- Jul 02, 2020
- by Brad Litwin
Plugins are one of the three key elements of any WordPress website (the other two being WordPress’ core and your theme). However, they’re also known for being finicky at times, and causing a wide range of issues (including security vulnerabilities.)
Fortunately, if you know how to properly vet WordPress plugins before installing them on your site, you can avoid most of their drawbacks. Keeping in mind user reviews and recent updates will help you make smart choices to protect your site.
In this post, we’ll dive into why it’s so important to vet your WordPress plugins. Then we’ll share five tips for doing so. Let’s get to it!
Why It’s Important to Vet WordPress Plugins Before You Install Them
There’s no denying that plugins are essential to any successful WordPress website. Trying to go without them would likely prove extremely difficult. However, it’s not a perfect system.
Firstly, because WordPress is an open-source platform, its thousands of plugins are built by almost as many developers. Since each of them has their own unique style and preferences, different plugins don’t always work well together, even if they follow coding best practices.
This can lead to ‘plugin conflicts’, which may result in a variety of errors. Some of these issues may even prevent users from accessing your site or performing key tasks, such as filling out forms and completing purchases.
Additionally, plugins add code to your WordPress site. This means they also add more potential opportunities for hackers to find vulnerabilities and break into your site.
In fact, at the time of writing, plugins are responsible for almost 20 percent of the platform’s security vulnerabilities. Many developers work hard to quickly patch any issues discovered in their products, but until they release the fix, your site will still be vulnerable.
No plugin is entirely immune to conflicts or security hiccups. However, vetting your plugins before installing them can help you avoid extensions with known issues, and sidestep major trouble for your site.
How to Vet WordPress Plugins Before You Install Them (5 Key Tips)
When you know what to look for, determining a plugin’s quality is quite easy. Here are five elements to consider when deciding whether a plugin is safe for your WordPress site.
1. Check When the Plugin Was Last Updated
As we already mentioned, many developers routinely patch security vulnerabilities in their products to help keep their customers safe from hackers. They release these fixes as updates.
As such, how often a plugin is updated can signal how secure it is. Plugins that have gone more than six months without an update are more likely to contain security vulnerabilities.
You can easily find the date of a plugin’s last release in the WordPress Plugin Directory. It’s listed near the top of the summary on the right-hand side of the page:
Determining when premium plugins were last updated can be a little trickier. Online marketplaces such as CodeCanyon will usually list this information in the sidebar:
However, if you’re purchasing a plugin directly from the developer’s website, you may not find the date of the most recent release. In these cases, don’t hesitate to contact the seller directly to ask, and be wary if they sidestep your query in any way.
2. Determine Whether the Plugin Has Been Tested With Your Version of WordPress
Although conflicts are often between two plugins, they can also be between a plugin and WordPress’ core. To avoid errors on your site, it’s wise to stick to plugins that have been tested with your version of the platform.
You can see if a plugin in the WordPress Directory has been tested with your version of WordPress by looking at the summary on the right side of the page:
Additionally, if a plugin has not been tested with several of the latest versions, WordPress will display a warning on its page:
On CodeCanyon and other premium marketplaces, you may be able to find this information in the sidebar. In this case, tested versions of WordPress are listed under Software Version:
Note that it may take some time for developers to test their products after a new version of WordPress is released. Products from reputable developers can usually be trusted even if their latest test is one version behind.
3. Look at the Plugin’s Star Rating and Reviews
Updates and version testing can go a long way to ensure a plugin’s security and compatibility with other elements. However, real-life users may provide insights that numbers don’t.
If a plugin has caused major errors or security issues, it’s going to have a hard time earning a decent star rating. Every plugin in the WordPress Directory has one, and we recommend avoiding any with fewer than four stars:
Premium marketplaces will usually supply user ratings as well:
Beyond how many stars a plugin has, it’s also wise to look into its one-star reviews. This will give you an idea of the most serious issues users have run into while actively running the plugin on their sites.
On WordPress.org, click on See All to read reviews:
Note that premium marketplaces may label reviews as Comments:
Don’t worry about any poor reviews from users who simply didn’t like the plugin due to personal preference. Instead, look for responses discussing site conflicts, errors, or security issues that resulted from using it.
4. Consider the Number of Active Installs
One thing to think about when looking at a plugin’s star rating is the number of active installations it has. If a tool you’re considering has a five-star rating but only two users, you’re not really getting an accurate understanding of how well it works.
Once a plugin has around 1,000 active installations, you can start to trust its rating a little more. WordPress clearly displays how many active installations a plugin has on its page:
It can be a little harder to find this information for premium plugins, especially if you’re purchasing directly from the developer’s website. However, marketplaces like CodeCanyon will often list a plugin’s sales:
Of course, avoiding all plugins with less than 1,000 downloads could prevent you from using new tools that haven’t had time to build up a following yet. If a plugin meets all the other standards in this post and you trust the developer, you might consider using it even if it only has a few active installs.
5. Test Plugin Compatibility on a Staging Site
One way to know for sure that a plugin won’t cause any errors or downtime for your site is to test it on a staging site first. A staging site is simply a copy of your website that only you can see.
There are many methods available for setting up WordPress staging sites. However, one of the easiest is to choose a host that includes one in your plan.
After you set up your staging site, you can easily install plugins on it to make sure they don’t cause any problems. Once you’re sure everything checks out, you can push your changes to your live site in just a few clicks.
Plugins are useful for extending the functionality of your website, but they also influence its security and uptime. Choosing yours carefully can help you tap into their advantages and avoid potential pitfalls.
When vetting plugins for your WordPress website, remember these five factors:
- Check when the plugin was last updated.
- Determine whether the plugin has been tested with your version of WordPress.
- Look at the plugin’s star rating and reviews.
- Consider the number of active installs.
- Test plugin compatibility on a staging site.
Image credit: Unsplash.