11 Nov The most common dangers of WordPress plugins
Being in this business for about 10 years I have heard a lot, people saying “There is this super plugin that does that, so install it and we are done”. But I am telling you, this is not the best way to develop a website. Just because there are many dangers to the use of plugins. In this post, I would like to highlight the troubles of using plugins on your WordPress website.
Let’s start from the beginning, what is a plugin and why are we using them on WordPress?
Plugins contain a piece of code that enhances the features and functionalities of WordPress. They represent the heart of WordPress and they have played a significant role in its growth. We have to admit that without plugins, WordPress is a boring platform.
I am sure those who have tried to build a WordPress site have faced issues and troubles quite often. Issues that happened right after you pressed “Activate”, are like:
- low loading time
- broken pages
- crashed website
- security breaches
Sounds scary? I know!
In case of a slow website or broken pages, there is an easy solution, you just need to deactivate the “suspicious” plugin and then everything is back to normal. But what happens when your website crashes totally or gets hacked? Then the problem becomes more complicated because you need access to your server. This usually requires more technical knowledge than you have available.
The problem with WordPress.org
At the moment there are nearly 28000 free plugins available at WordPress.org that can help you make the website of your dreams. But at what cost?
You always need to remember that the vast majority of plugins are:
- out of date,
- unsecure, or
- a combination of one or more of the above
We have seen the biggest plugins suffer from security flaws and we are talking about plugins that have huge development teams behind and millions of downloads.
WordPress and Security
Here at Webfriendly, security is the most important element and we always put it first. We know that WordPress core is extremely secure but things start getting different with the influence of plugins and users. To put it simply, if you install a plugin with security flaws, the core is not responsible for what happens next. Keep in mind that every single plugin you install opens a door to a potential security risk.
Are paid plugins safe to use?
The answer is yes and no! Usually, they are safer but again it depends on the company and the dev team behind it. It is safer if you find plugins that are made by teams with a solid and well-established reputation throughout the years.
Basically, before you download, try to get answers to the questions above:
- Who developed it?
- When was it last updated?
- Is it well-supported?
- Considering the value of each plugin you have installed on your site carefully. It may be a security risk, it may be draining your resources, or it may be buggy and bloated.
- Replaced plugin functionality with simple code snippets.
- Ideally, all of your plugins should come from trusted developers.
- If all else fails, just return to the golden rule: less is more.
For all the reasons above you can understand why I am not a fan of plugins. From personal experience, I know that a plugin can save time but also create a huge headache. At Webfriendly we care about our peace of mind and our client’s happiness, that’s why we are trying to follow some rules when it comes to plugins.