Why You Should be Careful Before Installing that WordPress Plugin

Plugins are small pieces of software that allow WordPress to do new things. Since the WordPress core is by design very lean, these third-party tools are required for bloggers to accomplish a variety of popular tasks.

We often see blog posts that talk about the best WordPress plugins that you need to be using, and with plugins for social media, plugins for SEO, plugins for e-commerce, plugins for advertising, and plugins for images and video, it might seem like there is no end.

But in addition to the staggering variety of plugins available, there are a couple of additional concerns that are important to understand before diving in.

1) Plugins can be a security risk – The most important thing to be aware of is the fact that vulnerabilities in the code of a plugin could put your entire site as risk. For example, in 2011 it was discovered that an image resizing PHP library named TimThumb, which was used in many plugins, had a dangerous vulnerability that led to thousands of WordPress sites being hacked.

The WordPress core goes through rigorous testing to troubleshoot security issues, but the fact that plugins can be created by anyone with practically no oversight makes them a much easier target for hackers.

You also cannot guess when a developer might abandon the project and disappear, ending support and updates for your plugin.

2) Plugins can slow down your site – In addition to compromising your security, poor coding in a plugin can also have an effect on your regular site performance. Some plugin developers, though well-intentioned, use bloated or unnecessary code that puts a strain on your site’s resources and causes it to load much more slowly. For example, some plugins make unnecessary HTTP requests or duplicate calls for JavaScript libraries (source).

This is why when you open up a support ticket with your host or post on a forum about a slowly-loading site, “what plugins are you using” is usually the first question you’ll receive.

Relatedly, many people speculate that search engines now take into account clean code when determining rankings, so a bunch of poorly-written plugins could negatively affect your SEO efforts.

What should I do about these WordPress Plugin risks?

There are a couple of things you should do to make sure you are not risking the safety of your site when you use plugins. First off, you should always update your plugins as well as the WordPress core right away when there is a new version available. If you operate multiple sites, be sure to check them all regularly, either in your hosting control panel or WordPress dashboard.

Often, new versions of WordPress patch security holes that were identified in the previous install, and it’s crucial to get these installed as quckly as possible. The biggest security risk is operating with outdated plugins or WordPress.

Also, don’t go overboard with your plugin installations. It is not the total number of plugins installed that causes risks for your site performance or security, however, but rather the code used in those plugins.

Many developers, for example, use dozens of plugins in every site they create for a client, but these are all carefully vetted for quality. Because of this fact, you should research each plugin carefully before trusting it on your site.

Before installing, check the last time the plugin was updated, as well as the reviews and comments from users. Also look into the developer: is he or she experienced and well-respected or is the plugin one of his or her first coding projects?

Finally, you should think about the function of the plugin and ask whether it’s something your site absolutely needs. It’s easy to get impressed by flashy features, but at the end of the day your visitors want to see quality content and a clean design; you don’t want to overwhelm them. (Of course, not all plugins are visible on the front-end but this is still important to keep in mind.)

If the goal of the plugin is something simple, you might be able to find code with a little Googling and add it to your functions.php yourself. In the long-term, you could also consider whether there is a theme (either free or premium) that has the features that you need out of the box. For example, some themes feature robust social sharing functionality or SEO tools, and if that is a priority for your site you may want to opt for this on the theme level rather than relying on a third-party plugin.

Overall, it’s not the quantity that matters with WordPress plugins, it’s the quality. Be sure to do some research before installing every plugin under the sun, and always keep them updated!

Have you ever had any issues with WordPress plugins? How many do you use?

The following two tabs change content below.

Andrew Walsh

I'm Andrew Walsh, a web entrepreneur, author and academic librarian. Check out my book Savvy for the Social Web, or learn more about me my personal homepage. If you're interested, please follow me on Twitter and Google+
Did you enjoy this post? Sign up to get our best content sent by email.

There are no comments yet. Be the first and leave a response!

Leave a Reply

Wanting to leave an <em>phasis on your comment?

Trackback URL http://socialwebenterprises.com/why-you-should-be-careful-before-installing-that-wordpress-plugin/trackback/