We can’t send you updates from Justia Onward without your email.
Unsubscribe at any time.
Plugins help drive the ongoing WordPress popularity by allowing you to expand upon the platform's core functionality to create a customized website. With so many options available, how do you decide which plugins your site needs? Check out this post to learn a few things to consider before plugin installation.
Think of a feature that you want to implement on your website. What was it? Live chat? Search engine optimization (SEO) assistance? Something else? There is a big chance WordPress already offers a plugin to accomplish your goal! Currently, there are over 59,000 plugins available to expand upon the platform’s basic functionality and customize your WordPress site.
If you want to build a super customized site, this may be music to your ears. But wait!
Before you get adventurous and start installing new plugins, there are a few things you need to consider and check out, including:
- Basic Plugin Information,
- Performance Concerns, and
- Security Information.
Basic Plugin Information
Let’s use Yoast SEO plugin as an example. On the plugin’s page, you will find the Details tab. This section offers information about the health of the plugin. When reviewing this information for a new plugin, you will want to pay close attention to these values:
- Last Updated: Abandoned plugins generally have a long period without any new updates, while a well-maintained plugin will often have more frequent, periodic updates.
- Active Installations: A large number of active installations may indicate a popular plugin. More popular plugins typically receive a lot of support and have a dedicated team of developers working on them.
- Ratings: As with many other products, ratings indicate what other users think about the plugin and can help you evaluate whether the plugin is worth installing for your site.
- Support: The details in this section can help you determine whether the plugin receives regular attention from the developer.
In addition, there are other details you should always consider before installing a WordPress plugin. To determine whether the plugin is compatible with your current WordPress version, you should check the WordPress Version, PHP Version, and Tested Up To value.
If you attempt to install a plugin that is not compatible with your current WordPress version, you may create conflicts that cause your site to go down or otherwise malfunction.
It is also a good practice to make a habit of checking the WordPress Site Health Status page, where you can identify issues with your site and find solutions to resolve problems. You can locate it under Tools > Site Health.
Performance Concerns
Performance concerns are another key reason to think twice before adding new WordPress plugins. These plugins range from just a few lines to several megabytes of code.
When you install and activate a plugin, all of its functions will be included in the WordPress load. What does this mean? When you open your website, everything (including plugins) will run at once. Without proper caching this could result in heavy CPU usage and database performance issues, causing you and website visitors to wonder why your site is so slow.
Related Article: Google “Speed Update” Now Rolling Out for All Users
To implement the desired functionality, some plugins inject assets, such as CSS or Javascript files, that are included on your actual website. For example, this may occur with calendars, custom forms, certain trackers, and more. While adding certain assets may be fine, some plugins may add unoptimized resources that drastically impact a site’s PageSpeed performance.
For illustration, the below image shows Google PageSpeed Insights results listing “Reduce unused JavaScript” as an area of opportunity that is estimated to save more than 10 seconds during the page load. With the high load time, users with slow networks are likely to close the page and look for a different resource instead of waiting for this page to load.
With this result PageSpeed result, it is no surprise that the Performance Score for this page is 33. Remember, page speed matters and is now a ranking factor for Google.
In addition to impacting a website’s page speed, chat and form pop-ups are known for negatively impacting user experience, which is another Google ranking factor.
Security Information
With each new plugin you add, you also increase the risk of your site being compromised. Some potential risks include:
- Security vulnerabilities, either due to inadvertent code mistakes or intentional acts.
- Vendors selling plugins to third parties that later include malicious code.
Why Would Someone Want to Hack My Website?
Leaving script kiddies aside, some bad actors will compromise your site to run phishing scams, propagate spam, install crypto-mining malware, and undertake other similar malicious behaviors.
The open-source nature of WordPress and its plugins unfortunately means it is also common for hackers to find vulnerabilities inside plugins or the WordPress core itself. Then, they often start attacking sites in the wild.
It’s not uncommon to read about websites being hacked via plugins with security flaws. For example, just last month news broke about fake ransomware infections taking over websites via a bug on the Directorist plugin. It’s a constant battle between hackers and security researchers.
In an ideal world, hackers will find a security vulnerability and report it (responsible disclosure). In some cases, they can even earn income through a bug bounty program, but that is not always the case.
Related article: GoDaddy Breached – Plaintext Passwords – 1.2M Affected
What Should I Do to Avoid Being Hacked Through Plugins?
- Always install plugins from the WordPress plugins repository.
- Be very careful with plugins from other sources.
- Never install nulled plugins.
- Keep plugins up to date.
- Remove any unused plugins.
Additionally, installing a security plugin like Sucuri Security, or Wordfence, can help you add a layer of security to your website because these plugins include features designed to detect and block harmful requests.
Even if you follow this guidance and take all the right precautions, a chance remains that your website may be compromised. However, best practices help you significantly reduce the odds that your site will be hacked.
Final Thoughts: Why Do You Care?
If you have a WordPress website, then you almost certainly are intrigued by the customization options plugins offer. However, you also want to make sure you set yourself (and your website) up for success.
Before you install a plugin, check out the information discussed in this post. Check the support questions, how frequently the plugin is updated, and its ratings. Look at the plugin’s vendor. Be sure to do the research!
Finally, ask yourself whether the plugin’s features are truly necessary for your business needs. If the answer is no, maybe you just don’t need that plugin after all.