One big plugin versus several smaller plugins

10 must-have WordPress plugins for your website

"My" WordPress plugin nerd and programmer Oli

Your website is your figurehead for you and your business. The impression you make here is the first. And as you know, that counts.

In addition to the look and great content, your website has to be able to do a lot to function as a marketing channel for you.

I swear by WordPress, the (rightly) most popular content management system in the world. Because with WordPress plugins, little helpers, you can do everything imaginable with your website without having to program.

I mean, you should definitely leave technical things to professionals. It is a total waste of time to learn programming unless you have fun (?!) Or you want to make a living programming.

Nevertheless, you should know what your website must be able to do and which functions, i.e. WordPress plugins, are important.

Your website is too important to be completely relinquished. You don't have to install and configure the plugins yourself ...

That's why I asked my programmer and WordPress professional Oliver Gehrmann from to introduce you to the 10 most important WordPress plugins.

These are the 10 WordPress plugins you absolutely need

  • to get the most out of your website,
  • to offer your visitors a great experience and
  • make your website secure.

And now I hand over to Oli:

Plugins are THE most serious argument to work with WordPress. Would you like to give visitors to your website the opportunity to make an appointment with you? A plugin does this for you. Do you want to give people the opportunity to leave comments on their Facebook accounts? A plugin can do that.

However, since plugins can not only be a blessing, but also a curse, I would like to briefly convey 2 important principles regarding plugins in today's article, before I then go into the 10 most important plugins.

Important principles when choosing WordPress plugins

1 The following applies to plugins: less is more!

THE top priority is: “Less is more.” Many plugins ensure that your website loads more slowly (Google doesn't like that at all!). You also bring potential security holes into your home that make your site vulnerable to hackers.

It feels like 60% of all WordPress sites use too many plugins!

So it won't surprise you that my number 1 optimization tip for WordPress site operators is almost always after a first look: Reduce the number of your plugins.

(By the way, the worst sin is to have 2 plugins running in parallel that do the same thing. If I mention 2 different plugins in one heading, then only ever install 1 of the two! This is especially true for the backup plugins, because otherwise backup plug-in A will also save the backup files from backup plug-in B (and vice versa). This creates an endless loop with which you destroy your storage space.)

2 Good plugins are updated regularly

Sooner or later, a security hole can creep into any WordPress plugin. Good plugins are therefore regularly updated in order to close security gaps.

When installing, make sure that the plug-in is updated regularly. Also look at the reviews of the plugin. They'll give you a clue as to how well a plugin is working.

Everything in the green area: This recommended plugin is updated frequently.

If you use the following 10 plugins, you don't have to worry about that 😉

The top 10 WordPress plugins for your site

(Note: The headings each link to the plugin in the official WordPress directory and open in new tabs. So happy clicking!)


Why does it make sense:
WordFence is the Swiss Army Knife among security plugins. His virus scanner detects abnormalities on your web space. The highlight: The plugin automatically compares the versions of installed plugins that are on your site with the last version on the WordPress server. So if a hacker has made a minimal change to a file that might not even look like a hack, WordFence will respond immediately and notify you.

Share the post!

Optimize your website and install the 10 must-have WordPress plugins.

Share now

In addition, WordFence also comes with a firewall that locks out attackers who want to gain access to the backend and, in individual cases, even closes security gaps in plugins independently.

WordFence is pretty memory hungry. If you get the error message "Fatal error: Allowed memory size of XXXX bytes exhausted (tried to allocate XXXX bytes) in ..." see, then try increasing the memory limit first. If that doesn't work, only activate WordFence every 2 weeks, run a virus scan and turn it off again. However, I haven't seen the bug in the younger versions of WordFence for a long time.

GDPR update:
WordFence's firewall function is theoretically against the GDPR. Since the IP of a website visitor is compared with an IP list (to check whether he is on the black list and should be blocked) and thus a personal date (yes, the IP is also a "personal date") without being asked is passed on to a third party, this could theoretically be legally problematic. Of course, there is still no judgment on this and even data protectionists have concerns about operating websites without firewalls or other security mechanisms.
Latest status: WordFence wants to do something to comply with the GDPR. So wait and hope for the moment, but switch off on May 25th if in doubt.

WP Rocket / WP Super Cache

Why does it make sense:
With a caching plugin you reduce the loading time of your page, which even has a positive effect on your ranking on Google. In my opinion, WP Rocket is the ultimate among caching plugins, but it costs $ 39 a year per page!

My tip: Have someone install it for you who has a developer license and who will test it for you in detail to make sure that your website still works properly (I'll do this for a flat rate of € 100 per page). Then you save the license costs for the plugin and your own working time.

