Complete WordPress Website With 18 Free Plugins
A set of free WordPress plugins for a complete website
WordPress is a great management system. Perhaps the best perk is the high number of plugins enhancing the functionalities, integration, and design. At the same time, it can be a challenge. The high number option can be overwhelming. It is easy to get lost. In this post, we offer a list of plugins for a fully functional website. Obviously, this list is not the only option, but we hope it can help you jumpstart your project. You might find better alternatives on the way—in this article, we focused on solutions that are 100% free.
Website requirements
As in any project, we start with the requirements. In recent years there has been an increasing number of regulations to follow. Obviously, security is also one of the major concerns. All together we’ve identified these six areas that need to be addressed with any website—
Security
Infrastructure and traffic security depend heavily on your hosting provider. Nevertheless, it is in most cases fair to say that application-level security is the responsibility of the WordPress administrator. This is where plugins can help.
- Better Search Replace can help you with the mixed content issue. This happens when parts of your website (typically images and media) load through an unencrypted HTTP connection (instead of HTTPS). This should always be avoided, even if no sensitive information is exchanged. One reason is that the browser may warn your visitors about your website being insecure. Such a warning will cost you, visitors. With this plugin, you can exchange all URL-references in your database (so https://www.yourdomain.com/… instead of http://www.yourdomain.com/… ).
- SSL Insecure Content Fixer can help you if the Better Search Replace plugin does not quite do the trick and your visitors still get the insecure content warning. The recommended setting after installation enforces HTTPS typically without a fail, however, you may need to try different settings in some cases.
- WordFence Security is a great package of security measures. The main perks are multi-factor authentication, brute force protection, firewall, and security scans. Note that especially the brute force protection requires saving the IP address for at least a few hours. It should part of your consideration of how to disclose this fact in your privacy policy (more below).
- WPS Hide Login is simple, yet great security measure. It allows you to change your default login URL from https://www.yourdomain.com/wp-admin to …/xyz (any random expression). This means that hacking bots looking for any easy exploit (e.g. getting in with the user name admin and the password admin) will bounce right off of your site before even trying anything.
- Health Check & Troubleshooting is a good analytical tool to spot bad or missing configuration. It is included in the security section, however, it can also identify potential issues with the functions of your website. E.g. many features rely on PHP extensions on the back end. This tool will help you spot if you’re missing any. Note by the principle that PHP extensions have to installed on the server directly. If you are missing any, you will need to contact your hosting provider.
Addtional mentions:
- iThemes Security is a great package of security measures, just like WordFence. These two have very similar utilities. It is a good practice to pick only one, otherwise you can have multiple firewalls, security loggers and so on slowing down your server but not actually improving security. We picked WordFence for this package, because it provides better free security measures (e.g. multi-factor authentication is available in iThemes Security only in the paid version).
Content Management
Content management is the core purpose of wordpress. There are many tools to add more than the basic functions. The following items make the daily tasks such as writing, translating, and designing easier.
- Duplicate Page is a simple solution to copy a whole page or post into a separate draft. This can come in handy when you want to create a snapshot e.g. of your privacy policy for archiving (by principle you need to keep a record of every version and time for which this version was in place) or when you want to create a copy with the same content but translated into another language. (We already did an article dedicated to translations, which you can find here.)
- Polylang provides functionalities to manage our content in multiple languages. It is a simple, straightforward solution but by far not the only alternative. (More details are in our article on translation, which you can find here.)
- Loco Translate is a solution for the management of the plugin multilingual PO/MO files. Again, you can find more details in our article on translation here.
- WPForms Lite allows you to create forms in seconds. It doesn’t matter for what purpose you need to collect data. If you need a simple contact form or a form for newsletter subscriptions this lightweight plugin will do a perfect job. Note that you might need to set up an SMTP connection for everything to work properly (more under Integration below). Some suggest that these forms also work for purchase orders—we will dedicate a separate article to e-commerce, as there is a lot to mention. Note that no matter what data you collect from your visitors, in Europe you have the obligation to disclose the use, processing, retention, and so on—in your privacy policy.
- wpDiscuz helps you gamify your comment section and draw in more interactions. This plugin is optional since WordPress already provides lightweight and reliable comment functions.
- Qubely provides additional blocks you can use when building your page or post. It expands the designs you can use in your daily work.
- Getwid extends the library of the building blocks—the same way as Qubely. The more building blocks you have, the quicker you can find the right piece for your website, without switching to coding.
- Stackable is yet another additional block library. Just like Qubely and Getwid, it gives you more building blocks to choose from.
Addtional mentions:
- Blocksy Companion is a theme-specific plugin. If you choose Blocksy as your theme, you will not do without it. We did a small theme selection in the article here—should you want to read more.
