There are over 50,000 plugins in the official directory, with new ones added daily. Having so many alternatives is a great thing indeed, but the dilemma is which one to choose when you find several solutions serving the same purpose. How do you know what’s the best choice for your site? You don’t. You just need to research and compare.
This is what we are going to talk about in this article – how to choose reliable plugins and what are the risks of not paying attention to a few important details throughout the process.
Places to find (free and premium) WordPress plugins
We all know that plugins are probably the most exciting part when it comes to building a site or a blog on WordPress.
The WordPress plugin market is extremely diverse. You can find a ton of free quality WordPress plugins, most of them available on WordPress.org. There are at least as many paid solutions that are usually preferred by larger sites because they come with extra settings and features. Most of them can be found on marketplaces like CodeCanyon or on independent online vendors sites.
Where can you normally hear about a plugin? You either read about it on a WordPress-dedicated blog (like Torque), get recommendations from friends or WordPress experts, search on Google, or go directly to WordPress.org (the biggest source of free tools) and then eventually switch to pro version if you like the product.
For instance, on CodeCanyon – the biggest marketplace with premium plugins – WordPress plugins make 71% of total revenues even though they represent only 25% of all the various products provided by the store.
Why you should care about what plugin to choose
You should care a lot about the plugin that you are about to install on your site because, no matter how harmless it looks at a first sight, it can become dangerous in time if not monitored or updated accordingly.
Plugins can affect your website in many ways, and I covered the most common situations below.
Some plugins weigh more than others; if you install many of such plugins, your site can gain a bit in terms of loading times, hence it is likely to work slower than usual.
How can you tell if a plugin is slowing down your site? Just use a website speed checker like Pingdom and do two rounds of testing: before and after installing the plugin. This way you can notice whether your website’s performance changed and by how much.
Your tools and themes
Sometimes, some plugins are incompatible with your current theme or with other plugins running on the site. This is happening because of the way the plugin was coded, which can cause inconsistencies between two separate parts. A single line of old, un-updated code can bring serious damage to various elements of your site.
A similar issue happened recently when WooCommerce 3.3 affected lots of themes, which led to a big controversy in the community, anger among theme developers who had to fix what got broken, and WooCommerce plugin being taken down temporarily from WordPress.org.
Security is perhaps the most important aspect because the last thing you want is to get hacked; it takes a lot of work to put things back in order and you can lose essential data.
A few months back, Captcha plugin was reported to have been used by its own authors as a backdoor to break into users’ admin pages. It was eventually removed from the repo right after being detected, but it still had the time to harm a considerable number of websites.
Things to look into before getting a plugin
When you’re looking for a plugin, it’s not enough to just find it, read its description, hit Download/Buy button, and you’re done. Picking a plugin requires a long and thorough research in advance even if it’s free. Actually, I’d like to emphasize here especially if it’s free.
So, where to look before starting to use a plugin?
User ratings and reviews
Don’t be surprised to find out interesting stuff about a plugin from the people who already tried it, which doesn’t usually coincide with what the authors claim. If most of these opinions are negative, it’s probably not delivering what you expect it to deliver.
In the compatibility section, you can see when was the last time the plugin was updated. If it’s more than one year (and I’m being indulgent), I wouldn’t go for it. If the developers didn’t update it in such a long time, it means there’s a big chance that the plugin won’t work in concordance with the latest WordPress releases and possible vulnerabilities have not been fixed during this period. Hackers only target insecure, outdated, and vulnerable products.
The compatibility with the latest WordPress release is also mentioned in the plugin’s info sidebar, so make sure to have a look at it too.
When a free plugin is supported, it’s a good sign saying that the developer is trustworthy and will help you in case any incident takes place.
Where to look for support? Go to the Support tab on the plugin’s WordPress.org page. There’s a forum-like page listing clients’ issues related to the product. The support page is a good proof indicating the author’s responsiveness and attitude towards the users. Having the support team involved in answering people’s questions about a free plugin is an advantage. Not only for when you’ll need support yourself, but it’s good in general to know that a team of professionals is behind a service that you use. It means they are taking their product seriously and care about keeping it functional.
The number of active installs
This tells you the number of websites where the plugin is currently active. Judging by one’s logic, if a plugin is active on many sites then it must be doing something right.
The FAQ section
Writing a documentation for a plugin requires a lot of work and time on behalf of the developing team. Listing the guidelines (similar to a user manual) makes the authors look professional and trustworthy. Some plugins have a separate tab for Frequently Asked Questions, but some of them list it on their Support page, just like the one in the image below.
(This is optional) If a plugin that’s translated into your native language represents an important factor in your decision making, you can also see what languages it has been translated into by checking the Languages section.
Do the same for premium plugins
The tips from above are based on the free plugins in the official repository, but they apply to all the premium services as well. For instance, the process remains the same on CodeCanyon. The research here must be even stricter because this time you pay in order to get a product, unlike WordPress.org where you can install the plugin for free and see for yourself how it works.
When looking for plugins on CodeCanyon, check the last update, the compatibility, people’s comments, and the support tab. You should always give people’s comments and reviews a second look because they reveal real facts and experiences with the product.
If you find a plugin on a third-party website (aka an online shop that sells it independently), investigate the provider on the web. Read about the company on other WordPress blogs, check their website and products to see what’s their business status, read the comments (again) and see if the provider is trustworthy.
How to avoid plugin issues
Plugin issues can be definitely avoided if you are cautious enough. It’s also true that sometimes, no matter how much you try, bad things simply happen. But this doesn’t mean that you have to just let them happen without taking all the precautions on your end. By doing so, you can reduce the probability of a disaster consistently. I mean, you just need to do the basics, it only requires attention and a few dedicated minutes per week.
Don’t install more plugins than you need. Keep the list short; only what you need and use. The fewer plugins, the smaller probability of vulnerabilities and attacks. If you want a plugin for SEO, don’t use three of them for the very same purpose unless they bring significantly different features that you can’t find otherwise.
After you cease using a plugin, deactivate it, and eventually delete it. Even when it’s not active, a plugin that remains installed can get hacked as well. With each plugin you keep on your site (be it active or not), you leave more room for the hackers to find convenient entrances. Getting hacked via a plugin that you don’t even use can be truly painful.
Constantly update the plugins in your dashboard. To avoid any kind of problems, just check your plugins’ page once in a while and update them; once a week is just fine. Updates usually come with fixes for vulnerabilities and security issues that take place over the time in the plugin’s code. Every time a new version is available for a plugin, there will be a note under its name on the Installed Plugins page. Just click on it and it takes a few seconds until the update is done.
Whenever you need a plugin for your website, remember that it’s not enough to simply find one and you’re all set. It’s the research that matters most even though it takes more time along the process. After all, you want something safe, reliable, unlikely to harm your site, right? Investing time in finding information and putting in balance all the pros and cons of a product will lead to an objective and efficient solution which won’t probably help you in the short term, but will guarantee the protection and support of your site on a longer period of time.