One of the key features of WordPress is that it’s open source. That brings with it several benefits: it’s free, it has a huge, helpful community, and anyone can contribute to the project. But it also has some downsides: anyone can contribute to the project.
That means there are a wealth of plugins that can be used to extend your site at the push of a button. Want to sell something? Here’s an ecommerce plugin. Want to create forms? Here’s a form plugin. Want to switch all your images to Doge and your font to Comic Sans? I’m not sure why you would, but here’s the plugin.
That’s a lot of power to bestow on developers. And, as Uncle Ben always said, “With great power comes great responsibility.”
The problem is not all developers have the moral compass of Peter Parker. Some wield their power with reckless abandon;1 pushing aside coding standards for speed and making it work2.
It isn’t all on the developers. How is one person expected to deal with users demanding 24/7 support for a product they make exactly 0 dollars on3?
Trick question. They can’t. No one has the time to pay their bills and create bug free, fully supported plugins that work with every single other developer’s plugins and themes.
Plugins aren’t perfect. Security holes happen to even the biggest plugins out there4.
So what happens when a plugin poses a security threat, but the plugin was created and is maintained by a developer in her free time? A developer that doesn’t have a team of other developers waiting to help her fix the plugin.
Well your site could be opened up to a security hole. And if people know where to look, they have a way to get in.
It isn’t all doom and gloom though. WordPress.org gives you several metrics for making good decisions when adding a plugin to your site.
How many active installs does the plugin have?
WordPress recently switched over from showing downloads to active installs. A much better metric as downloads could be easily upped by releasing a minor plugin update.
Just because a lot of people use something doesn’t mean it’s a great plugin. That’s why we need some other ways to make a decision.
When was the plugin last updated?
You want plugins that have been updated recently.
WordPress.org does a good job of showing you a notice when a plugin hasn’t been updated in over 2 years. Of course, if the plugin hasn’t been updated in 1 year and 355 days it’s a good idea to check the last update date yourself.
That only protects you so much though. You may install a plugin that then falls into disrepair. And there’s no notice in the WordPress dashboard when you have a plugin installed and it hits the magical 2 year point.
Be vigilant. And if you notice a plugin hasn’t had a plugin update in years, it may be time to find an alternative.
Is the developer active on the support forums?
This is where things with free plugins get a bit iffy. What you save in price, you lose in support. Good developers will still be somewhat active on the support forums closing out tickets and helping their users.
How many plugins has the author created?
You get better with practice. The same rings true for developers. My first plugin was worse than my second. And my next will be coded better than the last.
If the plugin developer is consistently putting out plugins that are attracting downloads it’s a good sign that they’re an experienced developer.
You’ll still want to make sure the developer is actively updating and supporting the plugin, and doesn’t just dump out quick, ugly code.
What are others saying about the plugin?
There are always reviews. Some reviewers can be very helpful. Some others may rate a plugin 1 star and say nothing about it. While some other reviewers may dock a plugin stars for not doing something it never promised to do.
Take plugins reviews with a grain of salt. You’ll still definitely want to make sure there are more 5 star reviews than 1 star reviews. But you’ll also want to make sure the 5 star reviews are legit. The same goes for the 1 star reviews.
After you’ve picked out the plugin
There are still a few things we can do to make sure the plugin we picked is a good plugin. Here are a few things we want to make sure the plugin isn’t doing.
Causing PHP errors
This one will be hard to miss because you’ll likely get a lovely white screen when visiting your site. If that’s the case and you can’t login to deactivate the plugin;5 open up your FTP connection and rename the plugin directory or just remove it. This will disable the plugin and get your site back up.
Causing JS Errors
If you’re familiar with your browser’s inspector you’ll want to check the console and see if your getting any Javascript errors.
To do this open your site. Right click anywhere on the page and select “Inspect”. Once the Inspector opens find the “Console” tab and click that bad boy. If you see red messages and it’s coming from the plugin you may want to get rid of that sucker.
Enqueueing scripts improperly
This one can be a little trickier to discover. A lot of plugins will have CSS and Javascript that only needs to load on the admin panel. We don’t want visitors to our site to have to load those scripts they’ll never see so the plugin shouldn’t even be serving them up.
You’ll need a little bit of understanding about enqueueing scripts and probably need to take a look at the plugin to see what kind of scripts it adds to your site.
Slowing down your site speed
Your site’s load time is extremely important. It is probably the most important feature of your site. Right along with good content. So you don’t want a plugin that is going to be bringing your site’s load time to a screeching halt.
Before you install the plugin run a site speed test at GTMetrix.com. Or one of the other bajillion page speed testers. Make note of the stats and then install and activate your new plugin. Then run the test again and compare your numbers.
Now what?
You’ve finally got your plugin picked out. You get it installed and set up. You’re good to go right? Set it and forget it?
No! Make sure you’re keeping your plugins up to date! That’s the most important tip for picking good plugins.
Even the biggest plugins will have security holes. Yoast SEO being a prime example. The plugin is on over 1 million sites. And back in March they had to roll out a plugin update to fix a potentially harmful security hole. So keep those plugins as up to date as possible.
Follow all those tips and you’ll be on your way to picking out the best plugins for your WordPress site.
Photo of man staring at blank computer in the mountains via Stocksnap.io
- I don’t know how to use semi-colons. Is this right?
- Guilty.
- They actually lose money if we want to get into opportunity costs and hourly rates.
- With paid versions.
- Again, the semi-colon thing. I should learn that.