Creating multilingual websites isn’t easy.
That is why we wrote a small tutorial for you.
You can find it here.
Integration
Integrations are the most important part of the puzzle when it comes to business functions—such as e-commerce. This post targets a simple website—we will dedicate a separate piece to online shops and business topics. For the time being, we assume that you want your website to be able to at least collect information from your visitors and send it e-mails.
- WP Mail SMTP connects your e-mail server to your WordPress server. This makes it possible to send emails to you (e.g. when someone sends a message via a contact form) and to your visitors (e.g. when their comment receives a reply). You can connect to one of the many third-party e-mail providers, such as Gmail. Depending on what solution you choose, additional disclosures in your privacy policy might be necessary. You can of course also connect to your own private SMTP server.
Additional mentions:
- WooCommerce is open source and one of the most used plugins for online shops. We will go into great details about WooCommerce in a separate post.
We will write a lot more about the integration of business functions.
Don’t want to miss it? Send us a message or leave a comment!
Monitoring
Privacy doesn’t combine well with monitoring. Whenever your increase the level of data you collect, your legal obligation in regard to disclosure and documentation of data management increase as well. One of the popular plugins is Google Analytics. Using this plugin, however, complicates things for you. First, you need to find out what Google does with this data and inform your visitors in your privacy policy accordingly. Additionally, you need to comply in regard to the cookies used on your website. This by principle means that any visitor has to have the option to turn off and proceed to the content.
In this post, we wanted to avoid any legal uncertainties and provide a simple solution. That is why we picked an alternative that (a) does not use analytical cookies (b) can be set to collect anonymized visitor data, and (c) doest not share data with third parties.
We will write more about compliance.
Don’t want to miss it? Send us a message or leave a comment!
- WP Statistics provides a simple statistical report about the number of visitors, pages visited, and more. An important consideration is—as mentioned before—privacy law. This plugin offers various privacy settings to meet the requirements in your country. For example, with the current GDPR regulation, even IP addresses count as protected personal data. WP Statistics allows you to log IP addresses only in an anonymized form. It monitors the external activity.
- WP Activity Log: creates a record of changes made by the WordPress users and administrators. It monitors the internal activity. Note that if your organization has employees managing your content, you might have to notify them about any monitoring activity.
Compliance
There are many different options in regard to the GDPR obligations. For example according to GDPR.EU, a project financed by public funds, you should document and store the cookie consent given by your visitors. Most solutions, however, store the cookie consent only as a cookie—i.e. in the visitor’s browser. With this approach, you don’t store the consent at any point. Below, we included both options—one with cookie consent storage and one without. There is a lot of discussions online in this regard as the consent logs are not always easy to implement. Luckily, in general, this topic can be avoided by simply using necessary cookies only.
- Cookie Notice is a simple way to implement a cookie notice banner. It allows you to pick colors to fit your design and to include a link to the privacy policy the free version of this plugin saves the cookie consent as a cookie (see comment above in that regard).
Additional mentions:
- CookieYes is an alternative to Cookie Notice. The most interesting difference might be that the free version of CookieYes provides you with the possibility of saving the cookie consent on their server. As part of their free package, you get 5000 cookie consent logs per month (the most we could find). Unfortunately, a little bit of coding skill is needed to implement CookieYes fully.
We will write more about compliance.
Don’t want to miss it? Send us a message or leave a comment!
Polylang uses a functional cookie to save the choice of language.
You can turn this cookie off on the back end of your server
by adding the following your wp-config.php file: define( 'PLL_COOKIE', false);
SEO
Perhaps the most important benefit of WordPress is the streamlined methodology for search engine optimization. After all, regardless of what your website is about, it’s all good for nothing if nobody can find it on the internet. There are many options, this is one we like
- Rank Math is a great option. It allows you to profile your website and work well with other tools and utilities such as Google Search Console or Google Analytics. There are already numerous free tutorials on Rank Math. Since it is a bigger topic, we will not go into further details in this article.
We will write more about SEO.
Don’t want to miss it? Send us a message or leave a comment!
Conlusion
In this post, we presented a list of free plugins that enable you to create a complete website. These 18 plugins cover security, content management, integration, monitoring, compliance, and search engine optimization. They all are compatible and have been tested together.
Please note that plugins mentioned in this article are provided by third parties and we cannot give any warranty. Additionally, your website has to comply with the applicable privacy and media law. It is not guaranteed that your website is compliant only by implementing plugins mentioned in this post—further measures might be necessary. In case of any doubts, we recommend consulting a specialist. This article is not legal advice.
Did you like this post? Please comment!
Did we get everything right? Did we miss a topic you’re interested in?
Do you know a better way? Please let us know!