A curated catalog of WordPress plugins we've used in production, plus the custom modules we ship for clients who needed something the marketplace didn't offer. Filtered by category, reviewed for security, performance and support quality.
We treat plugins as code — not magic boxes. Almost every "WordPress is slow" or "WordPress got hacked" story we've audited traces back to exactly one bad plugin. Every entry in the catalog below has been reviewed for active maintenance, code quality, security history, and resource impact in production.
The modules grid is filtered by category — payments, shipping, marketing, SEO, security, performance, forms, integrations. For each one we list the recommended free version, the paid alternative when it's actually worth it, and our honest take on whether the marketplace plugin is enough or your project needs a custom module instead.
If you're looking for a specific integration that doesn't exist as a plugin — or if the plugin you'd otherwise use has been abandoned or sold to a sketchy buyer — we build custom WordPress modules from scratch. That's a separate engagement with its own scope, pricing and a working PHPUnit suite delivered alongside the code.
WP Rocket is our default WordPress cache plugin: paid only, $59/year, ships a green Core Web Vitals score on most sites without theme edits.
Fluent Forms is our default WordPress form plugin: fast React builder, conditional logic in the free tier, 60+ integrations in Pro, no SaaS lock-in.
Polylang Pro is our default for multilingual WordPress: clean per-language URLs, no separate database tables, plays well with Rank Math, ACF Pro, and WooCommerce.
Advanced Custom Fields Pro: the WordPress content modeling layer we install on 90% of our corporate and agency builds. Setup, field design, theme integration — $40 flat.
The comparison every WP developer asks: Rank Math or Yoast? Real review from 50+ production sites, schema, sitemap submission, Pro vs Free.
How we vet a WordPress plugin
Six checks before a plugin earns its place in this catalog: active maintenance in the last 12 months, code review on the public repo, performance impact measured on a clean staging build (queries-per-page, autoload weight, frontend JS/CSS additions), support responsiveness over the past 90 days, GPL compliance, and abandoned-fork risk. Plugins that fail any of these get a yellow flag with our reasoning visible on the card.
Free vs. paid — when each makes sense
Most categories have a free plugin that does 80% of what a project needs and a paid alternative that's worth it for the remaining 20%. We pay the paid version's annual fee when it materially saves engineering time (usually true for forms, SEO, security, backups). We stick with free when the paid features are mostly cosmetic. Every card calls this out explicitly.
When to commission a custom plugin
Marketplace plugins are perfect for problems thousands of WordPress sites share. They're a poor fit for: bespoke business logic, integrations with your internal CRM/ERP, regulatory compliance with non-trivial requirements, and any feature where your needs are genuinely unusual. Custom plugin development starts at $3,500 and ships with a test suite, README, and code your future developer can actually maintain.
Multilingual & WooCommerce compatibility
Every plugin is tagged with Polylang and WPML compatibility status, plus WooCommerce hook coverage if it touches commerce. We don't recommend a plugin we haven't run alongside the language switcher and WooCommerce — those two integrations are where 90% of plugin conflicts surface.
Both. Each card lists the free version, the paid alternative when one exists, and our honest take on which is worth it for which use case. Most cards include a 'free is fine because…' or 'pay for the premium because…' explainer, not just feature-list parroting.
Six checks: active maintenance in the last 12 months, public-repo code review, measured performance impact on a clean staging build, support responsiveness, GPL compliance, and acquisition history (we drop plugins recently sold to sketchy buyers). Plugins that fail any check get a yellow flag with the specific reasoning visible — we don't quietly omit them, we explain what's wrong.
We re-review the catalog quarterly. Abandoned or sold plugins get demoted with a migration note pointing at the replacement. If you're a current client and an abandoned plugin is critical to your site, we either fork it under your name or build the equivalent as a custom module — usually under your maintenance retainer.
Most are self-installable from the WordPress plugin directory or the vendor's site. We include configuration notes on each card — the gotchas that aren't in the official docs. For complex setups (WooCommerce payment gateways, SAML SSO, multilingual SEO plugins) we offer paid setup as a fixed-scope mini-engagement starting at $250.
There's no magic number — what matters is total autoload weight, queries-per-page, and frontend asset bloat. We've seen sites with 80 plugins that load in 800ms, and sites with 12 plugins that take 4 seconds. The cards link to typical resource impact for each plugin so you can budget your stack instead of just counting boxes.
Bad plugins, yes. Well-built plugins, almost never. The biggest performance offenders are usually page builders that ship 200KB of frontend CSS, social-share plugins that load external JS, and analytics plugins that don't defer their tags. We flag these explicitly. Core Web Vitals tuning is a service line of its own — see the Services archive.
When your needs are genuinely unusual: bespoke business logic, custom CRM/ERP integrations, regulatory compliance with non-trivial requirements, or replacing a marketplace plugin that no longer fits. Custom development starts at $3,500 and ships with PHPUnit tests, a README, and code maintainable by any competent WordPress developer — not just us.
Every plugin in the catalog is tagged with its WooCommerce compatibility status — full hook coverage, partial, or unrelated. WooCommerce-specific extensions live in their own filtered view. We've found that ~30% of generic WordPress plugins break in subtle ways inside WooCommerce checkout, so the tagging is non-negotiable.
We review the public repo and changelog for known CVEs before recommending. We are not a security firm and don't issue formal audits — but every plugin with an unresolved security advisory in the last 24 months is excluded by default. For paid clients, full security review of a plugin (or your live site) is offered as a $750 fixed-scope audit.
Every card is tagged with Polylang and WPML compatibility. We don't recommend a plugin we haven't run alongside a language switcher — that's where most plugin conflicts actually surface. If multilingual is a hard requirement, use the 'multilingual-ready' filter on the catalog.
30 minutes with a senior engineer. No salespeople. We respond within one business day with a brief outline.
Send a project brief →