Before You Install a WordPress Plugin, Ask These Questions

Using WordPress plugins are great way to add new and very exciting functionalities to your website. Plugins can save you time, speed up your website, improve SEO, and do much more. Plugins give web designers and developers the leverage to build sophisticated websites quicker and even better because of the functionalities they add to the website. With more than 20,000 plugins and over 330,000,000 downloads in the official WordPress plugin directory, there’s no question that plugins are an important component of WordPress and will continue to lay a pivotal role in the relevance and position of WordPress as a leading content management system.

You will also want to read:

How A Plugin Installation Can Crash Your Wordpress Website

How to Prevent the most common Application Attacks against websites

7 Steps to Reduce the Disc Space Used by Your WordPress Website

Generally speaking, here are some basic reasons you should be using plugins on your WordPress website:

Why Use Wordress Plugins

You could be asking if it is even necessary to build your WordPress site using plugins. Well, there are lot of reasons you should consider using WordPress plugins to build an attractive and performing website.. Here is a summary of the reasons

WordPress plugins take off the programming burden. This has become one of the biggest advantages of plugins.. With plugins, you can accomplish different goals with your website. Some of the plugins are designed to help with things like measuring your analytics, increasing sign ups to your newsletter or working with your email distribution system to make sure your customers are having a positive experience and optimize your website for search engines..

Despite the overwhelming advantages of using WordPress plugins, there are also some downside with using WordPress plugins. One of them is that relying too much on plugins can expose your site to an increasingly wide variety of risks. This is a critical factor and you will have to extensively evaluate this risk factor before you choose to install any plugin on your website.

Let’ us now discuss in greater detail, some of the problem with plugins and things you should consider before installing one.

Also read: 27 Free WordPress SEO Plugins that Will Improve Your Website Search Engine Rank

The Problem with Plugins

When you come across a WordPress site that is running sluggishly, the first suspicion and consideration should be to check for a plugin that could be causing the slowness. Plugins do cause problems for WordPress sites, just as they are wonderfully good to add functionality, the can also be reason for frustration.

Some webstes install a lot of plugins, this can increase the risk factor associated with faulty plugins, however, the number of WordPress plugins you install on your website does not ordinarily constitute a problem.

Also read:

9 Common Problems of a WordPress Website

A Guide on How to Reduce the Downtime on a WordPress Website

Best Rated Anti-Spam Plugins for WordPress Websites

That said, poorly developed plugins are a very common cause of trouble. Some of the problems you’ll face when dealing with plugins are:

Some common problems Associated With Plugin Usage:

  •     Decreased speed
  •     Security vulnerabilities
  •     Exposure to long-term risks

Decreased Speed

Site speed issues that are related to plugins are usually caused by things like poor development practices on the part of the plugin author. But generally speaking, here are two possible reasons why a WordPress plugin can slow down a site:

    Duplicate JavaScript libraries: The plugin might be requesting open source libraries (e.g. jQuery, MooTools, etc.) without checking to see whether they’ve already been requested. This is a web performance best practice problem. A good plugin should make use of wp_enqueue_script to load JavaScript libraries and make sure that there are no redundant requests.

    Unneeded HTTP requests: Another poor practice is including site files when they aren’t needed. For example, you might only need a contact form on one or two pages on your site, but the associated JavaScript and CSS files of the plugin you’re using have been hooked into wp_head and are now being requested by all web pages. To avoid this, these files should be added conditionally only when the plugin’s function is needed.

Security Vulnerabilities

This is the second problem we identified as associated with the use of plugins. The potential for security vulnerabilities is a major problem with poorly developed plugins. There are few things worse than getting a call from a client about their site being hacked. That means this issue must treated with the seriousness it deserves.

Also read:

Common Problems with WordPress Websites and How to Fix Them

How Not to Hurt Your Visitors When Using the WordPress Maintenance Mode

How to Find and Clean Backdoors in a Hacked WordPress Site


Here are some common security vulnerabilities in WordPress plugins:

    Vulnerable libraries: In late 2011 a security vulnerability was found in TimThumb, a PHP library used in many WordPress plugins and themes, resulting in many affected WordPress sites. This is an example of how using WordPress plugins can open your site to security issues.

    Lack of good data sanitization and validation: Another poor security practice is failing to properly sanitize and validate data, which can result in MySQL injections and cross-site scripting (XSS) vulnerabilities. A good plugin should follow best practices on data sanitation/validation. (For WordPress developers, there’s a data sanitation and validation tutorial on Wptuts+ that might be helpful.)

Exposure to Long-term Risks

Long term security vulnerabilities could include un-updated plugins and plugin incompatibility with WordPress versions which is mainly due to failure to apply the required update or the non availability of the update itself. Relying on a WordPress plugin over a long period of time can expose you to risks, including:

    Plugin development being discontinued: The majority of plugins are free and open source. Over time, the plugin developer’s interest can fade and fall off, especially for less popular plugins. The way out in this case is to uninstall the plugin and install a substitute that is current and updated.

    Plugin updates are slow: A major risk is a security vulnerability being found in a plugin and the developer not being able to issue an update quickly enough. A plugin that makes use of deprecated functions also runs the risk of not working in future versions of WordPress. To watch for this ind of problem, you need to carefully read plugin reviews to find out problems with plugins and now what to avoid.

