WordPress plugins are helpful. But they can also slow a site down, invite hackers and even cause a Google penalty.
These are my top five considerations when choosing a WordPress plugin.
Some paid plugins don’t have a free version. But many of the most respected plugins have a paid premium version and a free version that is vetted and included in the official WordPress plugin repository.
The fact that a free version has been vetted by WordPress provides assurance (to me) that there is some kind of quality control.
If a serious issue is discovered with a free plugin, WordPress will remove the download from its repository.
Coding that results in a vulnerability or a state of abandonment is one potential issue. There are many other reasons why a plugin may be removed, as outlined in the WordPress Plugin Guidelines.
It’s not a perfect system and doesn’t 100% ensure that the plugin is safe to install. But it’s generally safer than downloading a plugin that is not available through the official WordPress repository.
Premium plugins may undergo their own private testing. They are generally safe to purchase and download. However, it may be useful to research the testing and vetting practices before purchasing.
I’m not totally convinced of the wisdom of crowds. However, I do feel a sense of safety in knowing that a WordPress plugin is popular and vouched for by many users.
Popularity by itself does not guarantee that a plugin is without issues. In fact, a few of the most popular plugins have been the sources of near-catastrophic issues or larding up web pages with needless code.
Nevertheless, popularity can (alongside other factors) contribute to an assurance that the plugin is likely safe and works reasonably well.
Some plugins may be abandoned. Every plugin’s WordPress page notes when the plugin was last updated.
A plugin might not be updated because the function it performs is relatively simple. But in general, this is a sign that a plugin has been abandoned.
Abandoned plugins should in most cases be avoided.
WordPress is constantly evolving. Installing a plugin that hasn’t been updated could cause conflicts with the current version of WordPress or the version of PHP that your website runs in.
Every plugin page in the WordPress Plugin Repository has a support page. The support page may provide evidence of a plugin that has ongoing issues.
Typical issues might be that the code conflicts with other plugins. Sometimes the WordPress template may need changes in order for the plugin to function.
The support page will reveal any potential issues you may face before discovering them the hard way.
A common issue I see is when two or more plugins designed to do similar things overlap. This generally happens with structured data and speed optimization plugins.
The usual result is that you have more plugins than you need.
It’s important to use as few plugins as necessary. Overloading your site with plugins can slow down the server.
Even a plugin designed to speed up your site may slow down your site if you are using too many of them at the same time.
Before you install a plugin, think hard about how this plugin will solve your problems. If it doesn’t solve all of them, will installing a second or third plugin cause duplication in functions?
These five considerations are not a complete list. You may want to take other factors including user reviews, the reputation of the company behind the plugin, whether the plugin is over-engineered and slows down the site, and so on into consideration.
Downloading plugins can seem like a shell game, where a pea is placed under a cup and then shuffled around.
Are you making an educated guess or just guessing?
I hope that what I consider important factors for judging if a WordPress plugin is trustworthy will help take some of the guesswork out of choosing a trustworthy WordPress plugin for your site.