All plugins are (not) created equal
Plugins are the new black in WordPress site development, and picking out the perfect plugins for your site can quickly become overwhelming. The WordPress.org plugin repository hosts over 26,000 plugins and the plugin forum contains over 1.3 million posts. Check out this plugin wordcloud – what stands out amongst the rest?
With so many plugins to pick from, how do you know what you’re about to install on your site?
The quick And dirty
Plugins are here to stay, folks, and while there is a lot to learn, many of us just need a quick way to say yes or no to a plugin option. Personally, I like to evaluate using the following key points:
- All plugins are not created equal.
- Plugins can make or break your site: literally.
- Stranger danger!
- You get what you pay for.
- Quantity v. quality does not apply – good coding does.
Before we get down into the nitty gritty of each component, I’m going to offer a little fashionable advice about plugins. I bet you didn’t know that picking the perfect plugin was like picking out your next perfect little black dress!
WordPress’s little black dress
Women around the world know that a wardrobe isn’t complete until there is at least one little black dress hanging in their closet. And any well trained shopper knows that when it’s time to buy a little black dress, there are some key elements to keep in mind:
- Not all dresses are created equal.
- A good ‘little black dress’ can make or break your night.
- Designer stranger danger when you have to go to a formal affair!
- You definitely get what you pay for – but never dismiss the clearance rack!
- Quantity v. quality? Well, you can never have too many good little black dresses!
Who knew evaluating plugins was the same as going shopping for a sexy new cocktail dress? Taking the time to find that perfect little black dress is like taking the time to find the right plugin. You need to know what you’re looking for and where to find it.
All plugins are (not) created equal
No two plugins are the same. They may appear to do the same thing, but they won’t. The title and this heading are the main points that must be driven home – plugins are as diverse as the little black dress. And researching the plugin before you go installing it will yield a greater return than just picking the first free one you run across. Paul Clark, WordPress core contributor, Styles Plugin author and Technical Director of Brainstorm Media offered the following advice when evaluating plugins:
You can learn a lot about a plugin author’s practices by seeing what other developers say about them. Is the plugin author a WordPress core contributor? You can find a list of all the developers who help create WordPress in the WordPress credits screen. (WordPress Admin > About WordPress > Credits). Clicking any of those names will take you to a list of plugins they’ve written, as well as plugins they’ve favorited. I’d much rather use a plugin that Mark Jaquith favorited (a WordPress Lead Developer) vs. one created by someone less involved in day-to-day WordPress development.
Plugins can make or break your site: literally.
In June, Checkmarx released The Security State of WordPress’ Top 50 Plugins which reported, “…more than 20% of the 50 most popular WordPress plugins …[and] 7 out of the 10 most popular e-commerce plugins contain vulnerabilities.” Checkmarx’s findings were a bit surprising.
Be careful when installing plugins, avoid anything that can cause a security breach. If you are concerned about your domain’s current state, head over to Sucuri and scan your domain.
Carrie Dils, a well-respected WordPress consultant, had this to say about the wide array of plugins:
Plugins aren’t inherently evil, but you should approach with caution. When looking for plugins, check to see that it’s been recently updated, that it has a 4-star rating, and that the support area is active. Do a little homework before you go wildly installing stuff.
Don’t take candy from strangers. Don’t talk to strangers. Don’t open the door to strangers. All the things your mom told you when you were growing up apply now to plugins. It is stressed in every single article I’ve ever read about plugins: know the developer. If you don’t know the developer – take the time to get to know the developer. Why? Because support from the developer is a huge plus when dealing with ornery plugins. And knowing that a developer cares about WordPress best practice will make all the difference in the world for their plugins.
One key way to vet a plugin author is to look at the support responses, either in the WordPress.org forums, or on the plugin author’s site. While not every request will be responded to you want to see a plugin author still present and responding to users. Pippin Williamson is a great example of this with Easy Digital Downloads. He responds to many requests on WordPress.org, and also makes his support forums public on the Easy Digital Downloads website so users can benefit from responses there as well.
