Using WordPress plugins to build your website can be a fantastic way to get everything working nicely. After all, plugins can enable you to do amazing things with your website without knowing how to code. Some plugins are extremely powerful and millions of people every day use them. Take WooCommerce, for example. With more than 3 million active installations, it powers over 45% of online shops and has a huge amount of functionality. And 3 million people can’t be wrong. But if you habitually install plugins on a regular basis without really thinking about it, you need to know why that’s not a good idea.
The downside of using WordPress plugins
Although they can be really useful, using WordPress plugins on your website can cause problems. Rushed updates, untested snippets of code, or an incompatibility between two plugins can mean that you website goes from fully functional to complete nightmare in moments.
There are somewhere in the region of 40,000 free plugins available on the official WordPress repository, as well as countless paid plugins available from companies like ours. Although most plugin authors are careful about quality, some are not. And even with detailed testing, it’s impossible to eliminate every single error prior to a new plugin release or update.
Plugin conflicts are especially difficult to spot, and notoriously difficult to track down. Common combinations will already have been tested (such as WooCommerce with the latest version of WordPress). But it’s impossible for developers to predict every scenario. Your particular combination of WordPress, theme and plugins is unlikely to appear on anyone else’s website. Your particular combination of plugins won’t have been tested before. So you may well encounter unique issues with your particular set-up.
When you’re looking for a particular feature on your website, it’s easy to install a plugin, assume it will work and that everything will be fine. But if it doesn’t, you might notice errors on your website, or your site may be very slow to load. It’s not uncommon for a plugin conflict to crash your website and take it down altogether, causing you enormous hassle and valuable time in trying to sort it out.
So what can you do to protect yourself when using WordPress plugins?
1. Is the plugin legitimate?
As WordPress itself has become more popular, so the popularity of using WordPress plugins has grown. And virtually anyone with coding knowledge can create a WordPress plugin and publish it online. The free plugins available via wordpress.org are reviewed prior to being accepted. You can see the WordPress detailed plugin guidelines here. But errors do still happen, and these standards aren’t necessarily followed by some independent developers.
It’s worth doing a bit of research to see whether a plugin you are thinking of installing is likely to cause problems.
2. Are there any known vulnerabilities in the plugin?
Search the WordPress Plugin Vulnerabilities database for all the plugins that you use on your website. This will tell you if your chosen plugins are (or have ever been) vulnerable to any known security issue (for example a malicious SQL injection or cross-scripting vulnerability). Note that this only applies to plugins held in the WordPress repository. WordFence is a good source of information for other plugins.
Vulnerabilities do happen, and most developers will very quickly sort them out and release a new version of their plugin. So if you find your plugin here with something that’s been fixed quickly, that’s probably OK – just make sure you are using the latest version. But if you find something that hasn’t been fixed, do not use the plugin.
3. Is the plugin well supported by the developer?
When you are deciding whether to use a plugin, you’ll want to make sure that you can get help if you need it. If the plugin is in the wordpress.org repository, you can have a look at its support forum and see whether the developer is responsive to any issues there. If your plugin is not in the WordPress repository, use Google to check whether the developer who made the plugin is responsive to questions, in case you need help. Or ask your WordPress developer whether they know of the plugin and whether it’s highly thought of in the WordPress community.
4. Do you really need a plugin?
For non-expert WordPress users, there’s always a big temptation to use plugins. If you want your website to do something, you just search for a plugin, install it, fiddle with the settings and Bob’s your uncle. Or maybe you read an article that says how fantastic a certain plugin is and that you absolutely MUST have it if you want to make £10bn worth of sales in the next month.
Many people install the plugin without a second thought. But this will mean more maintenance, more updates required and one more thing to go wrong. Check first to see if there is another way to achieve what you want. For example, some people use a plugin to check broken links on their site. But this can easily be done using an online tool instead.
5. Are you running too many plugins?
Running a website with numerous plugins will have an effect on site speed, and greatly increase the likelihood that one plugin won’t play nicely with another.
To illustrate the problem of plugin conflicts, imagine you have just 2 plugins on your site. That’s 1 interface between the 2 plugins that could go wrong. But if you have 10 plugins, that’s 45 interactions that need to work. And if you have 20 plugins, that’s 190 interfaces! So you can see that the more plugins you have, the more likely it is that things will go wrong. Indeed, aside from plugins which are not updated to the latest version, plugin conflicts are the most common problem we see on websites. Of course, if your website doesn’t work, you have no idea which 2 plugins are conflicting. So the only way to check is by painstakingly switching them on and off. So keeping to a handful of plugins will make your life a lot easier.
6. Are you regularly updating your plugins?
Like WordPress itself, plugins need regular updates to keep them working effectively. When WordPress is updated to a new version, there’s a good chance that your plugins need updating too. And the more plugins you have, the more time consuming this is (and the greater the chance that it will go wrong). Check regularly to see whether any of your plugins need updating, and don’t forget to take a full backup before you make any changes, just in case anything goes wrong.
7. Is the plugin developer still developing it?
It’s not uncommon for a plugin to work really well for you for a while and then all of a sudden, it stops working. You look for an update, but find that the plugin has not been updated for 2 years. This might be because it doesn’t need any updates, but that’s quite unlikely. A more likely explanation is that the plugin developer found that it was too difficult and time-consuming to keep it updated. If this is the case, you will have a website that doesn’t work properly and you will need to find another plugin or a developer to help you. Using WordPress plugins that are out of date can be a security risk and may cause your website to be hacked or stop working.
8. Do you have inactive plugins on your website?
If you have inactive plugins on your website that you are not using, it’s a good idea to uninstall them. Make sure you remove any associated files or database content created by them. It’s a myth that inactive plugins do not constitute a security risk. Hacked website are often compromised via old, inactive plugins.
9. Are you testing your plugins first?
When you install a new plugin on your site, make sure you have enough time to adequately test it. It’s a really good idea to use a staging are to test out a new plugin first, before deploying it to your live site. And choose a quiet time when there are less likely to be customers on your website. So that if things do go wrong, the disruption will be more manageable.
10. Do you review your plugins regularly?
It’s often the case that people installed plugins on their websites several years ago. They were fine at the time; well supported and actively updated. But the plugin is now woefully out of date, the developer has gone missing and there are vulnerabilities in the plugin. So it’s important to do a review of your plugins (at least every few months) to make sure that they are still current, secure and supported. If not, you need to uninstall them and find an alternative. We often get requests for plugin reviews from companies who have numerous plugins on their websites. They have built up over time and no-one knows what they all do or whether they are still valid or working. We can advise on what’s legitimate, what isn’t and recommend alternatives if necessary.
Using WordPress plugins can be a great way to get the website that you want quickly and easily. At Outerbridge, we are enthusiastic users of certain reputable plugins ourselves, and we develop them too. But next time you want to install a plugin on your WordPress website, stop and think about it. Run through this checklist before you decide to install a new plugin, and review your plugins frequently. You’ll be glad you did.
Want someone to look after your plugins for you? Our website support packages could be just what you’re looking for.