Warning: Ignoring These 7 WordPress Plugins Could Seriously Damage Your Blog

No doubt you’ve seen them.

The eye-catching posts that promise to reveal the 5, or 10 or even 57 WordPress plugins you absolutely must use on your blog.

You click the headlines and scroll through the posts, your jaw hanging open at the seemingly endless opportunities to transform your blog.

And inevitably, you find yourself installing every single one.

But soon after, you realize that most of these plugins don’t live up to the hype.

In other words, you’ve wasted your time.

Worse still, your site has become noticeably slower. Your newly sluggish dashboard means tasks that used to take a few seconds now take a full minute. And your readers are getting a poor experience too.

It’s a common situation – “shiny object syndrome” is difficult to avoid.

But you must need some plugins installed on your blog, right?

So the question remains:

Which ones do you really need?

And wouldn’t it be great if someone could just tell you exactly what they are?

The Seductive Myth of the “Essential” WordPress Plugin

Back in 2009, I was preparing to launch my first WordPress self-hosted blog.

I knew there were plugins that could help, so I opened up Google and started looking for “must-have” and “essential” plugins.

And after reading through countless blog posts and weighing my site down with far more plugins than my web host could deal with, I came to a surprising conclusion.

No plugin is truly essential.

It’s a myth. Nothing more.

No single plugin is so crucial that its very absence will harm your blog.

Here’s the real truth:

While specific plugins are not essential, specific types of plugins are.

For instance, you’ll definitely need a plugin to speed up your site. Is there a specific one I recommend? Yes. But plenty of alternatives exist too, each with its own pros and cons.

But you are never tied to one specific plugin.

That said, if you don’t install a plugin from each of the following categories then you will put the long-term success and money-making potential of your blog in jeopardy.

Have You Installed Plugins from These 7 Essential Categories?

#1 Performance – Delight Your Readers with Quick-Loading Content

The time your blog takes to load is a big deal.

If it feels sluggish, readers get frustrated and they’re far more likely to bounce away. Also, Google is known to penalize poorly performing sites, which means lower search rankings.

But with a faster-loading blog, your readers get a better experience and Google stays happy.

The reason that performance can be an issue is that WordPress pages are dynamic. Every time someone visits your blog, a new request is made and the required content is created in HTML. That means assembling individual elements like the header, the menus and the sidebar into the final page delivered to the reader’s browser.

Somewhat inefficient, right?

Not if you install the right kind of plugin.

A performance optimization plugin will “cache” your content, meaning that if another visitor requests the same content (e.g., your latest blog post), your blog will deliver a recent copy rather than creating it again from scratch.

The result – your page load times improve dramatically.

What is the recommended plugin?
W3 Total Cache WordPress Plugin

W3 Total Cache is an efficient and popular plugin that’s free to download.

It has the capability to use various types of caching (not just the page caching described above) and is also highly customizable if you want to get into the nitty gritty details.

The plugin also integrates with various content delivery networks (CDNs) which can improve performance and reliability by adding off-site caching. (This means that even if your entire site is unavailable for some reason, the CDN can deliver its own copy of your content so users may not even notice the problem.)

W3 Total Cache provides plenty of additional options for advanced users, though even a basic configuration can produce great results.

What are the alternatives?

WP Supercache is a great alternative as there’s less of a learning curve involved in the initial setup.

WP Rocket is a paid alternative with a solid reputation. Pricing starts at $39 per website.

Note: Certain web hosts, like SiteGround (affiliate link) or WP Engine, provide their own performance optimization plugins, so you won’t need to install one separately. Check with your host if you’re unsure.

Editor’s Note: Read our in-depth review of SiteGround here: SiteGround Review: Still the Best (Or Not-So-Good) in 2021?

#2 Security – Lock Down Your Blog to Keep the Hackers Out

As bloggers, we put our hearts and souls into our blogs.

Unfortunately some people are hell-bent on trashing our hard work.

Yes, I’m talking about hackers.

You see, one of the few disadvantages of choosing WordPress when you start a blog is that its vulnerabilities are well-known to hackers. And being so popular, WordPress offers them millions of potential targets.

Fortunately certain plugins can make minor changes to your WordPress installation that will protect against the most common security threats.

And while this won’t stop the savviest hackers, you’ll rest easier knowing your site is more secure.

What is the recommended plugin?
iThemes Security WordPress Plugin

iThemes Security has a free version that gives you a good amount of protection and peace of mind right out of the box. (It was formerly known as “Better WP Security,” but has since been bought by iThemes which has sped up development.)

Upon installation, you’ll be prompted to run a “one-click” setup wizard which will take care of the most basic tweaks. You will then see prompts in your dashboard showing you what you still need to fix (at the click of a button) and how important it is to the overall security of your site.

iThemes also has its own “Brute Force Protection Network,” meaning users who have tried to hack other sites will be blocked from accessing yours. But you do need to activate this in the settings.

