When it comes to WordPress plugins, it can be easy to have that overwhelming “where do you start feeling” like walking into Amy’s Ice Creams and deciding on your dessert. The good thing about Amy’s, is it’s hard to go wrong.
It can be easy to give into the 55,141 plugins available, as of writing this post, and being a plugin-happy blogger or WordPress developer, but I want to share my experiences of being such and how it’s not always a good thing to use a plugin just because you can.
First thing’s first, plugins are awesome! Don’t get me wrong. I use them all the time and I credit the plugin for being one of the main reasons WordPress is so successful as a CMS and web app platform. I’m not one to reinvent the wheel or work harder than I need, but I am one to do it right the first time and not cause problems for myself by choosing the easy way. With that said, there is a happy medium to WordPress plugins.
For instance, two plugins that are dear to my heart, which some hardcore developers may disagree with are Gravity Forms and Beaver Builder. Why? Because they make life so easy for myself and my clients, who update and manage their own sites, that it would be not smart for me to leave these plugins to the wayside on our average project. Now, I don’t always use these because your plugin stack should be specific to the project and will likely change based on the requirements for a website but these two happen to be a couple of the most commonly used for our client projects. However, some plugins that I strongly disagree with are various security and caching plugins. I think security and caching should be handled through the server, rather than a plugin. Reason being, that out of date plugins are vulnerabilities so what’s the point of an out of date security plugin? That’s kind of an oxymoron.
In fact, a study by Torque Mag in 2016 shows these stats on reasons for hacked WordPress sites:
- 41% get hacked through vulnerabilities in their hosting platform
- 29% by means of an insecure theme
- 22% via a vulnerable plugin
- 8% because of weak passwords
Just by choosing the right hosting and taking care of your plugins, you’re doing a solid for yourself and your website. Another truth is that a large majority of WordPress attacks are not targeted attacks, they run automatically so using practical deterrents like the 4 mentioned above are huge. Plus even if you’re running an eCommerce site, you shouldn’t be storing personal information. This doesn’t mean you can’t get hacked, because let’s face it… Everything is hackable. It’s more about making your website not worth the time for internet villains and deterring automated malicious attacks.
Back to plugins
I think a good rule of thumb is to make sure the plugins you pick actually solve a problem. For instance, beaver builder is a front end design tool that extends the classic WordPress editor to offer drag and drop tools. It takes a lot of coding out of the equation. At TXCAP, we offer free training to our clients so they can update their own content. If we relied solely on Custom Post Types, Loops, Meta and Custom Fields, then we’d have a lot of teaching to do and our clients may not feel very comfortable updating their own content. Using a frontend page builder allows us to save time, cutting down cost and since Beaver Builder is a robust builder we still have the ability to code reusable modules, loops and templates on the backend and our clients can plug those in without needing development experience.
On the contrary, a plugin that doesn’t solve a problem might be Hello Dolly. Hello Dolly is famously useless and is a default installed plugin on your WordPress install, some exceptions are managed WordPress hosts that ban it. They ban it because it is a useless plugin, included mainly for tradition as it was the first WP plugin to be created in 2004 and some claim it is there to aid entry level developers. However, it’s a common place for hackers to place malicious code and is often the last place that beginners look.
To finish things off, here’s a list of practical rules to follow when going through your list to see if you have some work to do on your plugin stack, or before you install a plugin:
- If you’re not using a plugin, delete it! Don’t just deactivate it.
- Ask yourself, “Does this plugin solve a real problem?”. If the answer is no, don’t use it.
- Maybe it doesn’t solve a real problem, but does it save a critical amount of time in your workflow? If yes, do more research to make sure it’s well kept up by the developers. If it is, be my guest 🙂
- If the plugin once solved a problem, but now it doesn’t do anything because that feature is built in to your theme or part of WordPress now. Then you might want to consider adjusting and cutting back on the number of plugins.
Last but not least… This is not a knock on plugins! We LOVE plugins, we believe it is one of the many reasons that WordPress thrives today, but we use them with care and we research the developers to make sure they use best coding practices before putting them to use.
Now get out there and check your list of plugins and as always… Comment or shoot us an email with any questions!