There is no doubt, the plugin ecosystem is a key factor to WordPress’ success and its main strength. However, it also is its main weakness. In fact, a great number of security and performance issues came from plugins and caused great damage on a large number of websites. Moreover, incompatibilities between plugins can cause serious bugs on WordPress websites.
For that reason, it is crucial to be careful with the plugins you install and to learn how to perform a good assessment of the plugins that are reliable or not. This is what we explore in this article.
Obvioulsy, the plugin you want to install must be usable with the latest version of WordPress, which should be the one you are using if you care about the security of your website. If you install a free plugin, you should favor the ones available on the wordpress.org directory. On this directory, you can see the date of the latest update and the compatibility with your version of WordPress. If you are assessing a paid plugin that is not available on the directory, search this information on the plugin’s website.
Once this is done, you should check if the plugin you are about to install is compatible with other popular plugins, whether they are installed on your website already or not. For that, you can do a Google search using keywords like “Your plugin + WooCommerce”, “Your plugin ” SEO Yoast”, and so on… Check the first two-three search result pages every time to make sure there are no major conflict between the plugins.
The maintenance of your WordPress website is extremely important for the security of your website and data. For the core, you don’t have to worry too much, as the community is very active around core development. On the other hand, some plugins, developed by a single person or by a very busy team, can have important issues in terms of updates.
If the plugin will only play a minor role on your website, the risk is probably much smaller. However, if you count on this plugin for important activities on the website, you better assure that you will be able to keep this plugin installed for some time.
For that purpose, you can check the activity level of the support on the said plugin in the wordpress.org directory. If there are regular updates and the dedicated support forum is active, it’s a good sign. You can also visit the development team’s website to assess its size and activity level. Finally, if the plugin is really important to you, you should not hesitate to contact the team to assess their responsivitiy and their professionalism.
Although popularity is not the ultimate measure of a plugin, it give a good general indication of the previous users’ experience with it. For a WordPress plugin, as indicated above, the best place to assess its popularity is the wordpress.org directory. On the plugin page in the directory, you will see the rating left by other users. Browsing through the reviews, you will see what are the common issues with this plugin.
Some plugins experience bugs that can destroy a website, thus it’s important to identify these issues before installing anything and potentially damaging your business. To identify this kind of problem, you can do some Google searches with keywords such as “Plugin name + problem”. Browse through the results to give yourself an idea of the potential issues, but also to evaluate the developers reaction when facing these issues.
Finally, you will need to assess the potential security issues that the plugin could cause. For this, you can use WP Scan’s plugin analysis tool, which will tell you about every detected security concerns for a plugin. It goes without saying that security issues in the past do not imply poor quality of development. In fact, popular plugins will statistically have more security holes detected, as well as old plugins will have more known issues than very recently launched plugins. Check thoroughly that every security bug has been fixed, and you will be able to download the plugin knowing what you are doing.
As you can see in this article, the installation of WordPress plugins should be taken seriously. For this reason, at WP Expert, we have prepared a tool that will allow you to compare WordPress plugins before downloading and installing them.