Go to Settings > Brute Force Protection, enter your email address (unclick the signup below if you don’t want updates) and click “Save All Changes.”

The plugin also allows you to create backups, but it will only back up your database (not your whole blog). However, I recommend using a specialist plugin to handle backups – but more on that in a moment.

There’s a premium version of this plugin which will give you access to additional features such as two-factor authentication, which requires you to enter a security code sent by SMS when logging into your site.

Another helpful pro feature is the ability to give someone temporary administrator or editor access – this can be useful if you have to give access to a developer, for example, but don’t want to hand over your main login credentials.

What are the alternatives?

BulletProof Security is a popular alternative.

It has over 100,000 active installations. What I particularly like about this plugin, aside from its handy security features, is that almost all of the support threads have been resolved in the past two months.

There is a paid version of BulletProof Security that adds a long list of features and costs $59.95.

In addition to a security plugin, I’d recommend adding a “captcha” to your login page using a plugin like Captcha on Login to help ensure your visitors are actual humans and not bots.

Once installed, your login form will look something like this:

Captcha WordPress Plugin

Captcha on Login is free, and since most hacking attempts are done on a large scale by bots (most of which are easily thwarted by this simple visual test), I’ve noticed a lot of hack attempts stop entirely after installing this.

As an added layer of security, I have a premium account with Sucuri which monitors my site for malware and potential issues. You can think of this as an anti-virus software for your website.

Last year one of my sites was hacked because I forgot to update a plugin I bought from Codecanyon.net – Sucuri includes malware removal and had my site cleaned up a few hours later.

#3 Backups – Insure Your Blog Against Mistakes and Disasters

Backups are your safety net when things go wrong.

If your site gets hacked, your web host somehow loses all your data or you accidentally delete your own blog (yes, it happens), a recent backup will save the day.

Now I know what you might be thinking – your web host performs backups for you.

And while that may be true in many cases, most web hosts provide no guarantees and you have very little control over what’s backed up and how often.

Here’s a cautionary tale that might convince you that you need your own backups.

A friend of mine hired a freelance developer to migrate his website to a new host.

When they’d finished the migration, they told the old hosting company to close their account.

Soon afterward they realized their WordPress database hadn’t migrated over with the other files.

But it was too late.

The hosting company wiped all of the backups and they had to resurrect the blog using old emails and Word documents – ouch!

That’s a lesson you don’t want to have to learn the hard way.

What is the recommended plugin?
UpdraftPlus WordPress Plugin

UpdraftPlus is a powerful plugin which boasts over 600,000 active installs – and it’s free.

The plugin has a rating of 4.9 out of 5 stars on the WordPress plugin repository and is actively supported by its developers – which is awesome considering it doesn’t cost anything.

Backups can be stored in the cloud using services such as Google Drive, Dropbox and Amazon Cloud as well as being transferred via email and FTP.

Importantly, UpdraftPlus will not just back up your WordPress database (i.e., your posts, comments, configuration, etc.) but all of your files too (i.e., your theme, plugins, images, etc.).

There’s also a premium version which adds a number of additional features, which include:

  • 1GB Updraft Vault (alternative to Dropbox/Google Drive)
  • Site migration/cloning
  • Additional backup options for Copy.com, Microsoft OneDrive and more
  • Option to send backups to multiple locations
  • Multisite support

Pricing for the premium version starts at $70 for two sites.

What are the alternatives?

BackWPup is another popular free plugin you can find in the WordPress plugin repository. Its ratings aren’t quite as stellar as UpdraftPlus, but with over 400,000 active installs it clearly works well for many.

BackupBuddy is a another popular paid option with prices starting at $80. I’ve used this on several blogs over the years and have found it to be very reliable.

However, the best alternative plugin is not really a plugin at all.

Because here’s the thing:

The more plugins you add to your site, the slower it’s going to be.

When you first start your blog, using a plugin for your backups is the best way to go, especially considering the fact that it won’t cost you a penny.

But as your blog grows in size, your backups will take longer to run. Also, your site will come under greater load from increased traffic which puts further strain on the WordPress platform and your web host.

At this point an off-site system works best. This means using a system external to your WordPress installation to do most of the “heavy lifting” of creating regular backups.

As it happens, WordPress has its own solution called VaultPress which starts at $5/month.

VaultPress is simple to set up and also gives you the option to restore your blog with the click of a button. You do need to install a lightweight plugin to connect your blog to VaultPress, but the backups run on their servers to ensure your blog isn’t slowed down.

#4 Broken Links – Seamlessly Redirect Your Readers When Content Moves

Don’t you just hate broken links?

Sometimes as a blogger you need to change the URL of one of your posts or pages – for example, to optimize your content for SEO.

