Step 8: How to install WordPress plugins and essential WordPress plugins for your site

Now that you’ve got your WordPress theme installed and customized, you’re ready to move on to the next level of customizing your WordPress site:


Your theme broadly defines how your WordPress site looks, but plugins add tons of functionality that works within your theme.

Some plugins add external features. An example of this would be a plugin that adds a contact form to your site.

Others add performance features that work behind the scenes. For example, some plugins add something called “caching” to make your website load faster for your visitors. Your visitors won’t ever “see” caching, but they will enjoy its benefits.

In this guide, we’ll cover two things:

  • How to install a WordPress plugin.
  • Some essential WordPress plugins that all WordPress sites should install

If you managed to successfully install your theme in the previous step, you won’t have any problems with plugins. The process is almost identical!

How to Install a WordPress Plugin

Just like with themes, the exact method you use to install a plugin depends on if it’s a:

  • Free plugin listed at
  • Premium plugin that you purchased from somewhere else

How to Install a Free Plugin from

To install a plugin that is listed at, you just need to go to Plugins → Add New:

Add new WordPress plugin via plugin installerThen, on the next page, you just need to search for the plugin and click the Install Now. After you click Install Now, that same button should change to the word Activate. Just click it again to actually make the plugin active on your site:

WordPress plugin installer showing search result for Yoast SEOHow to Install a Premium Plugin

If you purchase a premium plugin, you’ll need to upload a .zip of the plugin to install it. Same as with a theme! To do that, again get started by going to Plugins → Add New. Then, click the Upload Plugin button at the top:

Upload a WordPress plugin to the siteThen, you just need to select the .zip file by clicking Choose File. And once you’ve done that, you can install the plugin by clicking Install Now:

Choose the WordPress plugin archive file to uploadWhat Plugins Do All WordPress Sites Need?

Ok, now that you know how to install plugins, we’re going to get into which plugins your site actually needs. These generally fall into two categories:

  • Essential plugins that all WordPress sites need, no matter what the site is about.
  • Plugins that add specific functionality only your site needs.

Unfortunately, we can’t help you with the second one. You’ll have to think about the exact functions that your site needs and find plugins that offer that functionality.

But we can help you with the first one. Here are the plugins that we recommend ALL WordPress sites use:

A SEO Plugin to Rank Better in Search Engines

We’ll cover basic SEO in more depth in a later article. But for now, you should just know that SEO helps your site rank higher in Google search results. If your site ranks higher, it’s easier for people to find, which means you’ll get more website visitors.

To improve your SEO, you should absolutely install an SEO plugin. It will make a number of small tweaks to your WordPress site to improve its rankability.

As far as SEO plugins go, we recommend two. You can pick whichever looks nicer for you – but don’t install both:

  • Yoast SEO – Yoast SEO is the most popular SEO plugin. It’s widely supported and is easy to use. If you’re a total beginner, this is probably your best option.
  • All In One SEO – All in One SEO is another quality option. It works fairly similarly to Yoast SEO, but includes a few tweaks that some people prefer.

A Caching Plugin to Speed Up Your Site

Caching is another concept that’s complicated for beginners, but absolutely essential for making your site load quickly. Basically, caching makes your web host need to do less work to load your site for visitors. That means it can load the page more quickly.

Having your WordPress site load quickly is absolutely essential. That’s why every single WordPress site needs a caching plugin.

There are a number of caching plugins out there. Some popular ones are:

But we think that, for beginners, nothing beats how easy it is to set up Cache Enabler. The other plugins can be difficult for beginners to properly configure, but with Cache Enabler, you just need to install and activate it. Then head SettingsCache Enabler and configure it like this:

Cache enabler WordPress plugin configuration pageCache Enabler is the easiest option to configure but still offers excellent performance improvements.

Protect Yourself With a Security Plugin

Ok, let’s get one thing out of the way:

WordPress is secure. But there are still steps you can take to improve that security (more on that in the next post). One major way to protect your new site is to install a security plugin.

A good security plugin gives you a solid security foundation so that you can focus on creating content instead of protecting your site from hackers.

For a security plugin, we recommend WordFence Security because it’s:

  • Well-coded
  • Full of great security improvements
  • Free

Protect Your Data With a Backup Plugin

Another step you need to take to secure your site is installing a quality backup plugin. You absolutely need to keep backups of your WordPress site. Backups ensure that if your site ever has an issue, you don’t lose all of the hard work you put into building up your site.

What are some reasons your site may self-destruct and require restoring from a backup?

  • You make a mistake and accidently delete something
  • You get hacked
  • Your host has an issue
  • Tons of other things!

Backups give you peace of mind that, no matter what happens to your site, you can always restore a working copy.

To back up your site, we recommend a plugin called UpdraftPlus because:

  • It’s free
  • It lets you automatically run your backups. Set it and forget it.
  • You can automatically store a backup of your site in Google Drive or another cloud storage provider so that you’ll always have access to it.

Also, never store your backup on your web host. Always make sure you keep it in an independent location.

What To Look For Before Installing a WordPress Plugin

Ok, so we knocked out the plugins that your WordPress site absolutely needs. But as we said, you’ll probably want to install other plugins to get new functionality specifically for your site. That’s totally normal.

But you do need to be a little careful when you install new plugins. Why? Because you don’t want to install a:

  • Poorly coded plugin that slows down your site or makes it vulnerable to hacks.
  • Outdated plugin that makes your site vulnerable.
  • Plugin that includes malicious code.

So how can you make sure that the plugins you install are safe?

We recommend following these tips to minimize your chances of encountering any issues:

  • Check the “last updated” date. While not a perfect indicator of quality, it’s almost always better to go with a plugin that’s regularly updated.
  • Check reviews., as well as some premium plugin marketplaces, offer plugin reviews. Always give them a read before installing a plugin to catch any potential issues.
  • Check support threads in Plugins listed on also have a dedicated support forum. It’s a good idea to check if the developer is monitoring that forum for issues and fixing problems that crop up.
  • Be careful with third-party sites (that is, sites). When you download a plugin from a third-party site, use your gut. There are plenty of legitimate premium plugin shops. But if a site looks shady and sounds too good to be true, you should be wary of installing it.
  • Check the WPScan Vulnerability Database. If you want to be really careful, you can search for the plugin’s name in the WPScan Vulnerability Database to check if it has any known issues.

And that’s it for plugins! In the next part of our guide, we’ll go more in-depth with all the various methods you can employ to secure your WordPress site.

Next Guide

Securing your WordPress site

Every year thousands of WordPress sites get hacked because they fail to implement basic security tips. Learn how to protect your site from the vast majority of attacks by following our WordPress security best practices.