Shopping for plugins?
WordPress started as a blogging platform and is now the most widely used Content Management System. It is open-source, free, and continues to have a huge development community year over year.
One of the great things about WordPress is the ability to extend its functionality plugins. There is almost a plug-in for anything that you are looking for. Most of the time, these plugins are available for free as well.
However, before you start installing plugins, here are 5 things that you need to be aware of:
1) Anyone can create a plugin
That’s right. If you have basic knowledge of the PHP programming language, you can reference the WordPress documentation to create your own plugin. The WordPress development community supports this and there’s a vast amount of information online on how to program a plugin and submit it to the plugin repository.
One doesn’t have to be a software creation expert to create a plugin, everyday users can create them as well. Having said that ….
2) Some plugins can affect your site’s functionality. (Hint: Things may no longer work)
There could be a conflict with your existing themes and plugins.
The plugin author must not reuse the same function names that WordPress core uses. Additionally, the author should make the function names unique to the plugin as not to conflict with other plugins and themes. A function is a defined set of instructions for the program to execute. The plugin author should have basic understanding of this and program the plugin according to WordPress’s suggestions.
The plugin author also needs to keep the plugin up to date with WordPress. When WordPress releases a new version, the plugin needs to be compatible with that version. The author should test and verify that the plugin works properly, or recode if it does not.
Unfortunately, the onus is on the author to keep the plugin up to date. If he or she is a hobbyist, or has other priorities, the plugin will likely be out of date. This leads into my next point:
3) Some plugins can cause security issues
Because development is open to all, the author needs to ensure that the plugin is secure. However, many security issues are found after the fact. And the damage could already be done to your content, database, and website.
What damage? The most nefarious is called a SQL Injection. A hacker can add additional code in a query to your database to execute their own commands. For example, a hacker can delete tables, add records, etc. The most novice developer needs to be aware of this, but there’s no way to know if your installed plug-in is vulnerable unless you know where to look. (and you must understand PHP)
Cross-site scripting and direct access to PHP files are other examples of potential plugin vulnerabilities.
WordPress provides functions and documentation to avoid these issues. But again, it’s up to the author to use them.
4) Your WordPress theme may already support the functionality you need
Bought a fancy new theme? It likely comes with documentation and support. Use the resources you’ve paid for.
Even if your theme was free, it likely has a paid variant. Consider paying for the premium version of the theme if you like it, it has good reviews, and has the features you need. Premium theme developers are more likely to keep the theme/plugin updated to avoid angering paying customers.
5) You may not need one
Want to embed a YouTube video or add a Facebook like button? Don’t need a plugin to do that. The code is available directly from the source to copy and paste into your site. If you are unsure, Google it to find out.
My recommendation is to activate only the plugins you need and deactivate the ones you don’t.
Now, there’s nothing wrong with searching for and installing plugins. As I’ve already said, the ability to extend your site’s functionality is one of my favorite WordPress features. However, you need to do it in a smart way.
In my 5 ways to shop for WordPress plugins post, I will show you how I shop for plugins and what my favorites are.