Last Updated: November 17th, 2023
Table of Contents
The Ultimate WordPress Pro Setup
WordPress is super flexible and powerful and is by far the most used CMS system on the internet. The latest statistics reveal that WP accounts for about 32% (Update Nov. 22: 44%) of the entire Web and 59% of CMS-built websites.
After 15+ years of developing websites and online shops, I have seen WordPress come a long way. When looking at client sites that have been developed by other agencies, I am regularly shocked by what I find. Not a single backup, no updates in years, and no security installed at all. That is the default for most WP sites I come across. No wonder hackers have a feast with WordPress.
That is why I want to take the opportunity to show you the ultimate WordPress PRO setup that I install on every single WP project before I even start with the first page or piece of content.
The following is a hand-curated list of (mostly) FREE plugins you need to install when you want to have a secure and high-performing website. I will not go into any details about each plugin’s configuration, as this would blow the post out of proportion. Most of these plugins have a pretty self-explanatory setup or install-wizard anyway.
If you are a WP pro, this should be your everyday standard, but it will take you about 2-3 days to install and configure all of this when you are new to WordPress. Yes, it is a chore but totally worth it, as you will learn the ropes and find your way around much better after completing this WordPress PRO setup. Your reward will be a website with a solid foundation that works properly, is secure and up to speed, and easily indexed by Google.
When looking for new plugins, it is always a good start to search the WordPress plugin repository first. There are more than 50.000 free plugins, and even most of the premium plugins list a free lite version that often covers the essential functionality well enough. You can always upgrade to premium later.
Sorted by categories to make it easier to navigate
Security & Backups
More than 1 website? https://www.wordfence.com/central
Updraft Plus https://wordpress.org/plugins/updraftplus/
More than 1 website? https://wordpress.org/plugins/updraftcentral/
Two-Factor Authentification (2FA) https://wordpress.org/plugins/wordfence-login-security/
Update Nov. 23:
Ever had a plugin update crash your site? Happened to me more than I care to count. Install this and thank me later:
Rollback Update Failure https://wordpress.org/plugins/rollback-update-failure/
Need some serious Security for your WordPress site. Take a look at the paid-only Sucuri Firewall https://sucuri.net/. Yes, I said paid-only but believe me when you see it you know it´s totally worth it!
Site Migration https://wordpress.org/plugins/all-in-one-wp-migration/ When you need to migrate your site to a new web hosting account. As an alternative you can use the Premium Version of Updraft Plus or just download the backup files and upload them again into your new WordPress installation – again with Updraft Plus.
Yes, you see right – there are two overlapping security plugins on that list, and I always use them in parallel. Overkill, you say? Well, when you have lost a whole client-server with a high score of live websites, it will be too late to start thinking about web security! I have been ripped out of some sunny vacations, getting bombed by alerts of brute force attacks, and was able to stop it in a heartbeat by instantly hiding my login page from the public and locking this thing up tight for 24 hours.
I dare say the Wordfence firewall is superb. Sure all those email alerts can be super annoying, but when the shit hits the fan, you will be glad to have them in place. With iThemes Security, you can rename your database and hide your login page, making it much less likely to be an easy target.
Always keep all your plugins updated, have a backup in place, and if you want to make your login extra-strong install the two-factor authentication plugin from Wordfence, and you should be golden.
AIO Caching & Minify Plugin https://wordpress.org/plugins/wp-optimize/
Nothing is as frustrating as a slow page load speed. Especially as Page Speed is a SEO ranking factor for Google Search! You should speed-check yours with Pingdom Tools and learn what you can improve. Mostly it´s the fault of your large and uncompressed images, but your web hosting can be a sucker too. Make sure to get a dedicated WordPress hosting that uses an unbreakable cloud-based setup and CDN, or connect the free version of Cloudflare yourself.
Speaking about pagespeed and WordPress would not be complete without mentioning the Siteground Hosting for WordPress. Migrating your website to Siteground might well speed up your page load time by 3 times. In a recent migration of Vispr.net, I was able to slash page load from over 9 Seconds to under 3 Seconds without changing anything on the website at all, except the hosting provider. That is what I call a WordPress PRO setup!
