When it comes to plugins, keeping your WordPress installation lean will ensure better website speed and tighter security.
You should choose your WordPress plugins carefully and only use as many as necessary for key components of your website. We use the following guidelines when choosing plugins, and will discuss these guidelines in more detail later in this article.
- Only use plugins from established providers.
- Check the Last Updated stat on the plugin home page. In general, make sure the plugin has been updated within the last 12 months.
- Check the Active Installations stat on the plugin home page. Find a plugin with a high number of Active Installations.
- Check the Ratings stats on the plugin home page. Click to view some ratings and comments.
- Check the Support tab on the plugin home page. See how the plugin developer handles support requests.
Choose a set of standard WordPress plugins for new projects.
In addition to the above guidelines, we have a few standard plugins we use on almost every project. These plugins provide key functionality that would be hard to duplicate by creating custom WordPress plugins or functions.
Our standard WordPress plugins:
- Advanced Custom Fields Pro – for making the WordPress edit screens easier to use
- BackupBuddy or Duplicator – for website backups and migration
- Gravity Forms – provides robust forms that are easy to create
- Max Mega Menu – for easy to build navigation systems for desktop and mobile
- WordFence Security – the top free security plugin for WordPress
- Yoast SEO – makes sure your basic SEO needs are easily met
- Swift Performance or W3 Total Cache – for ensuring your website loads as fast as possible
- Soliloquy Slider – for slideshows and photo albums where required. We prefer the Ken Wheeler slider which is not a plugin
- Relevanssi Search – when search is needed we use this plugin to improve the built-in WordPress search
- ManageWP – a control panel and functionality provider to manage multiple WordPress websites
How to select the best plugins for your WordPress website.
With over over 58,000 free WordPress plugins to choose from, how do you select the right ones for your website?
1. Determine what functionality you need.
Deciding the exact functionality you require for your WordPress project can be a small task in itself. For instance, do you want to require your blog readers to register for in-depth reviews of products you write about, while allowing non-logged in readers to view more simple reviews? If so, that requires a very specific type of plugin, and a simple login plugin, or basic WordPress page security, won’t meet your needs.
You’ll have a better understanding of what’s available if you take some time to determine the list of features you require. Many times plugins with very specific functionality are only provided as premium plugins that you’ll pay a small fee to use.
2. Search for reviews on the plugins you’re considering.
Once you’ve made your list of possible plugin choices, begin searching for reviews about each one. It’s often a good idea to use Reddit as part of your search term. Reddit features discussions that are unfiltered. So a search for a security plugin might look like “WordFence Security plugin Reddit”. By the time you read through the search results for this alone, you’ll have a far better understanding of your needs and whether the plugin in question will meet it, or if there’s a better choice.
3. Check the plugin stats.
The plugin stats are shown on the right side of the plugin home page. The two most important stats are the Last Updated and the Active Installations. Last Updated shows when the plugin was last changed by the developer. This could have been a security update or a bug fix. Recent updates show that the developer actively maintains the plugin, whereas a last update of over 12 months might mean that it has been abandoned. Lack of a recent update might also mean that the plugin is functioning fine and doesn’t need any changes or updates. This is often the case with plugins that provide very simple functionality.
Although we’ve quit using WordPress Widgets for most of the websites we develop, we often used a plugin called Widget Logic in the past. This plugin hasn’t been updated in 2 years but the functionality it provids is so simple that it’s probably perfectly fine. That said, if we decided to use widgets on a project we would investigate more current plugins to see if there’s a better choice.
4. Check the Support tab on the plugin home page.
All of the plugins on the WordPress repository are offered for free. The developers are often supporting their work for free as well, although many plugins have a paid version with enhanced functionality that helps support the developers work. If you see low ratings for free plugin check to see what issues the person had, and if they are simply expecting a high level of support from a developer for free. It’s amazing the level of support some people expect for something they received for free.
5. Check the plugin ratings.
Most people use WordPress plugins without rating them so it’s probable that a plugin in use by thousands of people might not have many ratings. Also note that on the ratings screenshot shown on the right, there’s a large number of positive ratings, few in the middle, and a significant number of low ratings. Check the low ratings to see if the comments have any merit. Oftentimes the low ratings come from users who expect a high level of service for something they’re getting for free. Other times the low ratings have merit and can guide you in your search.
6. Conduct regular plugin audits.
Any plugin you install on your website is potentially a way in for a hacker or for a malicious plugin developer.
Some plugins get transferred to new ownership over time, which can either be a plus for the plugin, or a reason to abandon it. There have been cases where widely used plugins got transferred to a new owner, and the new owner installed malware on all of the websites using that plugin. The WordPress repository does a better job checking for malware now than it did in the past, so hopefully this won’t be a problem moving forward.
Conduct regular plugin audits, perhaps yearly, to make sure the plugins you’re using still meet the security and functionality requirements that your website needs.
7. Rinse and repeat.
Each time you consider using a plugin use these plugin choosing steps to make sure you’re choosing the latest and the best. The list of plugins is always changing.
How many plugins is too many?
It’s common for business websites to have around 20 plugins, although some business websites have up to 50 or more. Chances are a WordPress website with over 30 plugins could use some help in paring them down, both for website speed and security.