One of the best things about having a WordPress site is the abundance of plugins available.
At the time of writing, there are over 55,000 plugins to choose from.
If you want to add just about any functions or features to your site, there is most likely a plugin available for it.
Because of its ease of use, many site owners resort to plugins if they want to add anything to their site.
But it’s also easy to go overboard by being plugin-happy.
- Will it Slow Down Your Site?
- Is it Up-To-Date, Regularly Maintained and Still Compatible With WordPress?
- What are the Chances that it Could Contain Malicious Codes?
- What Do You Know About the Makers & Owners?
- Do You Really Need the Plugin?
- What Do You Get With the Plugins?
- Have You Done Your Research?
- Will it Conflict With Other Plugins?
- What Do the Ratings & Reviews Say?
- How Many People Have Downloaded it?
- Bonus: Support the Developers
1. Will it Slow Down Your Site?
With such a huge emphasis on having a fast site, your plugins will play a part in making sure that your site is not bloated.
If they are heavy, poorly-coded and take up a lot of resources, you may find that you are better off not having the plugin, even if you think it can help your site in other ways.
A quick and simple tool to use is Pingdom. This will give you a detailed analysis on what is causing an increase in load time if you found that your site has slowed down after a few plugins installations.
And you should easily find out which plugins (or anything else for that matter) is taking up a lot of your resources and slowing down your site.
^ Return to top
2. Is it Up-To-Date, Regularly Maintained and Still Compatible With WordPress?
An important indicator in the official WordPress plugin repository is when was a particular plugin was last updated and whether it is compatible with the latest version of WordPress core.
And these are easy to find.
Now I would suggest to be a little bit flexible when it comes to the latter. When WordPress releases an update, most developers are working hard to update the plugin to make sure that it is compatible.
Many will update it relatively quickly after WordPress releases an update.
Others can take a bit longer, particularly the lone developer who maintains the plugin on their own on the side, as opposed a team or the bigger companies.
But if a plugin has not been updated frequently or it is outdated, do not install it.
You are simply asking for trouble if you do.
The easiest place to find that information is within the Changelog via the Development tab:
If the date of the Changelog are fairly recent, then the developers have been maintaining it.
If not, avoid. And it’s up to you to work out whether it’s recent or not, as there are other circumstances which will be covered below.
Sure, it could work for the time being, but it will eventually break your site or make it vulnerable to attacks.
^ Return to top
3. What are the Chances that it Could Contain Malicious Codes?
The majority of developers have the best intentions when creating and launching plugins.
And if you download via the official WordPress repository, they are reviewed and checked before being available to the general public (but if they’re outdated, then it’s pointless).
However, you can also download plugins via their own independent sites, which means that it does not go through any reviews.
Rather, they are available to download via their own site.
And this is where you have to be responsible about downloading these plugins.
Make sure you do your research on who the makers of the plugins are before downloading from independent sites. Who are they? Do they have a track record? Are they somewhat reputable within the community?
An example of a popular plugin which is not available on the WordPress repository but is available on their own site only is WP Rocket.
Because they are well-known in the industry, plus they provide information about their changelog, support, etc., it is safe to download via their site.
And even if they are available in the repository, they can still be outdated and will contain the following message:
4. What Do you Know About the Makers & Owners?
But it’s not just because of the independent websites that you should do your research.
This applies within the WordPress repository too.
There are many well-known individuals and brands within the WordPress community, but that’s not to say they are the only ones you should trust.
There hundreds of thousands of very talented people within the community who have created incredibly useful plugins.
But you still need to do your research.
What have they done?
How reliable are they?
Have they created anything else?
If so, how popular and reliable is their other work?
Clicking on the name within the repository can give you extra information about the contributors and developers of most plugins.
If the plugin is supported by multiple developers, a company or have financial support by offering a premium, they tend to be on top of any fix and update regularly.
If the plugin is supported by a single developer, it could result in plugin abandonment but not necessarily guaranteed.
It’s down to you to do your own research and learn more about the developers.
^ Return to top
5. Do You Really Need the Plugin?
You should always ask yourself whether you really need a plugin in the first place.
Many of us would like to add a shiny, new feature by installing a plugin. But always ask yourself whether you really need it.
Will it make a difference to your visitors’ experience and to your business?
You might be better off without it and save the hassle of maintaining it and optimise your site speed instead, which definitely can have an impact to your site’s performance and your visitors’ experience.
And there is another way you can look at this.
Many software providers have their own well-maintained plugins to make it easier for their customers to implement whatever it is that they are looking to do.
Let’s use ConvertKit, the popular email marketing software that I personally use, as an example.
The popular email marketing platform have their own WordPress plugin which allows their customers to easily embed forms to capture email leads.
But you can live without the plugin and have the form on your page by just copying a piece of code and put it in your editor.
All you have to do is click on the form you want to embed, click on Settings > Embed, and you will have a code that you can embed within your text editor.
Adding a script will create a browser request, thus will add a load to your page.
But adding a plugin can affect your entire site as it is a site-wide implication.
