By Chuck Spidell, a Nonprofit WordPress Security Expert with ILLUSIO. He helps women-led communications teams free up their time and lock down WordPress from getting hacked.

WordPress powers 34% of all sites on the web and is one of the most popular digital marketing tools used by organizations in the world. It is the ideal content management system for nonprofits because of how it’s open source and anyone can contribute to making it better.

WordPress was founded in 2003 and since then, a community of thousands of developers has created almost 55,000 plugins to expand its capability. The platform has grown into a powerful publishing tool where organizations of all sizes can extend their website’s capability. Here’s a list of plugins that will help save you time, make your site more engaging and easier to use for staff and visitors; and is secure:

Productivity and Workflow

  • Enable Media Replace – easily replace an image or file without having to delete, rename, and re-upload to the Media Library.
  • Duplicate posts – boost productivity by easily cloning your posts or pages; new drafts get created and can be edited later.
  • Simple Custom Post Order – sort the order of your pages, post, and custom post types in the dashboard by dragging and dropping them into place.
  • Disable Gutenburg – get the Classic Editor back and disable Gutenberg completely, or selectively disable for posts, pages, roles, post types, and theme templates.
  • Beaver Builder Lite – a visual drag and drop page builder that can work within your existing theme and isn’t based on shortcodes; easily add images, text blocks, videos, and columns. 

SEO and Social Sharing

  • All-In-One SEO Pack – optimize your pages and posts for Google search by creating custom titles and descriptions; have control of how shared pages appear on social media; create sitemaps with ease.
  • Yoast SEO – uses a templating system so you can specify your title and meta description; create sitemaps and get full control over your site’s breadcrumbs; automatically set canonical URLs.
  • Google XML Sitemaps – automatically generates a sitemap and lets Google know when your website pages and posts have been updated.
  • Quick Page/Post Redirect Plugin – a handy tool to use after website migrations from one server to another; point old pages and post URLs to a new location to retain strong SEO ranking.
  • Social Snap – add simple social share buttons to your pages and posts that are customizable: Facebook, Twitter, Pinterest, Tumblr, Mix, and Instagram; display amount of total shares and likes.

Events, Fundraising and Donations

  • The Events Calendar – display a responsive calendar as a day-by-day, list, month, and detailed page views with search; supports Google maps and colors can be changed to match your brand; purchase Events Tickets Plus to extend it further.
  • ClassyPress – integrate Classy donation forms seamlessly into your WordPress pages, along with one-click popup forms, team leaderboards, and top fundraiser boards.
  • GiveWP – create customizable donation forms within your WordPress admin and add goals, multiple giving amounts, or custom amounts; view donation activity and control your data with exports and reports.
  • Gravity Forms – build basic to very complex forms with conditional logic; supports processing donations through Stripe or PayPal but you need to purchase their Pro plan and add-on.
  • WooCommerce – add the ability to sell products and collect donations directly on your website – you’ll need to purchase the One Page extension; supports Stripe, PayPal, Square, Amazon Pay, and Apple Pay.


  • Akismet Anti-Spam – automatically deletes spam and comments with malicious content on your blog posts and contact forms; also has an option to queue them for manual review.
  • Sucuri – scans and monitors user activity, login attempts, file changes; you can also harden WordPress and reset passwords; pair it with their firewall platform for full protection from attacks. 
  • WP Scan – scans your WordPress plugins daily against a database to identify anything that’s vulnerable and notifies you in the dashboard and email.
  • Limit Login Attempts Reloaded – block brute force attempts by controlling how many times users try the login page and how long they have to wait; you can also log, whitelist, and blacklist IP addresses.
  • Updraft Plus – make back up copies of your WordPress database, theme, plugins, and uploads to a cloud service like Dropbox, Google Drive, or Amazon; supports manual and scheduled backups.

ILLUSIO’s custom WordPress Security Plans save you time and empower your team so you can focus on what matters the most.

If you’re a busy communications teams leader that can’t keep up with managing your WordPress site, ILLUSIO can help you get unstuck:

  • Take the monthly website updates off your long to-list and free up your time
  • Lock down WordPress to keep your website safe from attacks
  • Provide ongoing support with WordPress so you’re not on your own
  • Monthly one-on-one video training so your team feels confident using WordPress

Top 20 Best WordPress Plugins for Nonprofit Websites