Personally, one of my favorite go-to sources is Adam Warner from FooPlugins – a commercial 100% GPL plugin site. I know Adam Warner and trust him as a professional developer. He is not going to sell me a crappy plugin, nor direct me to a bad plugin. I feel confident referring others to their site knowing how well they will take care of them. You may have your own favorite WordPress.org or commercial plugin author – feel free to share in the comments section below!
You get what you pay for
This section isn’t to promote paid plugins over free plugins: we are going to focus on quality. I consider plugin ratings much more important than the cost of a plugin. A good example of this Yoast’s WordPress SEO vs. All in One SEO Pack. Both are excellent plugins, but compare the numbers: WPSEO has 5M downloads, 2,500 5-star reviews, and 154 1-star reviews. AIOSEO has 15M downloads, but only 780 5-star reviews and 316 1-star.
So, even though WPSEO has fewer downloads, its users are much more likely to have a great experience and write about it. It’s also worth noting that download count is all downloads, including updates. It’s not necessarily active users!
Quantity versus quality
Site efficiency is key. It’s not a large number of plugins that causes a slow or crashed site—it’s a small amount of poorly written programming. Chris Lema, WordPress extraordinaire, has written hundreds of articles about plugins had this to say about plugins and website development:
Choose focused ones, not ones that try to do everything. Make sure the developer has been around a bit and make sure the plugins are current.
I had to develop what I thought would be a plugin-heavy site. Chris quickly referred me to two paid plugins that have made the site work like a well oiled machine. For more information on how Chris picks plugins, check out his super cool article on picking plugins – but be warned, once you enter Chris Lema’s website – it’s very very hard to leave!
Let’s review: do your homework!
So, after all that information, how do you know if the plugin you are about to install has solid foundation or not? Every question here seems to have the same answer: do your homework! A good place to start might be reading through WP Engine’s list of plugins they don’t allow for performance reasons. This is a great reference to see what kinds of plugins may cause issues in some situations.
But the bottom line is this: it is your responsibility to vet the plugin you are about to install on your site, or your client’s site. And vetting this is not hard – but it does take a little bit of time and the tenacity to go directly to the plugin author to ask the questions.
Thankfully, one of the greatest things about the WordPress community is that there is always someone who knows more than you who is also willing to guide you in the right direction!
Now, it’s your turn. How do you evaluate a plugin? What resources do you use to guide you through the process?
Hi Sarah. Congrats for your article, great value. Love the analogy with the little black dress. lol
By the way, the link to Brainstorm Media on your author box needs the “http://”. Now it’s going to “https://poststatus.com/all-plugins-are-not-created-equal/brainstormmedia.com”.
Thanks so much for the compliment and the notice re: HTML link. Fixed! 🙂
Sarah, you seem to have somehow missed the oldest, largest and most used premium plugin site on the web, how can this be?
Hundreds of plugins, 100% GPL, fully supported by a massive team, always update, guaranteed to work and relied upon by tens of thousands of users… WPMU DEV!
We’d be more than happy to comp you a free account if you’d like to have a play… we think you’d like them 🙂
Nice segue from a self-promotional comment to an offer to play with all your toys so I’ll take it! Shoot me some info!
Honestly, I have heard of you guys, but didn’t recommend you in the article b/c I haven’t ever used anything from your company – but that’s really only b/c I am not personally running any buddypress sites or multisites. However, I do consult a lot of small businesses that are just branching out online and I’d be happy to take a look at your stuff, and if it fits, thumbtack it up to my virtual board of developer resources! Thanks for the generous offer!
Sure thing, create an account at http://premium.wpmudev.org/join (don’t pay) and let me know your email address, or the first part of it (here is fine).
We do a *lot* more than just BP & Multisite plugins!
Sounds AWESOME! I’m gearing up to do some writing for another WordPress blog … Don’t have the topics lined out yet – I hope I get inspired via WPMU Dev! Anyone from your company going to be at any WordCamps this year? As sponsor or just representing?
Cool, howabout u ping me at james /at/ incsub /dot/ com when you have the account set up (I do need your details to activate ya )
We’ve spent a lot of time and money supporting WordCamps and other WP stuff over the last few years… these days you’re more likely to meet our staff hanging out than being a presenter.
Oh, also, you might enjoy our blog – http://wpmu.org 🙂
LOVE the blog! Just added it to my “follow” list!
