What plugins do you always install for WordPress projects?

Whenever I start a new WordPress project, I always wonder what plugins are essential to have. Which ones do you swear by? I’d love to hear your recommendations and why they’re your go-to choices.

I usually go with Advanced Custom Fields, Wordfence, Sucuri Security (for notifications), Gravity Forms, and Rank Math SEO.

One thing I avoid is allowing code editing directly on the site. It’s a big risk if someone gets access to the admin account. I disable plugin and theme editors and rely on external tools to make changes. Sucuri is great for notifying me about any new plugins being activated too.

@Asher
I absolutely can’t stand Yoast SEO! Rank Math is so much better. Even the free version has features Yoast charges for.

Bela said:
@Asher
I absolutely can’t stand Yoast SEO! Rank Math is so much better. Even the free version has features Yoast charges for.

Totally agree. Yoast feels bloated and outdated.

@Remy
Yoast once caused my site to get penalized when it indexed attachment pages by default.

Bela said:
@Asher
I absolutely can’t stand Yoast SEO! Rank Math is so much better. Even the free version has features Yoast charges for.

Exactly! :arrow_up:

@Asher
I agree completely. Tools like file editors or search-and-replace plugins should only be used temporarily during development. Remove them once the work is done.

Francis said:
@Asher
I agree completely. Tools like file editors or search-and-replace plugins should only be used temporarily during development. Remove them once the work is done.

What about Elementor or theme builders? Do you remove those too?

@West
No, plugins like Elementor are fine because they don’t allow direct editing of executable files. They store data in the database, which is much safer. Tools like the old Plugin or Theme File Editors are the ones to avoid.

@Francis
Got it, thanks for explaining!

@Asher
Completely agree. I disable code editing even on sites I use for testing.

@Asher
The idea of editing files directly through the admin panel terrifies me. If you have FTP access, why even risk it?

@Asher
For a lighter and faster setup, I recommend Ninja Firewall with Cloudflare instead of Wordfence or Sucuri. They tend to slow down your site. Server-side security and tools like ClamAV work better for me.

Hello Dolly

Corey said:
Hello Dolly

It’s funny how WordPress complains about inactive plugins but still comes with Hello Dolly by default.

Darcy said:

Corey said:
Hello Dolly

It’s funny how WordPress complains about inactive plugins but still comes with Hello Dolly by default.

Hello Dolly isn’t useless—it’s a symbol of hope and creativity. It’s not about functionality but what it represents.

I stick to Loginizer, 2FA, and Akismet. For caching, it depends on the hosting—LiteSpeed if the server supports it, otherwise a separate plugin.

I avoid overloading sites with security plugins. Most of the features they offer are already handled by the server if configured properly.

My must-haves:

  • Elementor (for flexible design)
  • Wordfence (reliable security)
  • WP Mail SMTP (fixes email issues)
  • WP Rocket (speed improvements)

Which one do you prefer—Sucuri or Wordfence? Which feels lighter on resources?

Tobi said:
Which one do you prefer—Sucuri or Wordfence? Which feels lighter on resources?

Sucuri is better if you’re paying. Wordfence is great for free users, but it can be resource-heavy.