In most cases, you are better off not installing the plugin, however useful or easy it is to use.
^ Return to top
6. What Do You Get With the Plugins?
Due to the generosity of the developers, you will find many plugins which suit you are free to use.
But make sure you know what you’re getting for the “Lite” version. For many, the free version is enough.
For others, you might need to consider paying for plugins.
And there’s nothing wrong with that.
Not only will you get advanced features for what can be a very low price, but you will also support the developers who have put in the hard work to create the plugin, keeping them up-to-date and making your website awesome.
^ Return to top
7. Have You Done Your Research?
You may have noticed that if you search for a particular type of plugin, there are are potentially dozens of the same equivalents.
There are tons of different social sharing plugins, caching plugins, contact form plugins, etc.
Don’t just settle for the first one you find.
Do your research and experiment with different plugins to find the one that suits you.
For example, you might find that a less popular plugin may have the features that the more popular one doesn’t have.
Or perhaps the reviews for one are better than the other, not necessarily by quantity but by quality.
Or you may have noticed that one has severely slowed down your site.
Even a simple search could help you understand more about specific plugins.
With hacking on the rise, many plugins have become victims to hackers because of security loopholes.
But these are not mentioned within the repository. You have to find out about it by yourself.
For example, this article by Wordfence has listed 22 abandoned plugins which have security vulnerabilities
Regardless of your intention, do your research.
^ Return to top
8. Will it Conflict With Other Plugins?
When you install plugins, you should take into account that they are created by different developers who have their own respective strengths and style.
And having them all on one site will not necessarily mean they will complement each other.
It’s like having a sports team with a mix of footballers, rugby players, basketball players and golfers.
Sure, they will all have their own strengths but they won’t necessarily complement each other.
It doesn’t happen often but you might find a few plugins that will clash with each other.
And the more plugins you have on your site, the more likely it will create conflicts.
The only way you will know is to test it, preferably via your development/staging site.
Check with your host provider whether they provide that option. Most managed WordPress hostings would have it and it is incredibly useful if you want to test anything on your site.
9. What Do the Ratings & Reviews Say?
This is quite an obvious one and clearly displayed on the repository.
It is always recommended that you take the time to read the reviews, as it will give you an indication of how reliable it is.
You should also take into account the latest reviews instead of the overall reviews.
If it has a number of 1–3 stars compared to 4–5 stars, you might think that it’s best to steer clear.
But it’s possible that the low ratings are not reflective of the more recent improvements that may have being carried out.
Maybe it used to be bad but as time has passed the developer may have spent time improving it, but the earlier rating is still prominent.
Reading the latest reviews can give you a better indication of where the plugin is at right now.
On some occasions, the recent reviews are very positive:
Other times, it could have a positive review overall but a negative one recently.
An example would be the P3 Plugin, which is (or was?) a popular plugin to measure how many resources your installed plugins take up.
Even though it is owned by a hugely reputable name, GoDaddy, it is still worth reading the recent reviews.
And because it has not been maintained for over 2 years, the negative reviews have come rolling in recently:
10. How Many People Have Downloaded it?
Another one which is readily available is the number of active installs.
Similarly to the ratings and reviews, the number of downloads and installs could signify its popularity.
But combining the number of downloads with the ratings, reviews and all the other factors mentioned above should give you a better idea of whether to install the plugin or not.
For example, the P3 Plugin mentioned previously has over 100,000 active installs.
But you and I both know that we should not install it due to the lack of maintenance, updates and the number of recent negative reviews.
^ Return to top
11. Bonus: Support the Developers
This is not a question, more of an action everyone should consider.
Behind every plugin are developers putting the hours and effort into creating, maintaining, updating the plugin and even introducing new features.
Many of them are doing it free, others are doing it as a job or for financial support.
Whatever the reason, they are making a difference to your site and it’s time we all showed our support to the plugin makers and contributors.
But it doesn’t have to be financial support.
A rating and a well-written review on the WordPress repository could make a big difference to their success and help them grow.
Providing feedback via email is another way to support them as well as doing a review on your own site too.
Show your support to the makers and contributors of the plugins, the ones who are playing a part in making your website performing brilliantly.
I can guarantee you, they would appreciate it.
Where would WordPress be without plugins?
There’s no question that plugins are one of the main reasons why WordPress is such a powerful platform and can propel your online presence.
But with great power comes great responsibility, and there are nasty side-effects when installing plugins without care.
As well as other best practices when it comes to online security, asking yourself the questions above can protect your site from harm.
Although the section highlighted below is what you need to keep an eye on, there are still other details who can gather further to better help with your decision-making:
Are there any other questions left out? Do you have any other suggestions to add?
Do leave a comment below.
Latest posts by Ahmed Khalifa (see all)
- ‘Atomic Habit’ – Book Review on How to Create Good Habits & Remove Bad Habits - 5th October 2019
- Why is My WordPress Site So Slow & How Can I Fix it? - 1st October 2019
- How to Critique Your Own WordPress Website Effectively Without Being Biased - 27th August 2019