The free alternative is WP Super Cache. In my experience, it also works very reliably.

With WP Rocket you can easily reduce the loading time of your site!

Caching plugins don't always get along with online shops because they have so many dynamic elements. Therefore, it is essential to test your site thoroughly after installing a caching plugin!

If you do not check your own website thoroughly after installing a caching plugin, you risk losing sales!

GDPR update:
Caching plugins are not at all problematic on their own. Should you operate this with a CDN (content delivery network), then there are doubts, but in the "standard variant" caching plugins even help you to comply with the GDPR. For example, you can cache your Instagram feed and a website visitor will always receive the latest status (from up to 15 minutes ago) instead of your page communicating "live" with Instagram when the page is viewed (which would be a violation). So two thumbs up here!

Imsanity / WP Smush

Why are they useful:
These plugins automatically shrink an image uploaded to the media library to a "sufficient" value. So you don't have to worry if you or a guest author accidentally uploaded a 7 MB picture.

Why should you save on the image size? Quite simply: Large images load more slowly and friend Google doesn't like that.

The plugins can also reduce all existing images in one fell swoop. So you can free up a lot of storage space on your website and reduce the loading time.

GDPR update:
Completely harmless. Your images are processed by default "on your server" and not via any web service and even if that were the case, you would "only" have to conclude a contract with the respective service provider and it would be good.

WordPress SEO also Yoast SEO

Why does it make sense:
Do I really have to explain Yoast SEO? It is probably the best known SEO plugin for WordPress. It helps you to get better rankings on Google by improving your site from a technical point of view and by giving the search engine more information. On the other hand, it gives you a good guide to define a keyword for every post / page and use it often enough so that your page is found for it.

The plugin lost some of its positive ratings over the past year because the development team tested many new functions. Not all of them were well received by the community and some also made sure that the post editor did not work in certain themes. In the meantime this has improved again and it works more reliably again.

GDPR update:
Yoast SEO is completely unproblematic as far as the GDPR is concerned. Pro tip: Set your privacy policy to "noindex" in the Yoast settings. In this way, the data protection declaration does not end up in the Google index and web crawlers, who automatically search for outdated formulations in data protection declarations so that their "masters" can push you a warning, first look down the pipe.

Antispam Bee / WP Bruiser

Why are they useful:
These two plugins deal with the topic of "comment spam". In contrast to the pre-installed Akismet, these also meet the stricter requirements of German data protection law. Antispam Bee is more or less “Akismet in better”, while WP Bruiser relies on a different technology. For example, this plugin rates how long it takes someone to write a comment. And when the typical “The coolest Luis Vuitton shoes! Buy here ... “Post spam with 10 lines of nonsense mysteriously popped into the comment form under your last blog post about the 3 coolest trend hairstyles of the summer within 0.5 seconds, the plugin adds 1 and 1 together locks out the spammer.

AntispamBee comes with numerous setting options!

You can also use the functionality of WP Bruiser on the WordPress login page. Since I often save my passwords in the browser or copy them out of a note-taking program, it logically doesn't take long before they are "typed in". Sometimes WP Bruiser locks me out of my own page, so I would recommend not ticking this box (it is also not activated by default).

GDPR update:
Both plugins still do not violate the tougher legislation. In the settings of Antispam Bee, just make sure that you do not allow the comments to be compared with any IP lists, otherwise you will violate the new regulations.

Cookie Notice from dFactory

Your blog guide

Learn how to find blog topics that will attract customers
Start here
GDPR update:
As far as I know, the best plugin with regard to cookie notices is now the dFactory Cookie Notice (I had previously recommended 2 other plugins here). In particular, you can use it to have tracking codes (e.g. Google Analytics) only "take effect" once someone has agreed to your cookie policy. This is highly recommended to further reduce the chance that you will be warned. EVERY WordPress website uses cookies by default, so this is a 100% mandatory plugin that you should never steer around.

BackUpWordPress / UpdraftPlus

Why are they useful:
Strangely, most people only understand this after their site has been hacked or an error has occurred and all of their data has disappeared. Imagine what you do when your side is suddenly gone! And then think about how cool it would be if you could just put in a backup. I hope this convinces you of the usefulness of a backup plugin.

Good providers (e.g. all-inclusive) create backups for you on their own. Even Strato, which in my opinion are not amazing, will provide you with backups. Therefore, if you are with a good provider, you can save the backup plug-in. Or you play it twice as safe ...

