How can you tell whether a WordPress plugin is safe, trustworthy, and works reasonably well? Keep these 5 considerations in mind.
WordPress plugins are helpful. But they can also slow a site down, invite hackers and even cause a Google penalty.
These are my top five considerations when choosing a WordPress plugin.
5 WordPress Plugin Considerations
- The plugin is vetted by WordPress.
- It is popular.
- Changelog indicates plugin is not abandoned.
- Support participation and feedback indicate a healthy plugin.
- It doesn’t overlap with a currently installed plugin.
1. The Plugin Is Vetted by WordPress
Some paid plugins don’t have a free version. But many of the most respected plugins have a paid premium version and a free version that is vetted and included in the official WordPress plugin repository.
The fact that a free version has been vetted by WordPress provides assurance (to me) that there is some kind of quality control.
If a serious issue is discovered with a free plugin, WordPress will remove the download from its repository.
Coding that results in a vulnerability or a state of abandonment is one potential issue. There are many other reasons why a plugin may be removed, as outlined in the WordPress Plugin Guidelines.
It’s not a perfect system and doesn’t 100% ensure that the plugin is safe to install. But it’s generally safer than downloading a plugin that is not available through the official WordPress repository.
Premium plugins may undergo their own private testing. They are generally safe to purchase and download. However, it may be useful to research the testing and vetting practices before purchasing.
2. The Plugin Is Popular
I’m not totally convinced of the wisdom of crowds. However, I do feel a sense of safety in knowing that a WordPress plugin is popular and vouched for by many users.
Popularity by itself does not guarantee that a plugin is without issues. In fact, a few of the most popular plugins have been the sources of near-catastrophic issues or larding up web pages with needless code.
Nevertheless, popularity can (alongside other factors) contribute to an assurance that the plugin is likely safe and works reasonably well.
3. Changelog Indicates Regular Updates
Some plugins may be abandoned. Every plugin’s WordPress page notes when the plugin was last updated.
A plugin might not be updated because the function it performs is relatively simple. But in general, this is a sign that a plugin has been abandoned.
Abandoned plugins should in most cases be avoided.
WordPress is constantly evolving. Installing a plugin that hasn’t been updated could cause conflicts with the current version of WordPress or the version of PHP that your website runs in.
4. Support Feedback Indicates a Healthy Plugin
Every plugin page in the WordPress Plugin Repository has a support page. The support page may provide evidence of a plugin that has ongoing issues.
Typical issues might be that the code conflicts with other plugins. Sometimes the WordPress template may need changes in order for the plugin to function.
The support page will reveal any potential issues you may face before discovering them the hard way.
5. Plugin Doesn’t Overlap With an Installed Plugin
A common issue I see is when two or more plugins designed to do similar things overlap. This generally happens with structured data and speed optimization plugins.
The usual result is that you have more plugins than you need.
It’s important to use as few plugins as necessary. Overloading your site with plugins can slow down the server.
Even a plugin designed to speed up your site may slow down your site if you are using too many of them at the same time.
Before you install a plugin, think hard about how this plugin will solve your problems. If it doesn’t solve all of them, will installing a second or third plugin cause duplication in functions?