WordPress has just released a new version of it's content management system, WordPress 4.2 is dubbed “Powell” and brings forth some interesting features, including better and easier content sharing through the “Press This” button, and also less troubling plugins updates through the new streamlined plugin updates feature.
Few days before this update, we also saw some news headlines that highlighted some critical security vulnerabilities that could be found in some of the most popular WordPress plugins across the many tens of thousands we get to choose from, millions of users are still potentially vulnerable to these exploits, so it's important that everyone's up to date.
With that in mind, it's important that we remember just how dangerous it can be to install the wrong types of plugins, even though every plugin that does get uploaded on the public plugin repository, is previously checked and analyzed by a team of experts over at WordPress.org itself. What do we need to look out for, consider, when we install new plugins? Let's find out.
1. Do you really need it?
Quite often, when working with clients, and sometimes even on your own projects, you might install a new plugin, but don't necessarily use it for anything, other than testing and perhaps seeing what it would look like on your website, more often than not – you might just leave those plugins active/disable in our directory, waiting for someone to penetrate them if the opportunity comes.
WordPress security is a serious matter, and everyone knows how easy it can be to spoof out addresses of themes and plugins just by looking at the websites source code, always make sure that all the plugins that you do use – are both necessary, and also frequently updated!
2. Start with a security plugin
The best way to launch any new WordPress website or blog is by installing a fresh and decent security plugin that will instantly cover the majority of flaws and openings on your newly built site. We recommend that you start by reading our previously published post about WordPress security plugins that we shared a little while ago. It contains all the information and links you need to bulletproof your site in just a few minutes. Once you've got that covered, you can move on.
3. The holy grail of WordPress plugins
For the most part, everyone is going to have some sort of similarities between the plugins that we use, in many cases the only difference is going to be the author of the plugin, since functionality of the plugins usually remains the same, more or less. Anyhow, once you're ready to install some WordPress plugins, it's good to remember what are the essential plugin areas to cover, both for your own good, and for the benefit of your visitors:
- Security – already discussed in previous point, nonetheless important.
- Contact – always have a contact form plugin handy, people want to get in touch with you.
- SEO – optimize your website and content for search engines in order to improve your rankings and increase your traffic by reaching more visitors and a larger audience (see our post here).
- Social Media – social media is a big part of the web now, let people share your content with a breeze to increase your traffic and social media marketing activities.
- Navigation – breadcrumbs, page navigation plugins make browsing your site a better experience and they can also help search engines to index your site better.
- User Experience – anything to do with widgets, footers, headers, etc. anything that makes site more appealing. A good user experience also helps to reduce the bounce rate of your site.
Anything else usually is just a lot more strain on the memory usage of your server, as well as the overall browsing experience of your users. In our experience, these are the most likely plugin types/categories to follow. But of course there also are other use cases for WordPress plugins. For example if you run a real estate site, you might want to use a plugin to list real estate or if you run an online shop, you probably want to install an e-commerce plugin.
4. Do plugin ratings matter?
Every WordPress plugin on WordPress.org also has a rating system attached to it, where users of the plugin can help the developers by voting their stuff upwards or downwards, it certainly can be rewarding because it pushes the plugin out to more users, but you shouldn't always rely on it as a solid judgement system of whether a plugin is good or not.
The reason being is that a lot of the time, bad ratings are left by people who struggle with the plugin individually, rather than everyone at once (at that point, you'd clearly know that the plugin is broken), and so just by reading a few bad reviews you might get the wrong impression. It can be a good idea to always test the plugin yourself, and see how it performs on your own server / installation before looking for some alternatives.
You don't need to concern yourself about such things as the design/style of the plugin, or who made the plugin, because that does not necessarily say something about the plugin functionality or quality itself. As a WordPress user it is more important to select your plugins carefully and the above mentioned steps might help you with that. On the long run, by using less but well selected plugins you will find it easier to maintain your website.