6 Questions To Ask Before You Install A WordPress Plugin

Aug 8 2012 by Jonathan Wold | 39 Comments

6 Questions To Ask Before You Install A WordPress Plugin

WordPress plugins are great; they can save you time, speed up your website, improve SEO, and more. Plugins allow web designers and developers the ability to build sophisticated websites quicker and (possibly) better. With more than 20,000 plugins and over 330,000,000 downloads in the official WordPress plugin directory, there’s no question that plugins are an important component of the WordPress ecosystem.

But there’s a downside to using WordPress plugins. Relying too much on plugins  can expose your site to an increasingly wide variety of risks.

Let’s discuss the problem with plugins and things you should consider before installing one.

The Problem with Plugins

A WordPress site was running sluggishly and the client I was working with wasn’t sure why. He asked me to take a look.

So I logged in. I immediately noticed a significant delay in web page responsiveness.

I went straight over to the list of plugins to confirm my suspicion of what could be the cause.

Sure enough, I saw a list of more than 40 active plugins!

A screenshot example of the Plugins Screen in the WordPress admin interface.

Now, very importantly, the number of WordPress plugins is not the problem. While a high number of plugins increases the likelihood of difficulties, the plugin count itself isn’t the culprit.

That said, poorly developed plugins are a very common cause of trouble. Some of the problems you’ll face when dealing with plugins are:

Some common problems you’ll face when dealing with plugins are:

  • Speed decreases
  • Security vulnerabilities
  • Exposure to long-term risks (such as the plugin not being updated)

Speed Decreases

Site speed issues that related to plugins is caused by things like poor development practices on the part of the plugin author.

Here are two possible reasons why a WordPress plugin can slow down a site:

  • Duplicate JavaScript libraries: The plugin might be requesting open source libraries (e.g. jQuery, MooTools, etc.) without checking to see whether they’ve already been requested. This is a web performance best practice problem. A good plugin should make use of wp_enqueue_script to load JavaScript libraries and make sure that there are no redundant requests.
  • Unneeded HTTP requests: Another poor practice is including site files when they aren’t needed. For example, you might only need a contact form on one or two pages on your site, but the associated JavaScript and CSS files of the plugin you’re using have been hooked into wp_head and are now being requested by all web pages. To avoid this, these files should be added conditionally only when the plugin’s function is needed.

Security Vulnerabilities

Another major problem with poorly developed plugins is the potential for security vulnerabilities. There are few things worse than getting a call from a client about their site being hacked.

Here are some common security vulnerabilities in WordPress plugins:

  • Vulnerable libraries: In late 2011 a security vulnerability was found in TimThumb, a PHP library used in many WordPress plugins and themes, resulting in many affected WordPress sites. This is an example of how using WordPress plugins can open your site to security issues.
  • Lack of good data sanitization and validation: Another poor security practice is failing to properly sanitize and validate data, which can result in MySQL injections and cross-site scripting (XSS) vulnerabilities. A good plugin should follow best practices on data sanitation/validation. (For WordPress developers, there’s a data sanitation and validation tutorial on Wptuts+ that might be helpful.)

Long-term Risks

Relying on a WordPress plugin over a long period of time can expose you to risks, including:

  • Plugin development being discontinued: The majority of plugins are free and open source. Over time, the plugin developer’s interest can fade and fall off, especially for less popular plugins.
  • Plugin updates are slow: A major risk is a security vulnerability being found in a plugin and the developer not being able to issue an update quickly enough. A plugin that makes use of deprecated functions also runs the risk of not working in future versions of WordPress.
  • The plugin is replaced by WordPress core updates: A plugin will often be developed to solve a need that isn’t currently being met in WordPress. With new WordPress versions, they may no longer be needed and further development and maintenance of the plugin may stop. When this happens, the plugin author may recommend ways to deactivate the plugin and switch to the new core feature; however, there’s no guarantee this will happen. And if you rely heavily on the plugin, you could be stuck with it forever.

Questions to Ask Yourself before Installing a WordPress Plugin

Now that we’ve identified potential issues of using WordPress plugins, you might be thinking about evaluating whether you really need a plugin or not.

