress plugin to gain insights into how your visitors are interacting with your website. The plugin makes it easier to integrate and setup a number of core Google products including Search, PageSpeed Insights, Analytics and AdSense.

Once set up, statistics are presented on a single dashboard providing a clear overview of the entire site to show data such as total clicks, number of users, total impressions and total sessions. As well as a site overview, it's also possible to focus in on specific pages for a more detailed analysis on how individual pages are performing on the site.

Notifications ping on the dashboard when records are broken- for example when a record number of site views are recorded.

A recent update to the plugin now allows the site administrator to allow other users registered on the WordPress site access to viewing the insights on their own dashboard when logged in regardless of their status. It is also possible to limit other users with view only access so that changes to the sites settings are restricted to only those that need it.

Alternative suggestion: Jetpack


WordPress includes its own content editor called Gutenberg. This enables editors to create pages and posts using a series of content blocks that are assembled together to form different layouts. Over time the editor has become more feature rich, but the experience is still relatively restrictive. This is where our final plugin recommendation comes in!

Elementor is a powerful WordPress editor that allows for more customisation and fluidity in creating page layouts. It works through a series of widgets and sections that can be dropped onto a canvas and dragged into different positions to make structuring pages more expressive. The margins and padding of these elements can be adjusted to make more complex layouts that can overlap for example.

Another helpful feature of this editor is that colours and fonts can be assigned to specific elements on the site, or to the site as a whole to create a consistent colour palette and typography.

As well providing more freedom in creating site content, responsiveness is maintained so that pages and posts built in Elementor render well on all devices from computers, to tablets and smart phones.

The Editor page on Elementor's official website provides a good overview on what can be achieved using this plugin. Unlike our other recommendations, Elementor requires a yearly subscription to use and there are different tiers depending on what features you require and the number of sites you wish to use it on. The Elementor Plugin Pricing Plans explain all.

Alternative suggestions: WPBakery, Divi


State Of WordPress Security In 2021, Patchstack (March 4, 2022)

How the Wordfence Firewall Works Wordfence (January 10, 2017)