I get pinged at least once a week, if not a few times during a week, about plugins – which ones they should use, download, and how many a blog or WordPress website should have.
Ultimately, there isn’t any exact science to these questions but there are some general principles that seem to be agreed upon by those who work with WordPress professionally.
I wanted to post simply here so as to direct people to this so they can have their questions answered succinctly, especially around performance and security.
The question usually is asked like this:
How many plugins should I have? Does having more increase the risk of getting hacked? Does having more mean that my site is going to be slower?
What they are generally asking in the first question is to find a “top limit” of what someone may feel is “enough” plugins. In other words, what’s the total amount that one should have. The answer is simple: You can have as many as you want as you can do whatever you darn well please but I counsel people to limit the total amount of plugins for two reasons:
- Management – The less you have the less you have to manage in terms of updates. This saves you time. That’s always a win.
- Less Might Be More – I believe if you strategically look at your blog and site you may come to realize that many of the plugins are not as useful as you might have originally believed. In fact, you may not need a good majority of those plugins. Keep it trim and ask yourself the hard question of “Do I really need this?” and “Do my users really find this feature useful and valuable?”
To answer the second question of security I want to debunk a common misconception that many people have which is that the more plugins you have = the higher risk.
This is false. It isn’t the amount of plugins but rather about the amount of poorly developed ones that you need to be cautious of. You can have 50 plugins installed from trusted providers who build safe and quality products and be completely fine. Or, you could have 5 plugins from the corners of the internet that may leave you entirely vulnerable.
Look at the reviews of the plugins, date of updates (when it was last updated), the support area, as well as the general perspective of the community about it. Do your research so you don’t get bit. And test it on a local install so that it doesn’t conflict with other plugins.
Finally, the third question of speed. The number of plugins can impact speed if they are poorly developed or are super-bloated and causing your database to slow down in crazy ways. Server specs and hosting speeds can offset some of this but poorly coded plugins are simply poorly coded plugins and will impact performance.
WP Beginner has once said that they actively run 53 plugins and their speed is great:
Syed lurks around here from time to time and can answer specifically if he wants. They even have an answer themselves.
The point of speed, performance, and security is all about lowering risk on all fronts. There are enough opportunities and techniques for optimization but again, less may just be “more” for your WordPress site and blog.
Hope that helps.