    The plugin is replaced by WordPress core updates: A plugin will often be developed to solve a need that isn’t currently being met in WordPress. With new WordPress versions, they may no longer be needed and further development and maintenance of the plugin may stop. When this happens, the plugin author may recommend ways to deactivate the plugin and switch to the new core feature; however, there’s no guarantee this will happen. And if you rely heavily on the plugin, you could be stuck with it forever.

Also read: Best Comment Plugin for WordPress Websites

Questions to Ask Yourself before Installing a WordPress Plugin

Now that we’ve identified potential issues of using WordPress plugins, you might be thinking about evaluating whether you really need a plugin or not. The task should be much easier following the discussions we have had above but we will be precise on what you have to look out for.

Below are some questions I suggest you ask before making a commitment to using a WordPress plugin.

Do you need the plugin?

When you’re searching through the WordPress plugin directory, the first thing to determine is whether or not there’s really a need for the plugin. Is this plugin critical to the site? Can you achieve the functionality without installing the plugin?

Finding out if you really need a plugin especially becomes important when you’re browsing the top plugins in the WordPress plugin directory because you might be tempted to install a plugin simply because many other sites seem use it too.

Can I do what I need without this plugin?

The idea of clicking the “Install” button and everything just working makes plugins highly attractive.

For non-developers, using a plugin for even the simplest functions might be necessary. However, if you’re a developer with good understanding of PHP, MySQL, web development best practices and a bit of time, writing your own code in WordPress’s functions.php might be a better option so that you can avoid dependencies on third-party plugins.

For example, searching for “Facebook Like” in the WordPress plugin directory returns over 700 results. If your only objective is to add a Facebook Like button on your WordPress posts, that’s easy to do: get the code from the official Facebook Developers docs, and then put it in the appropriate location in your theme’s single.php or functions.php.

Is this plugin better than other competing plugin?

The idea is to get a good list of options before you make a commitment to a particular plugin. Start by searching the plugin directory and putting together a quick list. Do research on each, looking for reviews of each plugin online.

Here are a few things to keep in mind when performing research on WordPress plugins:

    When was the information published? Things quickly change in the world of WordPress, so make sure the review is still relevant.
    Don’t gloss over premium WordPress plugins. There are some great paid options out there that may not be at the top of your search results, or may not appear to be as popular compared to their free, open source counterparts. I recommend you evaluate them as well. They also often come with active support from the plugin developer in case you run into trouble.
    Regularly review your list of plugins. Compiling a good list of plugins will require some time. Because of how fast things change, I recommend that you regularly revisit your list (I do this at least twice a year).

Which plugin author has the most credibility?

When you choose a plugin, you’re placing trust in its author. It’s important to have chosen an authority that has the strongest level of credibility.

Determining credibility can be difficult. A new developer on the scene may be the best choice, yet may lack the publicity and reputation of an older developer.

There isn’t an exact science to answering this question, but here are some things to consider:

Review the plugin’s activity. For plugins in the WordPress plugins directory, take a look at the ratio of support tickets answered over the past, say, two months to determine how responsive the developer is.

You can quickly see how many tickets are resolved in the Topic column and when the last time a ticket was responded to in the Freshness column.

For a premium plugin, look at their official support forums (if possible) and check how many of the questions are answered and how long a time period elapses between answers.

Try to figure out why the developer created the plugin. What motivated them to do the initial work? What’s motivating them to continue work on the plugin? The answer isn’t always obvious and the seemingly “obvious” answers can be wrong. Maybe it’s to scratch their own itch. If it’s a spare-time hobby that the developer took on for fun and experimentation, you might be at risk of them falling disinterested in their project. If developing the plugin is a full-time endeavor (as is the case with some of the premium plugins) then the developer’s motive to continue development and support remains high.

Determine, as best you can, the developer’s level of experience. Is this their first (or only) plugin? What kind of work do they do for a living? Have they made contributions to WordPress core? Though experience is not the only measure of talent, many times, it’s a safe starting point.

Which plugin has the best update track record?

As you narrow down your list of plugins, consider the plugin’s update frequency. For plugins hosted in the plugin directory, look at the Changelog tab to see notes on what was done with each update.

Also, Go to the Developers tab and look at the Development Log on Track to see how much time has elapsed between updates.

As you review this information, below are some things to consider looking at:

    Evaluate the types of changes made to the plugin. A long list of bug fixes, while good to have them resolved, may suggest sloppy coding practices on the part of the developer and the risk that there are more bugs yet to be found. A plugin full of “Feature Requests”, while they might seem good on the surface, suggests a developer that may not have a clear sense of focus for the future of the plugin and it might end up being a monster down the road.
    Evaluate the amount of time that has lapsed between updates to the plugin. Keep in mind the simple nature of some high quality plugins may not require many updates. An important factor is consistency. Updates on a monthly basis are better than updates on a daily basis for a month, followed by six months of silence.

Which plugin has the most widespread adoption?

Consider the usage and recommendation of the plugin throughout the WordPress ecosystem. How many downloads does it have? Who’s recommending it and why? What’s being said about the plugin?

As you ask those questions, keep in mind that the popularity of a plugin doesn’t automatically make it the best choice. While certainly a factor, weigh its popularity against the other answers to the other questions you’ve asked about the plugin’s author and update history.

Be willing to go with a less popular (for now) plugin that has a solid developer behind it.

Final Words

Plugins are important to WordPress. But it is recommend that keeping your plugin use to a minimum and looking for ways to accomplish more with less is a better approach to dealing with plugins. Also remember that having a solid developer behind a plugin can be safer than making judgements based on plugin popularity and number of downloads.

Comments (0)

Leave a comment

Powered by Simple Blog