But what happens to people who still have the old link?

Usually they get sent to an unfriendly error page:

404 Error Page

This not only causes a poor reader experience, but it can also stop search engines from fully crawling your blog, which means Google may penalize your overall ranking. (After all, people would lose confidence in Google’s results if they encountered too many broken links on its results pages.)

So what should you do?

You need to make sure that your blog automatically redirects anyone who tries to access the old URL to the new URL. This can be achieved with a plugin or by delving into some code (we’ll talk about this in a moment too).

Deciding which method to use is a trade-off. Using a plugin is quicker and easier but makes your web server work harder. On the other hand, not everyone is comfortable delving into code – especially when making a tiny error in the file you have to edit could bring down your whole blog!

Don’t worry though – we’ll cover both options for you so you can go with what you’re most comfortable with.

What is the recommended plugin?
Redirection WordPress Plugin

I recommend Redirection, which is free to download from the WordPress plugin repository.

This plugin allows you to manually add “redirects” for pages whose URLs have permanently changed. The mechanism is totally search engine-friendly so you remove the risk of being penalized.

There’s also a helpful feature which automatically adds redirects for you whenever you change a permalink. Of course, that only works for links you change after installing the plugin.

But there’s always a chance your blog has other broken links that you don’t know about, and you can find these using Google Search Console or Xenu’s Link Sleuth. Once found, you can add the appropriate redirects.

There are plugins that will find broken links for you, but I recommend never using them as they can seriously impact the performance of your blog (and others if you’re on a shared hosting platform).

The Redirection plugin also supports “404 monitoring,” which means it tracks requests for URLs that don’t exist. While this can be useful information, it can also cause performance issues on shared platforms, so I recommended disabling the logging as follows:

Redirection WordPress Plugin - disable logging
What are the alternative options?

You could try the Quick Page/Post Redirect plugin, which does most of what the Redirection plugin does.

But as mentioned earlier, the best practice is to add redirects manually.

This can be achieved via the .htaccess file which controls access to your website. The process is explained by Ana Lynn Amelio in this post. But be careful – one character out of place could bring your website down.

For further reading on redirects, I’d recommend checking out this helpful article by the team at Moz.com.

#5 SEO – Make Tweaks to Guarantee that Google Loves Your Blog

Out of the box, WordPress is already well-optimized for search engines, but in practice it doesn’t give you the kind of fine-grained control that you need.

A purpose-built plugin will enable you to customize on-page elements such as page titles and meta descriptions, which will affect how your content appears in search results (and that can have a big impact on click-throughs).

It will also handle sitemaps (which make it easier for search engines to crawl your content) and give you precise control over which posts and pages will be indexed by Google.

For instance, you wouldn’t want Google to index the hidden page where new subscribers can download your “bribe to subscribe” – otherwise people could find it without subscribing.

An SEO plugin will do all of these things and more.

What is the recommended plugin?
SEO by Yoast WordPress Plugin

My go-to SEO plugin is Yoast SEO and while Yoast does have a premium version, you can do almost everything you need with the free version.

In fact it does everything described above and has additional features, for instance making it easy to add social metadata for Facebook and Twitter. This means you can set network-specific titles, descriptions and featured images, chosen to appeal to that specific audience.

What are the alternative options?

All in One SEO Pack is another popular option for handling SEO – it has a great rating and is actively being kept up-to-date.

You can install the plugin for free or upgrade to the premium version. Prices start at $79.

#6 Social Sharing – Give Readers the Tools to Spread Your Content

You want to get more traffic and grow your audience, right?

One of the easiest ways to do this is to make your content easy for readers to share. And of course that means adding social sharing buttons.

Certain WordPress themes come with this option built in, but they can rarely compete with a dedicated plugin.

A quality plugin will usually be much more configurable in terms of both behavior and appearance.

What is the recommended plugin?
Social Warfare WordPress Plugin

My favorite plugin for adding social sharing buttons is Social Warfare.

Not only do its sharing buttons look super-slick, but it’s built with performance in mind so its behavior is slick too.

The plugin allows you to add “Click to Tweet” boxes to your content – another way to encourage social sharing.

And you can also add Pinterest-specific images to maximize engagement on that platform. This is useful because taller images perform better on Pinterest but you don’t want to have to change the dimensions of your featured image.

And it gets better . . .

You can avoid negative social proof (people thinking that content with few shares is low quality) by hiding your share counts until you reach a respectable number.

The only downside to this plugin is that it isn’t free, but it only costs around $25/year.

What are the alternatives?

Social media is a crowded plugin category, but of all the possible options, two alternative sharing plugins come to mind, and they’re both free:

SumoMe Share – SumoMe has a suite of apps focused on helping you drive more traffic to your blog. The suite is available as a WordPress plugin, but you can use it on any blog that uses HTML. Customization options are plentiful and you can remove the “powered by” logo by upgrading to the premium version.