Below are some questions I suggest you ask before making a commitment to using a WordPress plugin.

Questions to Ask Yourself before Installing a WordPress Plugin

Do I need this plugin?

When you’re searching through the WordPress plugin directory, the first thing to determine is whether or not there’s really a need for the plugin. Is this plugin critical to the site?

Finding out if you really need a plugin especially becomes important when you’re browsing the top plugins in the WordPress plugin directory because you might be tempted to install a plugin simply because many other sites seem use it too.

Can I do what I need without this plugin?

The idea of clicking the "Install" button and everything just working makes plugins highly attractive.

For non-developers, using a plugin for even the simplest functions might be necessary. However, if you’re a developer with good understanding of PHP, MySQL, web development best practices and a bit of time, writing your own code in WordPress’s functions.php might be a better option so that you can avoid dependencies on third-party plugins.

For example, searching for "Facebook Like" in the WordPress plugin directory returns over 700 results. If your only objective is to add a Facebook Like button on your WordPress posts, that’s easy to do: get the code from the official Facebook Developers docs, and then put it in the appropriate location in your theme’s single.php or functions.php.

Is this plugin better than another competing plugin?

The idea is to get a good list of options before you make a commitment to a particular plugin. Start by searching the plugin directory and putting together a quick list. Do research on each, looking for reviews of each plugin online.

Here are a few things to keep in mind when performing research on WordPress plugins:

  • When was the information published? Things quickly change in the world of WordPress, so make sure the review is still relevant.
  • Don’t gloss over premium WordPress plugins. There are some great paid options out there that may not be at the top of your search results, or may not appear to be as popular compared to their free, open source counterparts. I recommend you evaluate them as well. They also often come with active support from the plugin developer in case you run into trouble.
  • Regularly review your list of plugins. Compiling a good list of plugins will require some time. Because of how fast things change, I recommend that you regularly revisit your list (I do this at least twice a year).

Which plugin author has the most credibility?
When you choose a plugin, you’re placing trust in its author. It’s important to have chosen an authority that has the strongest level of credibility.

Determining credibility can be difficult. A new developer on the scene may be the best choice, yet may lack the publicity and reputation of an older developer.

There isn’t an exact science to answering this question, but here are some things to consider:

Review the plugin’s activity. For plugins in the WordPress plugins directory, take a look at the ratio of support tickets answered over the past, say, two months to determine how responsive the developer is.

Here’s what the All in One SEO Pack plugin’s support forum page looks like:

You can quickly see how many tickets are resolved in the Topic column and when the last time a ticket was responded to in the Freshness column.

For a premium plugin, look at their official support forums (if possible) and check how many of the questions are answered and how long a time period elapses between answers.

Try to figure out why the developer created the plugin. What motivated them to do the initial work? What’s motivating them to continue work on the plugin? The answer isn’t always obvious and the seemingly "obvious" answers can be wrong. Maybe it’s to scratch their own itch. If it’s a spare-time hobby that the developer took on for fun and experimentation, you might be at risk of them falling disinterested in their project. If developing the plugin is a full-time endeavor (as is the case with some of the premium plugins) then the developer’s motive to continue development and support remains high.

Determine, as best you can, the developer’s level of experience. Is this their first (or only) plugin? What kind of work do they do for a living? Have they made contributions to WordPress core? Though experience is not the only measure of talent, many times, it’s a safe starting point.

Which plugin has the best update track record?

As you narrow down your list of plugins, consider the plugin’s update frequency. For plugins hosted in the plugin directory, look at the Changelog tab to see notes on what was done with each update.

Also, Go to the Developers tab and look at the Development Log on Trac to see how much time has elapsed between updates.

Akismet’s Developers tab

Akismet’s Development Log on Trac

As you review this information, below are some things to consider looking at:

  • Evaluate the types of changes made to the plugin. A long list of bug fixes, while good to have them resolved, may suggest sloppy coding practices on the part of the developer and the risk that there are more bugs yet to be found. A plugin full of "Feature Requests", while they might seem good on the surface, suggests a developer that may not have a clear sense of focus for the future of the plugin and it might end up being a monster down the road.
  • Evaluate the amount of time that has lapsed between updates to the plugin. Keep in mind the simple nature of some high quality plugins may not require many updates. An important factor is consistency. Updates on a monthly basis are better than updates on a daily basis for a month, followed by six months of silence.

