Table of contents of the article:
Plugins are the backbone of WordPress sites. If you want to add a contact form or an eCommerce store like WooCommerce for example, the plugins are always there to help.
But despite the essential role they play, plug-ins are also the WordPress components that are most likely to become "wrong" and highly problematic.
Since the plug-ins are made by independent third parties, they can open the door to all kinds of security and compatibility issues.
That's why there are some best practice for the plugins you need to follow when running a WordPress site.
These best practices include tips on choosing plugins, how to analyze their performance, and how to properly manage them once they are part of your site.
Regardless of the type of site you're working on, here are the best practices to follow when working with WordPress plugins ...
Please note:, because choosing the right plugins makes the difference between a site that works and a site that does not work, a site that needs a dedicated server for 500 euros per month, and one for 10 euros per month to run. In short, we understood each other.
How to choose the right plugins for installation
The WordPress core team has made it incredibly easy to install plugins nowadays. This is a double-edged sword though because it means you can install new plugins without thinking twice.
Don't - put some effort into using quality plugins on your site.
Some of the tips in this section might seem a little basic, but I think they're still important to cover.
1. Consult the wisdom of the crowds
Popularity doesn't always mean quality, but it's still a good place to start when looking for a plugin.
That is, if you are staring at a plugin that has been downloaded 500.000 times and another that has only been downloaded 3.000 times, the previous plugin will probably be the best option most of the time. Probably, definitely not.
WordPress.org shows this information in the right sidebar:
Envato instead also publishes sales numbers in its sidebar:
2. Check the date of the last update
This is another tip that is always valid in a good general guideline, but it is not an absolute rule.
Most of the time, you want to see that a plugin keeps getting regular updates to make sure it's compatible with the latest version of WordPress.
This doesn't mean that a plug-in that hasn't been updated is always bad - sometimes a plugin "works" and doesn't need updates.
But unless you are aware of looking at the code yourself, it's hard to know if this applies to your chosen plugin.
So if in doubt, it's important to see a recent update date.
Again, both WordPress.org and Envato show this information in the sidebar (shown above).
3. See what the reviews say
For any experienced copywriter who creates perfect sales copy that makes you want to buy and install the plugin right away, there will be a review where those who bought and used it will be willing to tell you all the potential flaws of this plugin.
Check with reviewers and reviews before choosing a plugin.
Again, both WordPress.org and Envato make it easy to access third-party reviews.
4. How responsible is the developer?
Beyond reviews, another good way to gauge the quality of a plugin (at least on WordPress.org) is to look at the support forum.
It's a good sign to see that the developer is actively resolving support requests:
Note, however, that some developers only handle support requests on their website via tickets. So check if this is the case before saying that the support is unresponsive or inefficient.
5. NEVER use Nulled plugins. I said NEVER.
If you've ever searched for a premium plugin in Google, you may have noticed that Google's automatic search feature almost always suggests "plugin_name nulled" as a query:
This means that there are many people looking for nulled (ie cracked, pirated) themes and plugins ...
In case you are in doubt, know that canceled plugins are a horrible idea. Unlike their legal (but ethically questionable) cousins, GPL Clubs, nulled plugins are full of malware and other vulnerabilities.
This means that what you think is a way to save money will cost you a lot more at the end of the games. Just don't - there are plenty of free, quality alternatives to choose from in place of a nulled plugin anyway.
6. Use a sandbox tool such as Addendum to test plugins
Found a plugin that meets all of the above points? Before installing on your production or staging site, you can do a quick test in a sandbox thanks to tools like Addendum or Poopy.life.
Addendum allows you to start a sandbox with the plugin already installed (if it's listed on WordPress.org), while Poopy.life allows you to create a sandbox empty where you will have to manually install the plug-in:
How to choose the correct number of plugins (or why there isn't one)?
Once you know how to choose quality plugins, let's move on to the next question:
How many plugins should you use?
Contrary to often repeated advice, too many plugins won't slow down your site.
But too many plugins slowing down your site… will VERY slow down your site.