GDPR update:
In principle, backup plugins can still be used, but you have to be a little more careful. Do you save your backups e.g. B. in Dropbox, then in particular the comments on your website are stored there. In order to leave a comment, however, someone has to enter their email address. And already we have a personal date again, which you - via your backup plug-in - now make available to another party (e.g. Dropbox). You can't do that unless you've signed a contract with Dropbox.
If you "only" have the backups emailed to you or if they are stored on your own server (you have signed a corresponding contract with your own hosting provider anyway, there is no getting around it), then there is no problem.

Contact Form 7

Why does it make sense:
It's one of the best contact form plugins out there. It's super flexible and I like to use it together with Contact Form DB. If your server is on strike and doesn't want to send any emails or if you want to download a complete overview of all incoming requests in a (reasonably) clear table, this is easily possible with this plugin.

GDPR update:
CF7 is still the best choice because it gives you the option to integrate a "AGB box", ie a checkbox that has to be clicked so that someone can send the contact form in the first place. Such features cost money elsewhere. Therefore, just always use this checkbox in your contact forms and refer to your privacy policy and you are off the hook.
Pro tip: The “best” phrase is “I accept the data protection regulations”. NOT: “I have read the privacy policy and accept it.” - According to rumors, a court has actually ruled that the latter wording does not guarantee the consent of the website user, because the website user cannot be expected to have an immensely long privacy policy also really reads. Incomprehensible…

Monarch / Shareaholic

Why are they useful:
These plugins add share buttons on your blog so that readers can further distribute an article via Twitter, Facebook and Co. Sandra explains again and again why this is important: Share buttons bring you more readers and, in the best case, of course, more sales. Monarch is a premium plugin that you have to pay for. In return, it has some great functions that you will hardly find in free plugins, for example the option to share images directly on Pinterest.

If you don't make it easy for visitors to your blog to share content, you're missing out on additional traffic.

Shareaholic, on the other hand, has additional functions, such as showing related posts under a post. So it doesn't need to hide either.

When using shareaholic, do not forget to specify in the settings that you do not want any third-party content or advertising in the blog. Otherwise, other sites on the Internet and worse, lousy advertising will be displayed below your posts.

GDPR update:
Both plugins are still harmless, as they do not tell the corresponding social media platforms when entering the page that a user is traveling with a certain IP. According to my last status, they still open a new window when you click on the corresponding button and only then are data sent to e.g. B. Transferred to Facebook. This is permissible again, so you can continue to use such plugins.


Why does it make sense:
The plugin enables you to integrate newsletter registration windows on your site. Bloom is a premium plugin again, but unlike Monarch it is infinitely superior to the competition. In my opinion, it is absolutely the best solution for this area, as it also allows you to use existing registration windows (optins) as a template for new ones. So you have to z. E.g. only design 1 popup and then you can also use a widget with the same layout in your side column.

Bloom gives you a great overview with the help of animated statistics

You can also easily set Bloom so that popups are not displayed on mobile pages. This is important, because in the future Google wants to penalize mobile pages whose popups cover the page content. Therefore, you should only allow large pop-up windows, if at all, only in browser versions.

GDPR update:
It is frankly questionable whether a checkbox is needed below the newsletter opt-in. Even Dr. Schwenke and do not yet have a checkbox in their newsletter registrations - they only refer to the data protection declaration via a link.
Therefore, I assume that a clear formulation is sufficient here - people MUST be aware that they can make their email available for your newsletter with one click (and not “download an eBook right away WITHOUT knowing that they are sign up for your newsletter at the same time ”). So just rewrite and you shouldn't have any more problems.


Why does it make sense:
Postmatic allows a visitor to your blog to join the discussion via email. No, he doesn't just get a boring message that there's a new comment. He sees the complete comment in the mail AND he can reply to it. By email. He doesn't have to go back to your site and “waste time”. And Postmatic will automatically convert his email response into a comment and add it to your post. This allows you to quickly increase the number of comments!

GDPR update:
You will probably have to sign a contract with Postmatic, which they will also offer, as they do not want to lose all customers in Europe. Once you have signed this contract, there should be no problem again, as people actively consent to use this service. Do not forget the corresponding note in your data protection declaration!

Conclusion on the plugin list

Again: "Less is more". Reconsider whether you really need a plugin.

The list of these 10 plugins has been carefully compiled; I recently updated my own website. There are currently only plugins in use that I mentioned in this list, but at least so far I can manage without a virus scanner, backup solution and image reduction. But even as an experienced user, I wouldn't want to have to do without the other plugins.

Do you have a question about WordPress plugins? Just leave a comment and I'll be happy to go into more detail.

GDPR update:
The GDPR requires several changes to your website. If you don't feel like making all these changes yourself, take a look at our GDPR offer page, because there we offer you to implement all the adjustments for you.