Writing and creative expression are the heart and soul of WordPress. Plugins are the liver, kidneys, immune system and more. Pick your favorite organ and I guarantee there’s a parallel to the essential functions performed by plugins on millions of WordPress sites.

Like organs, some plugins are more useful than others. You don’t need both of those kidneys, after all. But your self-hosted WordPress site needs all five of these core plugins.

Wordfence Security

Ok, let’s get site security out of the way. Not anybody’s favorite topic. We’d like websites to be more like a Ronco rotisserie. Set, forget, return and find a hot, crispy lead. But leads aren’t typically crispy. And your website isn’t a kitchen appliance.

Regular check-ups, scans and maintenance are the only thing between your effective online marketing and an expensive security breach. Wordfence Security is a free plugin that relieves some of the burden by running scheduled scans for malware, suspicious activity and other signs of a sinking site. Fixing the leak’s up to you, but without Wordfence Security, you might not even know you’re going down.

Limit Login Attempts

Now that you’re scanning for bad stuff on the inside of your site, prevent bad stuff from happening up front. Use strong passwords (the kind you’ll never remember) and change them frequently. Install Limit Login Attempts. Like its name says, this plugin limits the number of times users can try to login with the wrong password.

This technique hardens the weakest point in your website security, the login page. It’s common for hackers to use software that guesses your username and password combination hundreds or thousands of times in a brute force attack. If your password’s strong, they’ll fail several times at first. Limit Login Attempts stops the attack after a set number of fails and blocks the hacker. At that point, they’ll move on to a weaker victim and leave your site alone.

WordPress SEO by Yoast

Just call it “Yoast”. It’s the flagship product of Joost de Valk’s suite of website optimization tools. What it’s not is magic. Installing an SEO plugin doesn’t mean you’re in solid with Google. You need to write incredibly useful, smart and shareable content your customers will love. Use Yoast to check what you write against the strategic keywords you’re optimizing for. It’s like a password strength meter. Green means go, red means write something stronger.

Yoast creates an instant page analysis report to give you specific action steps to improve your post. But my favorite feature is the ability to customize meta description, title and image for your post on Google+ and Facebook. Glitchy social media thumbnails and previews are too common. Use the easy optimization options in Yoast to make sure your posts look good when people share them.

Google Analyticator

The most talked about web traffic reporting tool is also one of the most complex. Installing Google Analytics by Google’s instructions requires direct access to sensitive header and footer PHP files. Customizing the code for your business’ needs means editing the code snippet yourself. That’s a little too much for a business owner to learn in an afternoon.  Install Google Analyticator and activate tracking on your site in less than a minute. First, login to your Google account. Then login to your site in the same browser to install the plugin and authorize it with your Google Analytics tracking code.

This plugin takes the frustration out of a basic step in website setup. Once you authorize it with your Google account, you can even activate a Dashboard widget that displays a snapshot of your actual Google Analytics data right inside WordPress.


Remember that scary stuff about hacking? Sometimes, despite your best efforts, hacks happen. When it does, what do you do? In most cases, website owners want to recover their site by rolling it back to an earlier state. Backups are the key to recovering your site and moving on.

Get BackupBuddy, a premium plugin from iThemes, to make the whole thing a breeze. Once activated, use BackupBuddy to download your first backup to your computer, Dropbox or four other popular cloud storage sites. When you need to recover your site, use Backupbuddy to zap everything back in. You can even use it move your whole site from one website host to another without the fuss and worry. Backup your site on an automatic schedule or whenever you feel like it. Just back it up.

These aren’t the only plugins your site needs. Managing an effective blog is better with an editorial calendar plugin. Ads and promos are much easier to insert with shortcodes. The list of things your site can offer customers goes on and on. But you won’t get far at all without the foundation for SEO, performance reporting and hardened security layers to prevent hacks.

Login to your site, go to Plugins and check your list of Installed Plugins for these five essentials. If you’re missing one, click Add New and complete your core today.

Is your website missing more than just a few core plugins? It might be time for an overall refresher. Download our WordPress 201 guidebook to get up to speed: