Foto del escritorio de WordPress al instalar un nuevo plugin

Is this Plugin Reliable and Secure? When not to Download it

Ruth Raventós Avatar
Ruth Raventós

Every WordPress website, even the simplest, needs plugins. Why? Because a standard default installation of WordPress does not contain all the features you may need on your website. A plugin is a code component, a program that is installed in WordPress to add those features that you need on your website.

If you have a blog and you want your readers to participate by commenting on your posts, you will need to have the Akismet plugin to avoid spam comments. If you want your visitors to contact you, you will need a plugin on your website to create a contact form. You will want to make sure that your website ranks in search engines and for this you will need a SEO plugin. And a long etcetera of plugins that you will be adding to have a website with everything you need.

Table of Contents

The WordPress Plugin Directory

Whatever your website needs, you have up to almost 60,000 free plugins in the WordPress Plugin Directory that you can download to add the functionality you’ve been looking for. Just type the name of a plugin or the keywords of the functionality you need and you’ll find and you’ll be presented with a complete list of results.

Finding A/B Testing Plugins in the WordPress Plugin Directory
Looking for A/B Testing plugins in the WordPress Plugin Directory.

Problems that Can Occur Installing Plugins and What You Should Do to Avoid Them

It’s great to have so many plugins that extend the capabilities of your WordPress, isn’t it? There’s plenty of options to choose from and you can install them all, if you want to. But be careful! When it comes to WordPress plugins (and this is coming from some who sells plugins tells you), less is usually more.

It is not just a question of numbers, though. A website with 15 plugins installed is neither better nor worse than one with 20, try to have the minimum number of active plugins to cover the maximum of your needs. So, what aspects of your website can be affected by any plugin you install? And what precautions can we take to avoid them?

1. The Plugin Includes Features You Don’t Need

One of the problems you have when you search for a plugin in the WordPress Directory is that after typing the keyword, you can get results from hundreds of plugins that match your search but aren’t exactly what you need.

On the one hand, many terms can be used in very different contexts and you may find plugins that have nothing to do with what you were looking for. For example, if you had in mind to find a plugin that would allow you to create A/B tests on your WordPress website, and for this you type “A/B Testing”, you will find about 150 plugins. Some plugins allow you to create A/B tests of any element of your WordPress, others are for you to create popups, or newsletters, forms, ads, price tables, emails, etc. with the option to create A/B tests of them. As you can imagine, the options that each of these plugins offer you can be very different.

On the other hand, even if you find the plugin that includes what you were looking for, it may also include many other features that you are not going to use. Is that bad? In general, adding code to your WordPress website that you do not need will harm the functioning of your website in other aspects, as I will discuss below.

Solution: Ask Yourself If You Really Need It

With the plethora of plugins in WordPress, the first thing you should ask yourself is if you really need the plugin you want to install. Do not install a plugin just because you know many people have it. Identify well the problem and/or need you have and then ask yourself: is this plugin going to solve it?

Sometimes the only thing you are looking for is a very simple functionality you can get with a few lines of code. For example, if you just want to add a custom Facebook Like button, it might better to add that code by copying it from the official documentation and adding it to the appropriate location in your theme’s single.php or functions.php file, rather than deciding which plugin to install from the almost 700 plugins that you will find by searching for “Facebook Like” in the plugin directory.

Nelio A/B Testing

Native Tests for WordPress

Use your WordPress page editor to create variants and run powerful tests with just a few clicks. No coding skills required.

More Info

2. The Plugin Changes the Usability of the WordPress Editor

A large majority of plugins will add “new options” to the WordPress editor so you can make use of the new features they provide. Some of them may add a new menu, others will add new configuration boxes or metaboxes, and others can completely transform your WordPress editor.

For those of us who like to use native WordPress, the user experience you have when you come across a plugin that has transformed your sidebars and added a bunch of metaboxes is quite traumatic. In this article you can see an example of how usability can be affected by installing a battery of plugins that you don’t need.

Solution: Compare It with Similar Plugins

Before taking the plunge and installing the first plugin you find that will offer you the functionality you are looking for, make a list of similar plugins. Look at their description and screenshots and you’ll quickly get an idea of how they integrate with the block editor. In a test environment, install those that you think best fit what you were looking and analyze how they change the look of your WordPress Dashboard and its usability.

3. Plugin Slows Down Loading Speed Performance

Adding code to your website will surely have an impact on the loading speed of the site. In general, some plugins mainly affect the front-end, such as page builders, contact forms, sliders or galleries, etc. Others, such as backup plugins, affect the back-end. And there are those, such as SEO plugins or firewalls, that affect both the front-end and back-end.

But how do I know if a plugin is going to slow down the loading speed of my website?

Solution: Test the Loading Speed

One of the tests you can do is a double load test of your website, before and after installing the plugin. To do this, assuming you want to check the front-end, inspect the load time on the most visited pages and posts when you have the plugin deactivated and after activating it. In the Chrome browser, right-click and click “Inspect”. Go to the “Network” tab and refresh the Page again (Cmd Shift R on Mac or Ctrl F5 on Windows).

