5 Essential Plugins Your WordPress Website Needs

5 Plugins your wordpress website needs

As a WordPress designer and developer, one of the questions I get asked a lot is “What plugins do I need?”. There are so many great plugins available that it can definitely be overwhelming for a newbie or DIYer!

Unfortunately, when I help clients with websites they built themselves, I often notice that they’ve missed the most important plugins every website should have.

So today I just wanted to share with you the top 5 WordPress plugin types your website needs.

They are:

  1. A caching plugin
  2. An SEO plugin
  3. A security plugin.
  4. A backup plugin
  5. A contact form plugin.

Let me go into each of them in a little more detail, so you can see why each of them are important.

Caching Plugin

Essentially, a caching plugin makes your website load faster by serving a saved copy of your images and files. And as we all know, speed matters! If your website is taking more than 5 seconds to load on a mobile phone, most people are going to hit the back button and probably not come back.

Some good options for caching are WPRocket (paid) and W3 Total Cache (free).

SEO Plugin

An SEO plugin is a must for determining how your website shows up on google and in social media links. It also creates a sitemap for search engines and walks you through the basics that you need to know to get that all important traffic coming through.

At Firefly Web Design we exclusively use Yoast SEO, however a quality alternative is SEO Framework.

Security Plugin

WordPress is the most popular content management system in the world, which is great, but also makes it a strong target for hackers. A good security plugin will regularly scan your website for malicious malware as well as protect your website from “brute force attacks”. This is a must to keep your website safe and secure.

The best WordPress security plugins include Scurri and WordFence. Both of these services have free and paid options available.

Backup Plugin

Regular, secure backups are your number one defence from losing your website to hackers (or just breaking your site by accident!). A good backup plugin will allow you to automate your backups and send them to a secure location (like your dropbox or google drive account). So if anything does happen, you’ll be able to quickly and easily get your website back up and running.

Some good backup plugins include UpDraft plus (free) and backup buddy (paid).

Contact Form Plugin

This is an obvious one, but WordPress doesn’t actually come with contact form functionality out of the box. This is why some people chose to list their contact details and forgo the contact form, but this is a mistake! Many visitors won’t want to call you and won’t bother opening up their email service to write to you. An easy to fill in contact form is a must.

For simple free forms, Contact Form 7 or Ninja Forms will do the trick. For advanced forms with functionality like conditional questions and taking payments, you can’t go past Gravity Forms.

So there you have it, 5 of the must have plugin types for your WordPress website. I hope this information will help you make the most of your website!

WordPress Security Basics: How to Avoid Getting Hacked

WordPress Security Basics and How to Avoid Getting Hacked by Firefly Web Design

You’ve spent hours setting up your new WordPress website and you’re celebrating. You’re not alone. WordPress is the most popular content management system in the world, accounting for 27% of all websites. Sounds awesome! But being popular also has its drawbacks, like being a popular target for hackers.

Today you’re going to learn 6 simple things you can do to keep your WordPress website safer from hackers.

1. Secure Passwords

The easiest way for unauthorised users to gain access to your website is by guessing your password. So if your password is your birthday, dog or kids names (or heaven forbid “password”), you’re leaving yourself wide open.

A secure password should include:

  • At least 8 characters;
  • Numbers as well as letters; and
  • A special character.

WordPress actually provides a secure password generator, so you don’t even have to think of one yourself.

To use this feature, login to your Dashboard and go to Users > Your Profile.

Scroll down to “Account Management” and next to “New Password”, click the “Generate Password” button.

This will generate a long and secure password for you.

Write this password down somewhere safe (or save it to your password manager) and then click “Update Profile” at the bottom. Done!

2. Change the Default Username

When WordPress is first installed, it creates a generic user named “admin” (unless you change the default settings). Leaving your username as “admin” gives would be hackers one half of your username/password combo.

There are a few ways to change your username, but the easiest is to create a new user (with administration privileges) and then delete the “admin” user.

This easily can be done through your dashboard “Users” tab.

screenshot of where to change username

3. Limit Login Attempts

A “brute force” attack is when a person or computer program attempts to login over and over again, trying many different username/password combinations. To combat these attacks, you can limit the number of times a person (or bot!) can attempt to login to your WordPress dashboard.

There are a number plugins that do this specifically, and most general security plugins such as WordFence will have this function. (And don’t worry, you can still recover your password if you lose or forget it.)

4. Keep WordPress and Plugins Updated

The WordPress application and associated plugins are updated regularly, and although it can be annoying seeing that little red button come up so often – there is a good reason for this. Whenever a security vulnerability is discovered, the WordPress team work around the clock to release an update that closes the security loop hole.

If you’re not updating WordPress and your plugins when they become available, you are leaving yourself exposed to known security risks.

screenshot of where to make updates

5. Delete Themes and Plugins Not In Use

So you’ve downloaded 10 different themes and 20 different plugins to try out on your new website. You’ve finally found your perfect theme and the best plugins, but what did you do with the ones that weren’t the right fit? If you’re like most people, you’ve left them in your themes and plugins folders gathering dust.

The more themes and plugins you have installed, the higher your risk of an unscrupulous hacker messing with your site. (Not to mention the effect of slowing down the speed of your website.)

If you’re not using a plugin or theme you should deactivate and delete.

6. Backups

This tip doesn’t actually prevent you people gaining access to your site, but it is one of the most often overlooked part of a security plan. If your website is compromised and you don’t have a recent clean backup, there’s going to be tears! You absolutely need to ensure there are regular backups of your website ready to be restored.

A simple free option I recommend is UpDraft. It is easy to use and set up automatic scheduling for your backups. It can even send the backups directly to your cloud Dropbox or Google accounts.


The truth is that everything on the internet is hackable (even NASA and the pentagon!). Although there are more advanced measures you can use to secure your site, taking these  6 basic precautions will make you less of a target and reduce the likelihood of discovering your website has been held ransom by malicious software.