Why this list?
As a WordPress developer, I’m often asked for advice when people have been struggling with an issue for a long time. As widespread as WordPress is, there is almost always a tool that fits the task perfectly. Usually, there are actually many possible solutions, but it’s time-consuming to try them all.
Hence, this list. All the plugins mentioned are, in my opinion, the best in their field. I use them on at least a handful of websites, and have done so for a long time. The vast majority have thousands of users and active support.
Technical requirements for all recommended backend plugins
Backend plugins should save you hassle, not the other way around. That’s why I set some technical requirements, and if a plugin doesn’t meet them, I phase it out and find an alternative. All the listed plugins currently meet the following:
- WordPress 6.9.x compatible
- PHP 8.3 compatible
- Sets no cookies by default – GDPR-compliant
- Does not introduce any unreasonable performance loss
- Can be enabled/disabled as needed without breaking your website
- Any HTML output is valid according to validator.w3.org
But, isn’t it a bit frontend too?
The listed plugins improve your WordPress dashboard by adding functionality not built into WordPress core, but of course – translating texts with Loco Translate, uploading SVG image files with SafeSVG or changing the order of your posts with Simple Custom Post Order – affects the display of your content on the frontend. So depending on how they are used, most plugins can also be categorized as frontend plugins.
The list with links to WordPress.org
Activity Log
Monitor and track WordPress activity. Be able to find out who did what when, via this great logging tool.
Admin Columns
Customize lists of posts, pages and media to your needs. Add columns with featured image, excerpt, etc.
All-in-One WP Migration
Export a complete website to a file and import it to a new address – perfect cloning or backup.
Antispam Bee
Remove comment spam without captchas or sending data to 3rd parties. Free and GDPR-compliant.
Asset CleanUp: Page Speed Booster
Don’t just minify CSS or JavaScript files and end up with big, bloated, slow-loading pages. Strip the “fat” and get a faster site.
Clean Image Filenames
Ensures media file names work correctly on servers and in browsers. Supports images and PDFs.
Code Profiler
Helps you measure the performance of your plugins and themes at the PHP level and find any potential problems.
Code Snippets
An safe way to add PHP snippets to your site, without having to modify functions.php or child theme.
Equalize Digital Accessibility Checker
Provides accessibility error notifications and warnings directly in the block editor for your post or page.
Further reading: Accessible content with Accessibility Checker
EWWW Image Optimizer
Automatic server-side compression and scaling of JPG, PNG and PDF image files.
Fluent SMTP
A free SMTP plugin with logging that ensures reliable email deliverability.
Gentime
Shows administrators the time in seconds for how fast the page loaded in WordPress.
Independent Analytics
A website analytics tool for WordPress that meets GDPR regulations. If you want an alternative to Google Analytics, give it a try.
LiteSpeed Cache
All-in-one site acceleration plugin with server-level caching and many optimisation features.
MRW Simplified Editor
Help your editor create semantic content and style it with the theme for consistent formatting and portable content.
Further reading: Improve block editor UX with MRW Simplified Editor
Loco Translate
Translate texts in your theme and plugins, directly in your dashboard. Create .PO files that survive updates.
Redirection
Manually create 301 (permanent) and 404 (not found) redirects if you changed URL’s or have broken links.
SafeSVG
Upload SVG image files to your media library. SVG scales perfectly, making it suitable for logos and illustrations.
Simple Custom CSS and JS
Create small CSS and JS snippets, and turn them on/off as needed, in the header or footer, so handy,
Super Progressive Web Apps
Does your site work perfectly on mobile? Turn it into a Progressive Web App for Android and iOS,
Temporary Login Without Password
Create secure, temporary, automatic login links. Works without the need for a password.
The SEO Framework
Fast and powerful SEO plugin that follows the recommendations of WordPress and the search engines.
Wordfence Security
Firewall and malware scanner for your website. Keeps hackers out and alerts you if vulnerabilities are discovered.
Further reading: Wordfence Firewall and Security Scanner
In conclusion
If you manage a WordPress website, you’ll probably find a few useful plugins on this list. Remember: if you enjoy a plugin, let the developer know – at least with a proper review on WordPress.org. You can also contribute in support, it’s free – or donate an amount to the developer, it’s often a pat on the back they appreciate.
Was there anything you could use? Or do you know a good backend plugin I should check out? Then leave a comment below.
Thank you, this is a helpful list! I already use a handful but it’s nice to have a selection of sensibly vetted options. Now I’m off to read your WordFence post as I have been avoiding that plugin for a few years due to some terrible performance issues…
I’m glad you like the list, Arp, and thank you for your comments. It is a great motivation to continue sharing what I learned.
Regarding Wordfence performance issues, have you encountered any of these yourself? I haven’t been able to measure any noticeable performance hits on any installation, and I’ve been using Wordfence on many different hosts. You should make sure you meet the system requirements, and you can consider the “Use low resource scanning” option.
Brute-force blocking and two-factor authentication are some of the strongest countermeasures you can implement to avoid hacking. Neither of these should introduce any performance overhead, whatsoever.
It has been at least 3 and possibly 5 years since I’ve used WF, and iirc at the time it – like other security plugins – was known to affect performance. But things may have improved since.
I have slowly and mindfully been introducing WordFence on some of my most recent websites and it seems to perform well. They are constantly iterating the product, and with so many active installs there are also a lot of eyeballs on them, pushing for quality software. So far, so good.
> Brute-force blocking and two-factor authentication … to avoid hacking.
Currently I use the small plugins »Two Factor« (from WP.org contributors) and »Protect Login« (from Simon Kraft, sort of successor of Limit Login Attempts, see https://krautpress.de/2024/protect-login-login/) for precisely this.
@Peter thank you for these suggestions. 2FA and brute force mitigation are some of the most helpful countermeasures against hacking. I’ll check these out for sure. Some hosts don’t appreciate users running the full-blown Wordfence suite. These two simpler tools, without scheduled malware scanning etc., could be more appropriate in those cases. 👍