A WordPress plugin is software that adds functionality not found in the core WordPress software to your website. There are many tens of thousands of plugins available ranging from paid ones to the free ones found on WordPress.org, and ranging from millions of installations to just a few. Most importantly you want a plugin that is compatible with your WordPress software version and that is being actively maintained. The plugin directory on WordPress.org shows whether the plugin is compatible with the version of WordPress you are running, when the plugin was last modified, a review star rating, and the number of active installations. There are so many plugins available because, though there is a review process, the review process isn’t as strict as found in phone apps stores, for example. It is definitely “buyer-beware” for plugins (even though they are often free!) and being listed for installation is not any sort of recommendation. A particular problem, often with less widely used plugins, is plugin conflicts. While well-written plugins should work with others, it is possible that a new plugin will “break your site.” Be sure to backup your site before installing a new plugin and then perform testing to make sure your site still functions as desired; if it isn’t working, you can restore your site using the backup. While you can DIY, using a professional WordPress developer will eliminate these problems.
So first identify what functionality you are missing and then go looking for it.
What type of functionality may be missing? The most obvious is cybersecurity. Why strong cybersecurity isn’t a function of the core is beyond me; perhaps since there are many high-quality security plugins available, the community* doesn’t want to divert resources from other pursuits. A key design tenet of WordPress is decisions and not options, but in this case no decision was made other than to ignore security while many options are available. Or perhaps it’s to avoid selecting a “winner” whose code would be incorporated into core. The community did move to strongly recommend/require use of SSL (the secure website access that triggers showing a padlock or other security indication in many browsers). After installing WordPress, you MUST install a security plugin. To illustrate the clear need, within a day or two of installing WordPress for this site, the site was attacked using various brute force attacks and some known vulnerability attacks. But since my first task after installing WordPress was to install a security plugin, my site was protected and I know about these attempts by looking at the security log. I use the WordFence plugin, which has a free and paid premium version, and you can learn more about security plugins.
The second key functionality that most websites need is a backup solution. Some hosting companies include backup as part of your website package or you can have your own backup plugin which you then control. Much like backing up your own computer, backing up your WordPress site will allow you to recover from various problems, including inadvertent deleting of files, or installing a new plugin that causes problems. I use UpdraftPlus plugin though there are many different backup solutions.
A third key functionality typically required for all websites is related to finding your site via search engines, also known as SEO. Most people find your website by means of searching.
The final key functionality typically required by all is image size management. Images are by far and way the biggest files used. For example, a picture from a cellphone or camera could easily exceed tens of megabytes and take many hundred of milliseconds to load over the fastest of connections. In fact, unnecessary large images is often the single biggest cause of slow websites. While you can manually adjust the size of images with various applications, a plugin will automate the function and ensure it is done every time for every image uploaded.
For more details about specific plugin areas, see the related posts.
* When I say community I really mean the Automattic corporation which was founded by the developers that initially wrote WordPress and then released it into Open Source. While there are many volunteers that contribute to WordPress, the reality is that people need to eat and Automattic has a profitable business model around WordPress and directs its evolution and provides significant development resources. In fact, Automattic has encouraged the many companies that profit off of WordPress to contribute to its evolution.