Update Nov. 22:
Siteground develops its own WordPress optimization plugins specifically calibrated to squeeze the optimum performance out of your WordPress site. These plugins work like a charm and are user-friendly.
For example, Siteground Optimizer which is the best alternative to WP-Optimize, and Siteground Security protects your website as an alternative to Wordfence.
It is also worth mentioning that Siteground has one of the best support teams of any hosting provider around and developed their own super user-friendly administration panel so you find your way around even complicated settings without breaking a sweat.
You can even upgrade your hosting with additional security features, like Site Security, a Firewall and Malware checker, and many more.
Just take a look at my Pingdom Results before and after the migration.
This is BEFORE on my old hosting:
This is AFTER the super easy 1 Day Migration to the Siteground Hosting for WordPress. If you are doing anything with WordPress at all, I dare you to check out Siteground. They are ultra fast and unlike some other well-known WordPress hosting providers, Siteground does not break the bank at all!
Siteground comes with its very own caching plugin and has a Cloudflare setup included by default. Despite the bad performance grade, the page size is down considerably and requests have been reduced s well. But, of course, the best thing is that ViSPR is now super fast.
SEO - Search Engine Optimization
Rank Math SEO https://de.wordpress.org/plugins/seo-by-rank-math/
Yes, I know most people still hang on to the good olde Yoast SEO or AIO SEO, but believe you me, just give Rank Math a try and see for yourself.
Rank Math recently added a Content AI. Basically ChatGPT4 as a native integration, but for only 4 USD per month instead of paying 20 USD per month for the OpenAI subscription.
Update Nov. 23:
As recommended by Rank Math your posts should include a Table of Contents. Install this, set it and forget it: https://wordpress.org/plugins/easy-table-of-contents/
Site Kit by Google https://wordpress.org/plugins/google-site-kit/
Connected your WordPress PRO setup to the Google Search Console. Make sure to use the step by step instructions to remove all the SEO roadblocks right from the start.
ViSPR.net Do-Follow Exchange Network for Partner Pages
Yes, there I said it: Shameless self-promotion! As you might know, I am the founder of ViSPR.net. I have to admit I hate the technical part of SEO as much as the average person. Still, when using Rank Math to get your technical on-page SEO in order and combining it with the unbeatable power of instant do-follow backlinks from other websites connected to the ViSPR partner page network, Google will just LOVE YOU! It has never been easier to supercharge your search engine rankings.
Page Analytics & Tracking Pixels
Get your Google and Facebook Tracking Pixels set up in no time. Just copy and paste them into the header section and you are done!
Beehive Analytics from WPMU DEV https://wordpress.org/plugins/beehive-analytics/
I just added a video walkthrough of how to update your old Universal Google Analytics tracking to GA4, as Google is about to drop support for the universal tracking method.
I removed Monsterinsights from this list in favor of the free and more complete Beehive Analytics from WPMU DEV.
Update Nov. 23:
I am adding Analytify back to this list again. Because after Google has switched over to the GA4 analytics property, I cannot see all the data in the reporting anymore. By default, I am missing the detailed view of where the traffic comes from. Maybe that is only me but Analytify still shows this all nice and for free.
Visual Page Builder
Classic Editor https://de.wordpress.org/plugins/classic-editor/
In case you don´t want to use the mediocre Gutenberg default editor, make sure to block completely with the Classic Editor plugin. Believe me; you want the good stuff, so use Elementor instead. ElementsKit is just one of a bunch of additional add-ons to power up the Elementor features.
I noticed that the good olde WP Bakery aka Visual Composer is still being installed on more WordPress pages than Elementor. But trust me on this one: After 15 years of messing around with WP Bakery, it´s about time to upgrade to a MUCH BETTER page editor! I cannot even tell you how much headaches WP Bakery has caused me and how often I wanted to switch away from WordPress completely just because of it – until I was introduced to Elementor. Just install it and get peace of mind (f.e. with all this responsive stuff)
Update Nov. 23:
Want to add some more cool elements to Elementor? Check this out:
Update Nov. 23:
A/B Split Testing for Elementor. HALLELUJA! Finally an easy A/B split testing tool for WordPress and one that actually works with Elementor. I cannot believe it took sooo long to figure out that this was very much needed for WordPress! Thank you!