Which plugin has the most widespread adoption?

Consider the usage and recommendation of the plugin throughout the WordPress ecosystem. How many downloads does it have? Who’s recommending it and why? What’s being said about the plugin?

As you ask those questions, keep in mind that the popularity of a plugin doesn’t automatically make it the best choice. While certainly a factor, weigh its popularity against the other answers to the other questions you’ve asked about the plugin’s author and update history.

Be willing to go with a less popular (for now) plugin that has a solid developer behind it.

Conclusion

Plugins are important to WordPress. But I recommend keeping your plugin use to a minimum and looking for ways to accomplish more with less.

Share your thoughts about WordPress plugins in the comments!

Related Content

About the Author

Jonathan Wold is a full-time web developer with more than 6 years of experience as a WordPress consultant. He’s passionate about sharing what he’s learned with others and is developing a premium course on how to build a web development business with WordPress. Catch him on Twitter: @sirjonathan.

39 Comments

L'Elite

August 9th, 2012

Good article, I think changes made to WordPress.org are really helpful for plugin developers. Certainly creating a plugin isn’t an easy task, moreover keeping up to the open support threats is really time-consuming. I created a plugin for WordPress 3 multisites called Network Latest Posts, I started this as a personal project then I thought it could be helpful for others so I submitted it to the repository.

At first I didn’t have enough time to make some changes so I kept postponing the improvements, two months later the new Support tracking system implemented by WordPress made tracking old requests an easy task. You can quickly spot new open threats, messages you haven’t responded to, and keep a personal record of what has been done and what is still pending. There is also the great opportunity for us (plugin developers) to get invaluable feedback from users around the world, which makes you improve your code and plugin functionalities incredibly fast.

IMHO those changes made to the WordPress.org site, along with the way developers connect with users will help to improve the overall quality of plugins available through the plugin directory.

Plugins are born out of necessity and made to achieve things that wouldn’t be possible with few functions wrapped inside the functions.php file, so before downloading a plugin, google for some solutions to accomplish what you want without using plugins, if you can’t find anything suitable for your needs then give the plugin a try, and as the author stated, check the author’s reputation, some people just copy other’s code without really knowing what they’re doing and those plugins can jeopardize your website.

Matt Geri

August 9th, 2012

Love this article Jonathan. You’ve put forward some great points.

It’s especially useful for plugin developers like myself. We need to make sure our plugins are up to date and always developed with the greatest integrity. After all, our plugins are used by thousands and sometimes hundreds of thousands of people, businesses, non-profits, etc.

Matt

bryan allain

August 9th, 2012

wow, comprehensive take on things Jonathan! will definitely think twice before adding plugins so easily like I’ve done in the past. good stuff.

Barry Campbell

August 9th, 2012

Great article, Jonathan! Also, I look forward to receiving my copy of “How to Build a Web Development Business with WordPress”. Looks like thorough information!

Becky Smith

August 9th, 2012

Hi Jonathan, I’m one of your Killer Tribe-mates. Even though I’m not ultra tech savvy, I picked up a lot of great info from this post–thanks for taking the time to put together such helpful information. Excellent content and very well presented.

Evan Solomon

August 9th, 2012

Plugins don’t have to be from a third party, you can write you own just like you can write your own theme functions. The distinction is fictional and misleading. There’s no magic number of plugins either. 40 isn’t too many and 1 isn’t too few. I have plugins running that are 1 line of code.

By the way, you seem to be running very old versions of WordPress core that you haven’t updated. If you care about performance and security like you write about here, go ahead and click that update button.

Martin Bay

August 9th, 2012

Nice post about WordPress plugins. Yes, I also try ans used the least plugins I can with WordPress. Some very good hints on which plugin to choose.

Jason

August 9th, 2012

I find it interesting I found two articles about WordPress plugins on the same day that have sort of opposing thoughts/arguments about them. Have you read Pippen Williamson’s article on wp.tutsplus.com? Here is the article: http://wp.tutsplus.com/articles/general/functionality-plugins-vs-themes/.

