How carefully do you vet your WordPress plugins?

by Sarah Hines

We WordPress a lot. One of the strengths of WordPress as a content management system, especially for the non-techy crowd, is that there’s almost nothing that can’t be done with the help of a little plug-and-play code magic. We love us some good plugins now and again. As a small firm, they’re essential to letting us empower our diverse clients to meet a wide range of excellent goals without hiring another three code monkeys.


Plugins are a little evil.

Every now and then, we’ll get a client email to the following effect: “I want my site to whizz-bang and pop a little more. I found this Whizzy-Bang-Pop 1.0 plugin—I can go ahead and install that right?” Sometimes the answer is a resounding, “Yes! Great idea! We must add this plugin to more sites, because it solves a genuine problem in an elegant manner!”

More often, however, we find ourselves either talking the client out of their suggested solution or end up grinding our teeth in annoyance at all of the problems Whizzy-Bang-Pop 1.0 causes for the two years it takes us to persuade the client that there are better solutions to be had.

What can possibly go wrong with plugins?

Security flaws: Badly designed plugins can cause weird glitches that open up security holes in your site, making you more vulnerable to hacking attempts, which are aggravating for basic websites and potentially devastating for sites that store any kind of customer information.

Incompatible code shenanigans: The more code from different programmers you have floating around your site, the higher the chance that something is going to cause sparks. Bad sparks. The kind of sparks that send your website up in flames. The flames can generally be tamed by turning off and uninstalling the plugin and binding it to the ninth circle of perdition, but who has time for that?

Sheer mediocrity: Plugins are designed to do a general task for many different websites. They can solve a problem, sure, but if you don’t have the skills to massage the code or if the plugin is not well supported and if you are solving all of your design and functionality needs with different plugins from different designers, your site will start looking like Frankenstein’s monster.

Loss of speed: Again, because plugins are designed for a broader task set than you probably need them to do, they tend to add bulk to your code that can seriously reduce your site load times, which is an increasingly important metric. Speed is used as a factor in your search results rank, and mobile browsers are more likely to abort a page load if it’s slow. The more plugins you have, the more of a speed bump you’re running your visitors over, so choose wisely.

Yikes. So how do I decide to install a plugin?

Start by walking through a series of questions to test whether your plugin installation is a good idea.

Do you absolutely need that functionality? Some way to capture email addresses for an eNews list: necessary. Drop-down menus: probably useful, but not necessary. Making a little string of dancing fairy lights follow a visitor’s mouse: annoying and decidedly not necessary. If you absolutely must have the functionality, proceed to the next question.

What version of WordPress is the plugin compatible with? Make sure your install of WordPress is up to date and look at the number (should be on the main page of your Dashboard). If the plugin is more than one version out of sync with WordPress, pass it by.

How long has the plugin been around? When it comes to adding plugins to your commercial site, do not be an early adopter or beta tester. Leave that to WordPress junkies and developers and website hobbyists. Look for a plugin that’s been through a few versions, has been around for a few months, has been updated recently, and has a long history of reviews.

What does the WordPress community think of the plugin? Social proof matters in plugins. Look for a 4+ star rating from a large review pool. A 5-star rating means nothing from a dozen users, but from 500 users it starts to have some plausibility.

How well-supported is the plugin? Visit the developers site. Do they have a support forum with recent activity? Do questions seem to be answered? Have they put together a solid FAQ? Does their documentation explain how to use the more obscure features of the plugin? Is there a clear method for communicating with the developers? If the answer to most of those questions is “Yes,” you’ll probably be able to get help making the plugin work.

Okay, I think I’m ready to install this plugin. What else should I do?

Proceed with caution. Either use your temporary staging site and install the plugin there first or make a backup of your site. Turn the plugin on only with one of those safety precautions in place to test how the plugin interacts with your theme and other plugins.

Back your site up regularly. Either daily or weekly, depending on how frequently you install updates and update content. If something goes wrong with a plugin update, you’ll want to be able to revert to a working version of the site.

Stay current with updates. Updates matter for the security and functionality of your site. Granted, things can go wonky once in a while, but keeping your plugins and WordPress up-to-date matters, so make a note in your calendar to check on the updates monthly.

Reassess regularly. Every six months to a year, take a look through your plugins list. Have you been making use of the functionality? Is it still doing what you’d like it to? If not, declutter!

That’s a lot of work…

Yeah. We know. It’s all doable and learnable, but some of it takes stronger tech chops than many small business owners have the time to develop. That’s what we can provide for you though, so feel free to lean on us if you’re struggling to make plugins work for your site.

Interwebs 101

About Sarah Hines

Lead Web Mechanic

Sarah serves as our technical/programming lead and project manager. Her 14 years in web development allow her to empathetically explain the hows and whys of technical pieces to non-geeks so they understand what they’re making a decision about. Behind the scenes she’s programming, troubleshooting code, managing the servers and juggling our technical contractors. With clients, she starts conversations with her good-humored, energetic approach and is consistently bringing pragmatic new ideas to the table while keeping client budgets and goals in check. When she isn't hooked into her computer, she’s adventuring with her constant doggy companion, Pepper or pursuing her varied obsessions such as self-tracking, raising chickens, and tiny house construction.

Other posts by

Comments are closed.