Jak wybrać wtyczkę do WordPressa?
Kamil Porembiński
Kamil Porembiński
23.07.2018

How do I choose a WordPress plugin?

I’ve met this question many times – “How do you choose plugins?”, “On what basis do you choose plugins? Well, choosing a plug-in is often not an easy process, but there are a few things to pay attention to before choosing the one that should solve our problem – below are some tips on how to make a good choice.

Consider if you need a plug-in at all

This point mainly concerns two cases:

  1. Very simple problems,
  2. Complicated problems.

In the first case, it may turn out that instead of installing the plug-in, it is enough to add a piece of code in the functions.php file of your child’s theme. Examples of such problems are:

In the second case, it may turn out that it is better to bet on a proprietary solution than to try to “improve” it (usually) with a few plugins. This group most often refers to problems that we solve on the basis of “Plug-in X does not have functions A, B and C, but they have plugins Y and Z”. Most often it means significant problems at the level of integration of X, Y and Z plugins and additionally side effects in the form of an additional overhead, unnecessary and unused code.

Select the level of complexity of the plug-in according to the scale of your problem

Let’s make an agreement – installing WooCommerce, when you want to sell on page 2 e‑books is a bit oversized form over content. Of course, there is always someone who says “but maybe next year I will have a shop with e‑books! It’s better to be prepared for it in advance”.

It is worth to be pragmatic in such a situation and apply solutions adequate to the scale of its current activity, possibly with a certain buffer. Of course, I wish everyone to succeed, develop their business to such an extent that the preparations made at the beginning are finally useful, but life shows that hardly ever is as planned – especially in the world of beginner businesss/projects, where we are just beginning to discover our target group.

Coming back to the above example from WooCommerce – why not? Because WooCommerce is quite a big combine harvester, it requires a certain level of knowledge, proper configuration and (or maybe most of all) maintenance. Maintenance in this case manifests itself in the fact that WooCommerce, like every larger plugin, is constantly evolving – its API changes and sometimes it is necessary to adapt the theme to it.

Is it worth spending money and time on something that may not be useful at all in the future? I don’t think so.

Another example is the plug-ins for managing galleries – if you have a relatively small number of photos, you can calmly solve it with the gallery mechanism built in WordPress.

Check that the plug does not contain any safety errors

I mentioned the subject of the gallery on purpose in the previous point. There is a popular plug-in from the gallery – NextGEN Gallery. However, when we look at the WPScan Vulnerability Database, we will see that more or less every large version of this plugin recently had some kind of security gap – and these are not some minor shortcomings, but serious bugs like SQL Injection or the ability to send any file to our server. When we add to this a lot of popularity of this plug-in you can see that we risk quite a lot, because this type of vulnerabilities in popular plugins most often end up with massive attacks on websites using these plugins.

Of course it’s hard to get the software without security bugs, but it’s always worth checking if the plug-in had a lot of security problems in the past, and if so, if there were no small scandals around this topic. Some plugin authors are reluctant to share information about security vulnerabilities in the changelog or react to errors only after publishing vulnerabilities publicly.

In general, the more popular a plug-in and the more safety bugs it had in the past, the more cautious we should approach the plug-in.

See what the repository says about the plugin

Each plug-in in the repository has some useful information to make a decision to install it. It is worth noting:

  1. Proportion of positive marks (5 and 4) to negative marks (1 and 2),
  2. Reviews issued by users – it may turn out that the description of the plug-in is misleading or the plug-in does not do what we would like it to do,
  3. Response time on the forum of a plugin existing on the repository – thanks to this we know how much more or less we can wait for a response from the author. The red lamp should light up when the author is not very active in the forum,
  4. Compatibility of the plug-in with the currently used version of WordPress,
  5. Number of active installations (I personally avoid those < 1000 if I can),
  6. Date of last update,
  7. Frequency of updates.

The last two points should also refer to the level of complexity of the plug-in – if the plug-in does one thing and its code closes in several hundred lines of code, it is no wonder that from 2 to 3 years lies outdated – it simply works.

Investigate the impact of the plug-in on your website’s performance

It is worth to temporarily install the Query Monitor plugin and refresh the page several times, noting the response time and the number of queries. Then repeat the operation after installing the plug-in. A simple matter and avoids unnecessary costs.

Recently I had a case when a plugin that did what 6 lines of CSS code (with prefixes) extended the time of loading the page by 5-6 seconds and added 80 SQL queries to the database.

Verify that what the plug-in does is certainly done with the use of appropriate technologies

This is a point for more advanced users with technical knowledge – it is sometimes worth checking how the plug-in solves a given problem. For example, in the previous point I described just such an example – the plugin on the server side did something that can be done through CSS/JS code – many times faster and without overloading the server.

The additional benefit of this approach is that many new tricks and solutions can be learned.

For large plugs, test it locally

If you are trying to install a larger plug-in, it’s a good idea to examine its impact on our site on the local installation or test environment. This will avoid many unexpected problems and conflicts.

Prefer plugins from the repository

Especially for smaller plugins – it’s a good idea to use those found in the official plugin repository. For the simple reason that they have been reviewed by volunteers and meet certain standards of security and code quality.