How to Choose a WordPress Plugin That’s Secure, Supported & Fits Your Needs

Posted by in Software Development, Web Development

A woman tearing her hair out picking a wordpress plugin

In this post we cover how to make good WordPress plugin decisions from a dizzying array of choices.

The WordPress plugin directory is home to more than 40,000 plugins. A quick Google search turns up thousands more premium and proprietary plugins not listed in the directory. The sheer volume of choices can be a blessing and a curse for site admins.

Choosing a quality, well-coded plugin that is being actively maintained is important for the security of a site. Poorly-coded plugins may introduce vulnerabilities that hackers and spammers can exploit. Choosing well-coded plugins that follow WordPress standards significantly reduces the likelihood that this will happen.

Quality

Recently, I needed to put a list of upcoming events on a website. I figured that there’s probably already a WordPress plugin that lets me do that. I searched the WordPress plugin directory for “events” and… over 1,000 results. How do I narrow down from over 1,000 choices to find the right one?

If you’re not a developer, you may not know how to evaluate how well a plugin is coded. A good place to start is looking at the plugin’s page in the WordPress plugin directory. The right column provides helpful information: the number of active installs, the last time the plugin was updated, its rating, the number of support threads resolved in the last two months, and a compatibility checker.

I usually look for plugins with a higher number of installs. Popular plugins are likelier to have a solid feature set. They’ve had more time in the wild for users to find and report bugs in a wider range of environments. Unless a plugin is new, low adoption may indicate that it has limitations or problems. Often this will also correlate to poor user ratings. I usually only use plugins with a 4-star rating or higher, unless options are limited or the site has a highly specialized functionality requirement.

You should also evaluate the quality of the plugin’s support. How often does it get updated? Are the developers proactive about responding to bug reports and feature requests? WordPress is on a 3-4 month release cycle, so if the plugin hasn’t been updated in 6 months, that’s probably a good indication that the developer is no longer maintaining their plugin. It’s also helpful to look at the support forum for the plugin. Developers who are actively responding to and troubleshooting issues raised with the plugin are more likely to produce quality work because of the feedback they get.

Quality also affects performance. Well-written plugins minimize the requests they make to databases, files and services. This translates directly to a better, faster experience for site visitors.

Functionality

Evaluating the functionality of a plugin is much easier than evaluating its quality. Essentially: does the plugin do what I need it to do? To evaluate functionality, I usually check out the description, FAQs, and screenshots on the plugin page of the WordPress plugin directory. These often provide a good snapshot of how the plugin works and what it offers.

When looking at events plugins, some do little more than simply import a feed of events from a Google calendar. If that’s all you need to do, great! Problem solved. However, that wasn’t quite what I was looking for. I found others that let you create events, put in descriptions, and set a time and date. Great! That covers the basics. There were others that offered robust, complex functionality. You could create events, create venues, hosts, organizers, and view event feeds for those subsets, create recurring events, use a variety of search filters, etc. Based on the needs for the site, I ended up picking a plugin at the more complex end of the continuum.

Customizability is another important factor to consider. The plugin I choose works well and looks functions great out of the box. But some of the color choices didn’t quite match the brand guidelines provided by the client. As a developer, I could easily write some CSS to override those styles, but not every site admin knows how to do this. Fortunately, this plugin offered a range of options for customizing the look and feel. I was able to specify the color palette on the plugin’s settings page without having to touch any code.

Free vs. Premium Plugins

Many plugins now offer service tiers. The free tier that is listed in the WP plugin directory provides the basics but may restrict access to certain functionality or configuration options. Users can purchase a license for enhanced feature sets and support.

On one hand, premium plugins offer certain benefits.Electing to go with a premium plugin often entitles you to faster, more attentive support in case you have a problem with the plugin. Free plugins are created and supported for free, which often means that the developer is doing so out of the goodness of their heart. Their ability to fix problems and enhance features may be dependent on other demands on their time. Paying for a premium plugin usually entitles the customer priority in responding to support requests.

Premium plugins usually offer a more full, dynamic feature set. For example, an free event plugin may allow you to create single events, whereas the premium version allows you to create recurring events. Sometimes you can find a different free plugin that offers the same features provided by another premium one, so that’s always worth checking first.

Ultimately, it depends on how critical the plugin is to the business goals of the site. If you’re a coffee shop that occasionally hosts an open mic night, you probably don’t need a premium events plugin. If you a cultural programing organization whose primary purpose is hosting events, it might be worth dropping $30 for a premium plugin to get the extra functionality and support.

Narrowing It Down

Once I’ve done my preliminary research, I usually like to identify two or three candidates and install them in a test environment. This lets me familiarize myself with each plugin, test their functionality, and look for any bugs or conflicts with other plugins without impacting the live site. Once I make my choice, I install it on the live site, configure it, and revel in the glory.

Stuck?

If you’re overwhelmed by the choices, or need to make a decision quickly, Tidy Repo< is a great resource. According to their website:

“Tidy Repo is a curated list of the best and most functional WordPress plugins from the repository and around the web. We put each plugin listed here through vigorous testing to ensure that it won’t break your site and it won’t muck up your code. If it’s not dependable, it’s not listed – it’s really that simple.”

Read more about WordPress security.

Mightybytes is a Chicago-based digital agency and Certified B Corporation. Connect with us on Twitter or get in touch via our contact form.