See also these related pages:
Right “out of the box” WordPress is a powerful and flexible package that includes blogging software and a prize-winning content management system (CMS). One of the reasons for its popularity is the diverse array of plugins available for WordPress that extend its functionality. These plugins include such utilities as sophisticated scheduling and calendaring applications, survey and poll-taking software, fancy photo gallery software, social media managers, and a whole lot more.
Many plug-ins are free for the downloading from the wordpress.org website. Others are available on a for-pay only basis. Some of those who sell “premium” plugins argue that you should not trust free ones, and some “premium” plugins have dumbed down versions that are free. A good many plugin authors who place free plugin versions at the wordpress.org website solicit “goodwill contributions” through some facet of their plugin.
The dark side of plugins
With all the wonderful things that plugins allow – and many of them at no cost – it should be no surprise that there a couple of “gotchas” about plugins.
- Security issues: Every plugin you add to your site represents a security risk. Those security risks come in many forms that range from intended exploits (pretty rare) to sloppy programming (more common), to programs that are just one or two steps behind malware developers.
- Performance slowdowns: Every plugin you add to your site slows your site down. In many cases, the effect is not noticeable. However, even small slowdowns, multiplied by 10 or 20 plugins, can represent a discernible, even annoying drag on your site.
Solutions
So the way you deal with these darker sides of plugins is manifold. In the case of performance slowdowns follow two rules:
- Never use a plugin to do what is already built into WordPress. WordPress is continually evolving, and in that process is adding new features. For example, not long ago, the process for updating WordPress to the most recent version was pretty tedious for most people. As a result, several plugins were developed to make the process more friendly and manageable. WordPress developers then included one-click updating as part of the package. Current versions have automatic update options, and those old plug-ins are no longer necessary.
- Don’t use any more plugins than you absolutely have to. The rule of thumb is that 10-12 plugins should be the max. The WordPress sites we install include three plugins to help improve security of your site. That means you have three fewer plugins you should use.
- Sometimes two plugins will conflict with each other. This is especially common among plugins that rely on javascript for part of their functionality. So everything is working just fine until you install a new plugin, and then strange things start happening. The only way to fix this is to deactivate your plugins one at a time until things start working again.
In the case of the security risk posed by plugins, again two strategies are widely acknowledged:
- Keep all plugins up-to-date with the latest version (security holes are regularly being patched). In keeping with this practice, don’t use a plugin that has not been updated in a long time (two years).
- Use plugins that have been around awhile, have many downloads, and have high ratings.
Getting new plugins
Several plugins are already installed, including a few security plugins and a lightbox gallery and slide show that works with the native WordPress gallery. If you believe you would like a plugin installed that is not available to you, request it using the site contact form. Be sure to explain what you want the theme to accomplish.