The Dangers of Installing WordPress Plugins

The Dangers of Installing WordPress Plugins

by Woei Yu, September 1, 2015

As best as it can, the WordPress core is designed to be as lean and lightweight as it can be while maximizing flexibility and minimizing code bloat.

Part of that flexibility is the ability to not try to do everything but to use plugins to extend and add to the functionality that already exists in WordPress.

Plugins are so hugely popular because they offer custom functions and features so that each user can tailor their site to their specific needs.

However, I always advise clients to minimize the number of plugins installed. I do this for both security reasons and for potential performance ones as well.

Here are 3 reasons why…

1. The Quality of Plugins and Plugin Developers is Iffy

Does the WordPress Plugin Pass the Quality Check?

If you install plugins willy nilly because they do a little something that sounds like it might be useful and it got a few stars at then you put yourself at risk.

That’s roughly equivalent to installing a state of the art security system in your home and then inviting strangers off the street to live with you.

In addition, there have been cases of unscrupulous developers creating plugins for no other purpose than to get access to WordPress sites for malicious purposes.

There have even been cases of highly popular plugins causing security issues; for example, WP Super Cache and W3 Total Cache had a serious security issue.

So if you are going to take the trouble to secure your site, you need to be very diligent what software you add to your website.

2. It’s So Easy to Get Plugin Bloat

WordPress BloatAlways ask yourself do I really (REALLY) need this plugin.

Any knowledgeable WP developer knows that no matter how lightweight a plugin is, there is some runtime processing that WordPress has to do in order to load in a plugin and run it.

The way WordPress works is that it loads and runs each plugin every time a page is accessed. So you are asking WordPress to initialize and run each plugin every single time somebody loads a page. Multiple the number of plugins you have installed times the number of people who visit your site times the number of pages they visit and, well, you can do the math but a lot of processing time and power are taken up by your plugins.

And even when a plugin has been deactivated there is still a potential security risk.

Also, if the plugins have stored data in the WordPress database tables (like wp_options), particularly autoload data, then this can cause a small performance slowdown even if they are deactivated.

Anyway, all the plugins you add put some additional strain to your code and to your host. Granted the strain of any single plugin is likely to be pretty insignificant. You can call me obsessive but I like my sites sleek and running quickly and smoothly.

So the moral of the story is that if there something you can do in WordPress and the plugins already installed without using another plugin then do it. If WordPress can’t do what you need then be sure that you’ve done your proper due diligence before installing any plugin.

3. Will It Be Supported Long-Term

Is the WordPress Plugin Supported?

The core developers working on WordPress always strive to improve on the platform. And we have seen some pretty major structural and other internal changes over the years.

There have been many a story of plugins breaking websites after a WordPress update.

So, while a plugin might work well now, you can’t guarantee that it will continue to work in the future and it may break your website. Is that a risk you want to take?

So What Should You Do?

I’m not saying that you should uninstall all of your plugins otherwise you’ll be giving up what I consider the most powerful feature of WordPress.

But your site is only as secure and efficient as the code that makes it up.

So audit your blog and see if you really need all those functions.

For example, if you need to redirect users from a http URL to a https URL, you don’t need to install a plugin for it. With a little bit of research, you find you can easily do that by editing the .htaccess used by your WordPress blog. .

When you’re left with a (hopefully) small collection of plugins, you should ask yourself the following questions:

  1. When was it last updated?
  2. Who developed it and what do I know about them?
  3. And has it been and is it still well supported?

Remember the golden rule of plugins: less is more!

No Comments

Leave a Reply

Your email address will not be published Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">


Let me know what you think

Follow by Email


Enjoy this article? Please spread the word :)