Duru

August 9th, 2012

Great article on plugins and how to decide whether they are worth installing. I find it is worth paying a developer a few bucks to customize my website to replace the need for “off the shelf” WordPress plugins.

~Duru

Mark Stonham

August 9th, 2012

This is timely as I’m doing a summer update of my WordPress powered website.
I have been experiencing some issues due to incompatibility of plug-ins, so I was de-activating some to trace the issue.
I’ve also checked the website of my theme provider, WooThemes,and discovered loads of new extras from the developer, like shortcodes, social plugins, e-commerce and more. I’m intending to replace various third party plugins with ones from the developer.
Wordpress, and the community, is a great platform.

Guskar

August 9th, 2012

I agree with the article, so I tried to use plug-in to a minimum, because I feel it, the website is slow.

Eamonn

August 9th, 2012

Nicely put !

A while back we fell victim to adding dozens of plugins to our site for every concievable piece of website functionality. These days, we stick to the absolute basics when it comes to WordPress.

David Radovanovic

August 9th, 2012

I’ve always avoided adding WordPress plugins though it’s a matter of “How much time do I have?”. In fact I reserved wordpresswithoutplugins.com nearly a year ago, though “I haven’t had time to build it”. Go figure.

sang penghibur

August 9th, 2012

Thanks for your great article. Does many plugin will slowing a blog? What the effect of this?

Pixelless

August 10th, 2012

Worth reading, thanks !

Valerie McEvoy

August 10th, 2012

Wow, I think I need to look at why I have so many analytics plugins. Clicky, Statpress and of course I have Google Analytics code in the site. Might be overdoing that facet!

JHawes

August 10th, 2012

Completely agree with all of this – very important topic. I recently had a different WordPress issue where the plugins were not slowing down my site so much, but rather they were hogging my server’s bandwidth and causing my host to temporarily suspend my account about once a week. In the end, disabling a few plugins solved the issue.

Raye Cage

August 10th, 2012

Thank you for sharing this info. Reviewing a plug-ins activity & checking the changelog to see the track record for updating it is something I have never done… until now. From now on I will be more discriminating.

Terry Lewis

August 10th, 2012

Great article and it makes you think about your development approach. In our case it usually comes down to a choice between time, cost and convenience.

Getting custom code to solve problems rather than use a plugin is not necessarily a better solution depending on the quality of the code being written by that developer and the availability of that developer.

Keep the great articles coming.

Pippin

August 11th, 2012

There is no such thing as too many or too few plugins. The performance impact that plugins have on your site is purely determined by the quality of the plugins, not the number of plugins you have installed. Please stop telling people this, it’s horribly wrong.

I personally run 50 plugins on my site and score perfectly on speed tests. As long as you know what your plugins do and that they do it well, you can easily run 100 or even 200 plugins on your site.

The people that get in trouble with plugins and end up with a slow site are the ones that just install and activate plugins without knowing if they are high quality or not.

You could easily install one single bad plugin and bring your site to its knees. The number doesn’t matter.

Jeff Hoots (@jeffhoots)

August 11th, 2012

As a WordPress newbie, this is a good head’s up! I’ll resist the temptation to load up on plug ins.

You could follow up with a post on essential plug ins!

Scott

August 12th, 2012

Great article, thanks for the insight.

Bob Dunn

August 12th, 2012

This is a great overview and something worth sharing. You have hit so many hot spots that I agree with.

The only one I question is “Can I do what I need without this plugin?”. For a lot of people this is a no-brainer, but in a couple of instances, it can be a challenge.

For example, some people, even when guided, are deathly scared to mess with any code. So asking them to even drop in a line in a php file can cause them to break out in a sweat.

The other issue is that some developers will do this because they know it’s better than adding a plugin. But I’ve seen this happen a lot. Once it’s handed over the user, and they want to do a simple edit, that might have been as easy as switching out a plugin, suddenly it’s a mystery to them how to make this change and end up hiring a developer to tell them what to do. It takes aways the simple CMS that so many users expect from WordPress.