Simple Share Buttons Adder – Simplicity is at the heart of this plugin. It has some helpful customization options but they’re not overwhelming. Step through the settings to get the buttons looking how you want them, and you’re ready to go!

#7 List-Building – Turn Casual Visitors into Loyal Subscribers

Regardless of your topic, if you want to grow your blog, you need to build an email list.

Social media can help you build an audience, but nothing draws people back to your blog quite like an email list. It’s effectively traffic on demand.

So how do you get started?

There are plenty of list-building tactics you can use, but they all require one thing – an opt-in form.

That’s why you need a tool that makes it easy to add opt-in forms to your site, optimize them using split testing and generate reports that show your progress.

What is the recommended plugin?
Thrive Leads WordPress Plugin

From a feature perspective, nothing else comes close to Thrive Leads.

You get access to a large number of opt-in form templates and a detailed visual editor, so you can customize existing templates or create your own forms from scratch.

It supports various opt-in form types including sidebars, popovers, widgets, in-content, notification bars, scroll boxes, scroll mats and more.

And you can make links or images that display a popover when they’re clicked – this works great for adding content upgrades.

But I’ve noticed a problem with many list-building plugins. They seem to promise all sorts of updates and feature enhancements that never actually materialize.

It’s been a different story with Thrive Leads.

I first reviewed them back in February, and since then they’ve continued to update the plugin, along with rolling out new features, including:

  • New opt-in form types such as the Scroll Mat
  • Asset delivery, making it easy to send opt-in bribes to your subscribers
  • Thrive Smart Links which allows you to show a different call to action to subscribers
  • Multi-state forms such as yes/no popovers

Thrive Leads is a premium plugin with prices starting from $67. For that price you get one year of support and unlimited updates.

What are the alternatives?

Many plugins give you the ability to add specific opt-in form types, but the problem is that if you need more than one type (which you probably will), you’ll end up installing more and more plugins.

Several other plugins make good all-round alternatives:

SumoMe – Aside from its Share app, the SumoMe plugin also has some apps related to list-building:

  • List Builder does popovers,
  • Scroll Box adds a form that appears as users scroll down the page and
  • Smart Bar adds a notification bar above or below your content.
  • Most recently, Welcome Mat was added which displays a full-screen call to action.

SumoMe is free, although upgrading to a pro account will remove its branding and add features such as split testing.

OptinMonster – OptinMonster is a hosted app that integrates with your blog via its own WordPress plugin (affiliate link). You can add widgets, header notifications, popovers, full-screen popovers, scroll boxes and more. Split testing comes built in, and the MonsterLinks feature enables you to display popovers when your readers click on specific links. Prices start at $9 per month, but that only includes popovers.

Ask These Crucial Questions before Installing Any New Plugin

This list isn’t exhaustive and you’ll always come across new plugins. Chances are some of them will be worth installing. Some may even rival the plugins on this list.

But before you go ahead and install yet another plugin, here are some questions to consider:

  • Is the plugin genuinely valuable? Many plugins serve as distractions, providing little value. Before you install a plugin, make sure that its features will truly benefit your blog. Plugins that merely seem cool or interesting probably won’t justify your time and effort.
  • Is the plugin regularly updated? When a plugin hasn’t seen an update for several months or even longer, it might be a sign that the developer has given up on it. You could also find out it’s not compatible with the latest version of WordPress. On the other hand, frequent updates and support threads that are quickly resolved are a sign you can trust  the plugin and the team behind it.
  • Is the pricing model sustainable? Most completely free plugins (i.e., those without premium options) are not sustainable in the long term. After all, you can’t expect the developer to devote hours to enhancing and troubleshooting software with no reward. Even paid plugins can be unsustainable if they’re too cheap. For example, $49 for lifetime updates probably isn’t going to fly from a business perspective.
  • Where will you test the plugin? ­Some plugins may cause issues with your blog theme, clash with other plugins or not work at all. It’s much safer to install a new plugin on a website that isn’t your main blog and test it out first.

Strike the Perfect Balance with Your WordPress Plugins

Plugins are one of the greatest benefits of using WordPress for your blog – and the possibilities are almost endless.

But they can also cause you serious headaches.

Install too many plugins, and you run the risk of hitting technical glitches and slowing your blog down, which is bad news for you and your readers.

On the other hand, ignoring certain plugins means missing out on features that could seriously accelerate the success of your blog.

Finding the perfect balance is the key to making WordPress work for you.

So only install plugins that solve real problems for you or your readers and try to resist passing trends.

Start with plugins from the categories above and make sure you’ve covered the essentials.

Then you can finally stop worrying about plugins and focus on what matters most – your readers.