For example, let’s see how installing a plugin affects me. In this example it is the WooCommerce plugin, on my local website.

Load time of a page with a plugin disabled
Load time of a page with a plugin deactivated.
Load time of a page with an activated plugin
Load time of a page with an activated plugin.

As you can see in the image above, just having the plugin activated or deactivated changes the page load time from 204ms to 369ms. You can also see the detail of how long it takes for the browser to receive the first piece of information from the server by clicking on the first color bar in the “Waterfall” column.

Initial server timeout without plugin installed
Initial wait time of the server without the plugin installed.
Initial wait time of the server with the plugin installed
Initial wait time of the server with the plugin installed.

This way you can check the impact every time you activate or deactivate a plugin. Remember that page load time can affect SEO. One more reason to install only those plugins you need.

4. Is the Plugin Secure?

You will agree with me that the worst thing that can happen to your website or any of your clients’ websites is that they get hacked. That’s why security should be one of your main concerns before installing any kind of plugin.

Security can never be 100% guaranteed. For example, this year thousands of WordPress sites were affected by three remote code execution vulnerabilities that were detected in the “PHP Everywhere” plugin.

For more details on software vulnerabilities, this website lists all the vulnerabilities found in all types of software. You can search by product, year, vendor, version, type of vulnerability, etc.

Solution: Limit the Risks

If you are going to install a plugin and you see that it has a large battery of vulnerabilities or some that are not yet fixed, perhaps you should think twice before downloading it, don’t you think?

What precautions should we take to protect our website? Our recommendation is that you make sure the hosting service in which you host your website takes the maximum protection measures by performing backup and restoration copies and malware scans on an ongoing basis. Additionally, you also have a set of security plugins that you can install that offer similar services, but remember that if these services are already offered by your hosting company, there’s no need to install redundant plugins.

5. Long-Term Risks

Installing a plugin that offers you the features you were looking for also has long-term risks that you should be aware of:

  • Plugin development can be discontinued: most plugins are free and open source. Over time, the developer’s interest in the plugin can fade or plummet.
  • Plugin updates are slow: either because a bug or security vulnerability appears in a plugin or to adapt to new versions of WordPress, not all developers are able to release updates quickly enough.
  • The plugin is superseded by WordPress core updates: A plugin is often developed to solve a need that is not currently being met in WordPress. With new versions of WordPress, it may no longer be needed and the plugin will no longer be developed and maintained. When this happens, the plugin author can recommend ways to deactivate the plugin and switch to the new functionality included in WordPress; however, you have no guarantee that this will happen.

Solution: Check the Plugin’s Credibility

Can we avoid these risks? Checking the credibility of a plugin will help reduce the risk of finding yourself with an outdated plugin installed and no support service to fix your issues. How do we do this?

On the plugin description page you already have a lot of information to get an idea of the reliability of a plugin.

Nelio A/B Testing information in the WordPress plugin directory
Nelio A/B Testing information in the WordPress Plugin Directory.

As you can see in the image above, you have the following information available:

  • When was the last update of the plugin: if it was a long time ago, it is probably outdated.
  • The number of active installations: the more the better, as it is an indicator of the popularity of the plugin. But remember that every new plugin needs some time to acquire that popularity.
  • The latest version of WordPress in which it has been tested is an indicator of the ability of the plugin developers to adapt to the new updates that are coming out.
  • Ratings showing user satisfaction tell you the experience others have had using the plugin.
  • Support: issues resolved in the last two months by the plugin developers will help you see what issues you may run into and the level of support you can expect.

But don’t stop there, go take a look at the detailed user reviews. Their explanations are a great indicator to better understand the plugin and how it works. It is also useful to see when the ratings are from: sometimes you find that the lowest ratings were made with the first versions of the plugin and that the latest version of the plugin works perfectly.

Detail of user ratings of the Nelio A/B Testing plugin
Detail of user ratings of the Nelio A/B Testing plugin.

From the description page you can also click on the “View support forum” button, where you can not only see the amount and detail of questions or support users have needed using the plugin, but the diligence and thoroughness of the authors giving that support. This is a good indicator of what to expect if any problems arise.

Nelio A/B Testing WordPress.org Support Forum
Nelio A/B Testing support forum on WordPress.org.

Finally, in the “Development” tab you will find additional information about all the change logs of the different versions of the plugin. It is a good practice indicator that the log shows the date of the change (it is not mandatory to indicate it) to see the frequency of plugin updates. And also that the descriptions are detailed enough to understand the changes made.

Nelio A/B Testing Changelog
Nelio A/B Testing changelog.

Conclusion

Plugins are important for WordPress. But I recommend you keep the use of plugins to a minimum and look for ways to achieve more with less. Remember the popularity of a plugin has great weight as a selection criterion, but give new ones a chance if there is a powerful team of developers behind it.

Featured image of Justin Morgan on Unsplash.

Leave a Reply

Your email address will not be published. Required fields are marked *

I have read and agree to the Nelio Software Privacy Policy

Your personal data will be located on SiteGround and will be treated by Nelio Software with the sole purpose of publishing this comment here. The legitimation is carried out through your express consent. Contact us to access, rectify, limit, or delete your data.