This website uses cookies to ensure you get the best possible experience. See our Cookies Policy.

PMG Digital Made for Humans

Tips to help you pick a WordPress Plugin

4 MINUTE READ | June 30, 2016

Tips to help you pick a WordPress Plugin

Plugins are a great way to add additional functionality to your WordPress (WP) site. They allow you to extend the core WP functionality without needing much development knowledge. For example, if you want to add a contact form to your site, this functionality is not in WP by default. To achieve this you can enable a contact form plugin like Contact Form 7 or Gravity Forms. Once you’ve created your form, you can easily embed it in your page using a small code snippet called a Shortcode. You don’t  have to dive into the code to add extra functionality.

There are so many available plugins out. Whether they’re free or paid, there are some things you should check out before adding them to your site. Choosing a bad plugin can cause errors on your site, or open up security vulnerabilities. Here are some simple steps to take to help you choose a plugin that doesn’t take your site down.

Screen Shot 2016-06-28 at 10.41.15 AM

When WordPress releases a new version it fixes known vulnerabilities and deprecates old functions. Before adding a plugin to your site you need to make sure it’s compatible with your version of WordPress. If the plugin is not compatible with WordPress it can cause errors on your site. This could lead to the WordPress white screen of death.

Screen Shot 2016-06-28 at 10.43.46 AM

This is also a good rule to follow before updating your WordPress site. You want to make sure your old plugins are still compatible on the newer version of WordPress. You should keep your WP site up to date as each release fixes known issues and vulnerabilities.

After adding or updating a plugin or WordPress, it’s important to check your site for any unexpected errors.

This is closely tied to the above tip. If the plugin hasn’t been updated in a long time then it could be using deprecated functionality that aren’t compatible with newer versions of WordPress. Plugins that haven’t been updated in over two years will display a warning on the plugin page:

Screen Shot 2016-06-28 at 10.54.09 AM

New vulnerabilities are constantly being found. Depending on how the plugin was originally written, and what the plugin does, it could expose a vulnerability due the codebase not being updated in a long time.

The WordPress plugins hosted on WordPress.org all have reviews and support sections.

Screen Shot 2016-06-28 at 11.22.31 AM

Ratings allow you to see what other people are saying about the plugins. In the above image the plugin has a lot of positive ratings so there are other people that use and trust the plugin. This allows us to assume it’s a safe plugin that gets maintained regularly. You can also click into specific star ratings to read what people are saying about the plugin or why they chose to give it that specific rating.

Screen Shot 2016-06-28 at 11.23.08 AM

Support tickets for plugins allow us to see whether there are any common themes, this can help indicate if the code is broken or if there are exposed vulnerabilities. If there have been a lot of issues and none of them are getting marked as resolved, it’s also a good indicator that the plugin is not being maintained.

This is probably the most important step. When avoidable, test plugins out on a development or staging environment first. If all the above tips fail and you still install a plugin that takes your site down or displays error messages, you’ll know before it’s ever seen by anyone else on your live/production site.

Unfortunately this step doesn’t let you see if there are any vulnerabilities in the codebase of the plugin, that’s why there’s the next tip.

This is a bit more advanced, hopefully the tips above has weeded out the majority of the bad plugins out there. If you do have coding knowledge you can do a code review. You want to make sure the plugin escapes output, especially when dealing with user inputs. Also check how it is using the WP API. Does this match the recommended WordPress codex examples or is the plugin author doing some unusual things here that could expose vulnerabilities?

Following all these tips should help you avoid bad plugins, however it’s not 100% foolproof. You should always test the plugin before installing it on a live environment. If you’re not sure whether or not to use a plugin, look for reviews on the plugin or ask a developer to help you make the decision.

Insights meet inbox

Sign up for weekly articles & resources.

– Emily Fox


Posted by Emily Fox

Related Content

thumbnail image

Get Informed

PMG Innovation Challenge Inspires New Alli Technology Solutions

4 MINUTES READ | November 2, 2021

Get Informed

Applying Function Options to Domain Entities in Go

11 MINUTES READ | October 21, 2019

thumbnail image

Get Informed

My Experience Teaching Through Jupyter Notebooks

4 MINUTES READ | September 21, 2019

Get Informed

Trading Symfony’s Form Component for Data Transfer Objects

8 MINUTES READ | September 3, 2019

Get Inspired

Working with an Automation Mindset

5 MINUTES READ | August 22, 2019

Get Informed

Parsing Redshift Logs to Understand Data Usage

7 MINUTES READ | May 6, 2019

Get Inspired

3 Tips for Showing Value in the Tech You Build

5 MINUTES READ | April 24, 2019

thumbnail image

Get Informed

Testing React

13 MINUTES READ | March 12, 2019

Get Inspired

Tips for Designing & Testing Software Without a UX Specialist

4 MINUTES READ | March 6, 2019

Get Informed

A Beginner’s Experience with Terraform

4 MINUTES READ | December 20, 2018

All POST