I am the author of Contextual Related Posts plugin, amongst others and noted your comment on WP Engine’s disallowed plugin set.
In my opinion that’s not the best place to visit for users to check on which plugins not to install because WP Engine has well optimised systems which are designed to give you the best performance and using any of the popular plugins that display related posts or caching impedes this.
If you’re running a normal host or a normal VPS, this doesn’t hold true and you might want to install a caching plugin or a related posts plugin.
Ajay – WP Engine specifies why a plugin is disallowed, so it’s easy to tell whether they are disallowing because they already have that feature built-in to their system (such as backups or caching), or whether it’s because it’s a performance hog – and if it hogs THEIR system, you can bet it will hog a lesser one!
Sarah, I think that’s a great tip to check with the WP Engine list – I do that as well. They are performance experts so I trust they have done their research and they always have reasons for their decisions.
I tend to stick to the professionals when in doubt – and would highly recommend that anyone branching out into the plugin world take the time to be a little more careful than adventurous when dealing with plugin installations.
It takes a village… LOL 🙂
Agreed on the reasoning. As Sarah mentioned, the article was targeted at WordPress consultants and in that context WP Engine’s article is spot on.
Lucy, by the way. Good site you have there. Just added your site on my list of sites to follow.
Thanks for the information and I’m glad you left a comment. The article is really meant for people just getting into WordPress development or consulting and is more of a starting place to work from. Definitely not meant as a divisible topic by any means – I just shared what I personally do when putting together the framework for a site.
I hope that helps explain why I referenced WP Engine.
Do you have another site that users could reference when trying to determine if a plugin is going to be helpful or harmful for their site?
I love what WP Engine has to say about all this:
A Window into our World
By no means are we [WP Engine] suggesting all (or even most) of these plugins are bad plugins. Some of them, like related posts plugins, can be very good for content discoverability and SEO on most sites. However, our main focus is on making sure our customers scale. So they aren’t good for us.
As for insecure plugins, we try to work with the plugin developer to find a fix. While we work with the developer we may temporarily add a plugin to our disallowed list. But we’ll happily allow it again once the issue has been addressed.
In other cases, for stability and scaleability, we just have to wash our hands and move on.
In all cases, when asked, we try to provide reasonable alternatives. If you have any questions about these plugins or help finding an alternative, please contact our support team.
I agree completely regarding WP Engine’s approach. I have no doubt they are experts and even though I don’t host with them, I’ve had a flavour of their customer support and they are really good, responsive and know what they are talking about.
I don’t think I have seen a list of what is good and what isn’t good. I guess it bows down to a matter of choice for most users. I tend to monitor a few blogs regarding WordPress to see what people are monitoring and recommending.
Hey Sarah, some really good tips here thanks for putting it up. I’ve been working on the WordPress docs team for some time now, and one of the biggest problems we face is educating new users on how to navigate the often times daunting and complex WordPress community. Posts like this are a huge help for people just starting out, and even after almost a decade I still run into plugins crashing my site from time to time.
I actually started a site to help with this. It’s called Tidy Repo (http://tidyrepo.com). I only put up plugins that I have tested fairly extensively and I know are reliable with no major security risks. If I find that a plugin starts falling below a rigid standard, I remove it. Hopefully, this can help newcomers and veterans alike find reliable plugins. One can hope I suppose. Anyway, thought I’d let you know.
Thanks again, keep them coming!
Wow Jason, what an a great compliment so thank you.
And tidyrepo.com looks like an amazing resource! Digging through the repository is overwhelming. Add in all the commercial options and WHOAH! It’s enough to make anyone reconsider even touching a WP Install. LOL Thanks for the note! I’ve book marked your site to throw in my Developers Tool Box and plan to read through it over the next couple of days!
Thanks Sarah. Definitely let me know what you think, the site is very much in its infancy at the moment.
Some great points raised, we should always bare in mind that there is no quality control over plugins on the WP repository.
Good point, Mathew! I was excited to see, at Contributors Day for WordCamp San Francisco, a team of highly regarded WordPress experts putting together standards and guidelines for future Plugin submissions! With over 26k plugins, objective standards would be awesome!
Comments are closed.