Now, I can basically hear some of you guys crying wolf about this one:
“What? Formcraft? How could you possibly ignore 5 Million installs of Contact Form 7…”
Well, to be totally blunt, Contact Form 7 is the most f@#k3d up form builder I have ever seen. There is NO reason whatshowever to be even considering it´s use! And all of those 5 Million people using it have no clue at all about WordPress! There, I said it!
There are much better well known alternatives like WP Forms , Gravity Forms or Ninja Forms. And hey, they are really good. BUT they are super expensive and their free versions are missing even essential functions. And I mean unreasonably expensive. So why waste all that money if you can get the same functionality with the Pro version of Formcraft? It´s settled then.
Every website needs at least a contact form, if not a good and customizable user registration. Not to speak about email option forms, user surveys, or even payment forms. Connecting these little beasts to the email marketing automation tool of your choice was always a game of luck, but making it easy to create and look good on the frontend was a nightmare. Install Formcraft and solve this issue once and for all with a WordPress PRO setup!
Update Nov. 22:
If you are looking for the most complete functionality of any form builder, I recommend you take a look at the freemium version of Formidable Forms https://wordpress.org/plugins/formidable/
It comes with some advanced calculation functionality that I haven´t found on any other form builder yet.
Update Nov. 23:
Nowadays I usually go with WPForms. Simple, easy and free. Ah and doesn´t look terrible out of the box. That was important.
ConvertKit https://convertkit.com/ Free up to 1.000 subscribers, but arguably much easier to use and more powerful than most other email marketing tools.
Email marketing automation is purely optional but one of the most effective ways to generate sales when done right. These two are the most powerful tools I found in 15+ years. And I am not speaking about dedicated and super expensive marketing suites like Hubspot here!
For everyone that wants to stay WordPress native and not pay extra for your subscribers, I recommend taking a look at Mailster. No, it is not as powerful as the other two, but that totally depends on what exactly, you want to do. And it is surely the most affordable Email Solution for WordPress.
GDPR & CCPA Compliance
Update Nov. 22:
GDPR Cookie Consent has a new name. It is now called Cookie YES. Despite the linguistic acrobatics, it´s still the same URL in the WP repository and also still one of the most complete and user-friendly GDPR plugins.
https://wordpress.org/plugins/cookie-law-info/ All-in-One tool with over 1 Million installs, super easy setup and all the necessary features.
Yes, you MUST get your legal mess in order! A simple cookie banner does not cut it anymore.
Polylang Connector for Elementor https://wordpress.org/plugins/connect-polylang-elementor/
Maybe you want to operate your site in more than just one language. Polylang is the easiest solution for that. Yes, there is the obvious WPML, but it´s super expensive and complicated.
Themeforest.net Choose from hundreds of cheap (about 50 USD) WordPress Themes. (The theme is the visual look of your website.) Tip: Go for some of the Bestsellers that have been sold over 100.000 times! Their design is super flexible, and you have the option to customize them to the extreme, so you don´t look like everyone else! Most have hundreds of hours of development and bug fixing under their belt.
Update Nov. 23:
Please be aware that Themeforest (and Envato in general), recently changed their License Policy. Now, when you buy a product, you can only use it on ONE website. And this means the FIRST website you install it! Then this license is FIXED to this URL. No more testing plugins on random demo sites or deactivating and switching them to a new website URL. These times are OVER! This is super annoying and a real problem for staging environments or when you rebrand your website. You have to buy completely new licenses for everything! So keep that in mind before buying or switching anything! Greedy B@$t@rd$.
Warning: Avoid custom-made templates from your average agency designer AT ALL COST! This is ALWAYS A VERY BAD IDEA!