When you’re setting up your site, finding a lot of neat plugins that add cool new functionality to your WordPress website can be fun and exciting. However, there are so many interesting plugins out there that it can be easy to go overboard installing things you may not actually need. In some cases, this may not be a big deal. If a plugin is developed with good coding practices, having an unused plugin sitting on your site shouldn’t cause any security or performance issues. However, with more than 30,000 plugins in the WordPress plugin directory, and many more than that available via other vendors, you can be sure there are quite a few that are not secure or efficient.
Even one poorly designed plugin can cause your entire website to come to a grinding halt, or worse–it can open your website up to hackers and viruses. But don’t worry; I have several tips for you that, if kept in mind during the plugin selection process, should help you avoid such plugins and keep your site running smoothly without having to sacrifice cool functionality.
Don’t go overboard
While it can be fun to install plugins that add exciting new functionality to your website, keep in mind that each plugin has the potential of slowing things down, causing security threats, and will require maintenance (updates) later on. The fewer plugins you have on your server, the faster your site will be and the easier it will be to perform updates without having to worry about compatibility. I’m not saying to skimp on functionality you actually want or need, but it’s a good idea to be conservative with your plugin installation so that they will be less of a potential liability later on.
Something else that goes along with this is that you should map out your requirements before you even start looking. If you know exactly what you want, it is easier to find the right solution right away. It makes search terms easier to figure out, which makes finding the right plugin much less of a hassle. Otherwise, you risk wandering around aimlessly trying to figure out what you actually want, or you might even end up installing a plugin and spending time to get it all set up before you realize that it doesn’t actually meet your needs. It’s kind of like when you’re looking for a house or a car–you should have some idea of what you want before you talk to the realtor or dealer, or else you risk having them try to sell you the wrong product or you end up regretting your purchase because you realized there’s something you wanted that is missing.
Don’t try things out on your production website
Your production website is all your users see, and if it is running slowly or, god forbid, broken or unavailable, they’re going to assume you don’t know what you’re doing and will probably leave–and are unlikely to return unless they really have to do so. Having a local development instance of your website or a staging instance set up at a sub-domain on your production server, allows you to test out new plugins and configuration changes without the risk of your visitors having a bad time on your site. Pro-tip: this also applies big-time when you’re thinking of performing updates to your site. If something breaks during the update process and you’re doing it on your production server, you’re going to have a bad time. Use a separate instance to test plugins, updates, etc. to be safe. And while we’re at it, always backup beforehand! You can never have too many backups.
Steer clear of plugins that haven’t been updated recently
As WordPress changes, plugins will need to follow suit to keep up with the new features and technology available in the core software. Sometimes, a change can be made to WordPress core to close a security hole but unfortunately breaks compatibility with a plugin. If a plugin hasn’t been updated in the past year, it is unlikely that it can be counted on to work with the latest version of WordPress. Additionally, unless it’s very small and only performs one or two functions, no plugin is going to be completely bug free. If a plugin hasn’t been updated recently, that’s not necessarily a sign that the plugin is perfect and doesn’t need updates. Sometimes, it is buggy and the plugin developer is just too lazy to maintain it (shame on them!).
Prefer plugins with an active support community
As I said before, plugins are never “done”. There’s always some other bug to fix or some functionality that can be improved and optimized. If you see a bunch of support topics that have gone unanswered for an extended amount of time (even just a month or two), that plugin developer is probably not going to help you either if you run into issues. And unless you are confident that your server and WordPress configurations are different than that of the people who are requesting support, you’re likely to run into the same exact problems.
Check your site after each plugin installation
It can be easy to just go down a list of features you need, find the right plugins, and just install them all, one after the other. But if there’s something wrong with the fourth one and you only see it when you view the frontend of your website after you’ve finished installing all the rest, you’ll have to go back through and disable each one (or all of them at once) until you determine which one is causing problems. Take it slow. Install a plugin, browse your site, and test out its functionality to make sure it is working as intended. Then, you can move on to the next one. Caveat: obviously, if you regularly set up WordPress websites and have a list of plugins you always use, you can sort of ignore this since you should already know if any of them are troublesome (in which case you shouldn’t be installing them anyway).
Size up your options
Given the vast amount of plugins available on the market, it is highly likely that more than one will adequately suit your needs. It can take a while, but you should explore each option to see which best fits your needs. If you need to, use a few different testing instances of your site to try each option before you decide on one. And, of course, keep the things I mentioned previously in mind. If there’s an old plugin that does everything you want but the developer seems to have disappeared, versus a newer plugin that is still lacking some features but has an active developer that provides fast support and is quick to implement feature requests, it might be better to have a little patience and go with the younger plugin.
Don’t get scammed
I don’t know if you saw, but recently on the Android Google Play Store there was recently an app that reached #1 on the Paid Apps list, called “Virus Shield”. As you might guess, it was supposed to be an antivirus for your Android phone, but in reality, it was just a user interface that ultimately did nothing. You open the app, press the button to start monitoring, and the app indicates that it’s working, but nothing is actually happening behind the scenes. It cost $3.99 per purchase, and being the #1 app shows that it got a lot of downloads. Luckily it didn’t distribute a virus itself.
Before you get too scared, there are differences between the Google Play Store and the WordPress Plugin Directory. The Play Store has very relaxed restrictions; they barely have any requirements or review. They don’t actually check the code or apparently even test the apps that are submitted for inclusion. On the other hand the WordPress Plugin Directory is curated to only allow legitimate, functional plugins.
In any case, before you do anything with your money, do some research. Make sure the vendor is legitimate and that other people who have paid were given the product and services they were promised. Also, a paid plugin should be held in higher scrutiny in terms of quality, performance and security, so before making a purchase look for negative reviews to see if there are any widespread issues that are yet to be solved.
You get what you pay for
While I caution you to watch for scams keep in mind that there are tens of thousands of legitimate, reliable, and secure plugins available. Some plugins require payment to even download them, and many plugin developers will release some free and some premium plugins, or have free and premium versions of individual plugins. While it is definitely a smart thing to watch your wallet and only spend money when you need to, keep in mind that you’re probably going to get better support and a higher quality product when you go with a premium plugin, rather than a free one, and sometimes there is no free alternative.
Download from trusted sources
Whenever possible, don’t just download a plugin archive from just anywhere. You might search Google for a WordPress plugin that does some specific functionality and find a post on some forum with a link to some website where you can allegedly download the plugin. While this may be fine, it could also be a scam itself and the “plugin” you download could infect your site. I recommend you stick with the source you can verify as being reputable, such as the official WordPress Plugin Directory. When a plugin is submitted to the WordPress Plugin Directory it is reviewed to make sure it is legitimate and secure. You’re better off going with a plugin downloaded from that directory than one for which you find a direct link on some other website. However, because premium plugins are not listed in the WordPress Plugin Directory, there are several vendors, like WPMU Dev, that have their own directories on their websites.
If you keep these things in mind while selecting new plugins, you should avoid many common issues and frustrations that go along with dealing with third-party addons. Remember to always, always, make a backup of your files and database before making any major changes to your website, and as I mentioned above, make all changes on a testing or staging server before doing so on your production website.