Great post though!!

juicypx

August 12th, 2012

Some plugins might slow down WordPress through additional HTTP requests. Most well written plugins don’t. But please note that plugins are not generally evil. In no case should functionality be included in the WordPress theme instead of a plugin. Plugins serve the purpose of adding functionality, not themes. Loading a higher number of well written plugins that don’t add HTTP requests won’t increase the load time of the site. Read http://wp.tutsplus.com/articles/general/functionality-plugins-vs-themes/ to learn more.

Brig Young

August 13th, 2012

Fantastic write-up Jonathan. I especially appreciate how you included flow charts to clarify the analysis process. Thanks!

Jacob Gube

August 13th, 2012

We updated this article to clearly state that it isn’t about the number of plugins, per se, that slows site, but that having a lot of plugins increases the chance that your site becomes less responsive. Apologies for any confusion.

Steve

August 13th, 2012

You give some very good general guidelines for plugin selection. However, I’d like to see some guidelines on plugins specifically for the back end. For example, a plugin that allows you to change the order of admin menu items in the dashboard. Or change the colors of admin menu items. Or one that you just trigger manually to inspect your database tables. Or one that generates a duplicate post. Can you assume that such plugins do NOT impact performance?

Susan Taylor

August 14th, 2012

More than informative to someone just getting started in the world of blogging. Thanks and Namaste Jonathan!

Shalu Sharma

August 15th, 2012

Very good article and checklist. I too have added some plugins later to find out that it has slowed the site quite a lot. Sometimes it messes up the codes.

Freedom Studios

August 15th, 2012

A very useful article indeed, thanks Jonathan. I think that at times we become a little complacent when it comes to checking out certain plugins and seeing whether or not they are actually necessary. I think continual checking up and removing the redundant ones is a good idea.

I would be great if we has some sort of way that measured how different plugins affect performance so we could know which ones where causing the most problems.

Metin Ozer

August 15th, 2012

Great article, a must-read for all WP newbies in my opinion. Everything may start to fall apart if conflicting plug-ins are used and “starting over” too many times is the breaking point, some people do actually lose their appetite for blogging when/if technicalities start to hinder them. Thanks again for the article, the diagram of logic will help lots of people in particular.

Konstantin Kovshenin

August 17th, 2012

However, if you’re a developer with good understanding of PHP, MySQL, web development best practices and a bit of time, writing your own code in WordPress’s functions.php might be a better option so that you can avoid dependencies on third-party plugins.

This is bullshit. If you’re a good WordPress developer you’ll know that your functions.php file exists for nothing more than your theme functions. Putting snippets and other junk in your theme’s functions.php file is actually a bad practice and should be avoided at all costs. Use plugins instead, because that’s exactly what they’re made for.

Rocket Mary

August 19th, 2012

Great article. This should be a must read for anyone with a WordPress blog. I don’t think many beginners know anything about the downsides to plugins and that is why they end up with 50 plugins and a slow site that is easily hacked.

Alexander

August 20th, 2012

I think the biggest problem with plugins is as you mention above: exposure on long term. Some plugins were built and forgotten. The author didn’t updated them and our website has to suffer.

Using some plugins can be really helpful for our website, but this mean to depend by someone and to hope that the plugin author will be in trend and will always update his plugin.

Kathryn

August 20th, 2012

Really great article, thanks.

Lashan W

August 20th, 2012

This is an excellent post. One of the easiest things to do first is simply look at all the plugins you have installed and deactivate or delete the ones that aren’t used. Also read the documentation of the theme that you are using and make sure that the theme itself does not contain the needed functionality before looking at plugins.

Angela@ineedsyou

September 3rd, 2012

Real true. This is a real fact that using many plugin or wrong plugin slow down your wordpress and till then we understood this our sites goes down and down. You gave a right direction to check all these.Thanks for the pdf info.

Neil Yamit

September 23rd, 2013

Thanks for this post.

I’ve noticed a slight slowdown on my website after installing 2-3 plugins (Jetpack, Social plugins, etc.). Since then, I have made sure to use as few plugins as possible.

Leave a Comment

Subscribe to the comments on this article.