What I mean is that there is no direct relationship between the number of plugins you have installed and the speed of your site.
Some plugins will essentially have zero effect on the speed of your site, while others may cause a noticeable slowdown. You could have a hundred of the first ones without problems, but only one of them is bad and devastating to the site and to the performance.
So how do you know which plugins are slowing down your site? Here are two suggestions:
7. Use the P3 plugin (Plugin Performance Profiler)
This is a good example of how a plugin that hasn't been updated in a while can still work great. P3 (Plugin Performance Profiler) hasn't been updated in three years, but the plug-in still works fine (at least in my experience - some reviewers point to problems with plugin detection).
All you do is run the test. Then, P3 (Plugin Performance Profiler) will give you a beginner's look at how your plugins affect your site's performance, as well as how individual plugins perform:
8. Go to the Waterfall (use GTmetrix)
Another way to capture slow-loading plugins is to look at the Waterfall tab in tools like GTmetrix or Pingdom.
While the information isn't as detailed and requires a higher level of technical knowledge to interpret, you can spot plugins that slow down your site with slow requests.
Just run the performance test as usual. So, look at the Waterfall analysis chart and hover over long prompts to see if any plugins are slowing things down.
I've pointed out a couple of the more obvious WooCommerce requests below so you can see how it works in general:
How to securely update plugins to keep things working?
If you want to keep your WordPress site secure, keeping your plugins up-to-date is an absolute necessity.
In a Wordfence survey, plug-ins accounted for 55,9% of compromised sites where the respondent knew how the hacker was gaining access . Similarly, Sucuri found that three outdated plugins accounted for a huge percentage of hacks.
Suffice it to say that you need to keep your plugins up to date. Here's how to do it safely:
9. Read the change log to check for any problems
Many people are unaware that this feature exists, but it is a great help in uncovering potential problems with a new plugin update.
Whenever the update request appears in your WordPress dashboard, you can click the View Version X details link to view a change log for the latest update:
While the depth of this change log depends on the developer, it can help you pinpoint specific areas to test after updating the plugin.
10. Use a staging site to check for compatibility issues
A staging site is a fantastic tool for testing plugin updates before sending them to your live site.
Combined with the change log information, you can quickly run relevant functionality on the staging site to make sure there are no issues.
Then, once you run a test, you can safely update the plugin on your live site.
The easiest way to access a staging site is to choose a managed WordPress host that offers that functionality. But if that's not an option, the WP Staging provides a smooth, host-independent implementation.
What to do with the plugins you no longer want?
Just like ~ 50% of marriages end in divorce, there will come a time when they decide to break up with one of your plugins. To take a break, here are two more best practices to complete this post.
11. Don't leave unused plugins on your server
This is simple:
If you are not actively using a plugin (and have no plans to use it in the future), delete it.
Even when a plugin is disabled, all that code is still on your server.
Many malicious attacks target specific PHP files that are included in a plugin. So even if you disabled the plugin, those attacks could still access PHP files.
So if it is not used, get rid of it .
All you have to do is press the button Delete in the WordPress dashboard and this should delete all plugin files. But…
12. Also remove the database tables.
Sometimes the Delete button doesn't delete all traces of a plug-in from the server.
Often, plug-ins will leave behind records and data that clutters the database.
While you can manually remove these tables if you are familiar with phpMyAdmin, a more user-friendly approach is to use the premium version of the plugin Advanced Database Cleaner . Specifically, you are looking at the categories related to orphan options or orphan tables.
Final thoughts on WordPress plugin best practices
By following these best practices for WordPress plugins it's not particularly difficult or technical, but it can have a major effect on the stability and functioning of your site in the future.
Just remember to:
- Please check plug-ins and test properly before installing them
- Analyze how plug-ins affect page load times after installing them
- Securely (and quickly) update your plugins
- Properly delete unused plugins
If you do these steps well and carefully choose the plugins you will install, you may not even need us as the site will be beautiful and snappy on its own. In case you have problems, remember that we are there to solve them.