Choosing right WordPress Plugins is like visiting a used-car salesman. If you don’t take a mechanic with you, there’s a good chance you’ll drive away in a lemon. WordPress’s greatest strength is the vast array of plugins that change its behavior and add features, but among all the well-written and secure plugins, there are plenty of lemons that you wouldn’t want to install on your blog or business site.
We don’t all know a WordPress expert to call on for help when we need a plugin, so we must learn how to test WordPress plugins for ourselves. It’s important to understand how to make reasonable judgments about plugins because the wrong plugin can cause a WordPress site to stop working correctly and introduce dangerous security vulnerabilities.
When you start a used car, and great billows of smoke pour out of the exhaust and the engine bangs like a jackhammer, you don’t get your wallet out. Similarly, there are some definite signs that a WordPress plugin should be avoided.
Free plugins should be downloaded from the Official WordPress Repository. Premium plugins should be downloaded from a reputable marketplace or the developer’s site. Do not install WordPress plugins if you’re at all suspicious about the origin.
Most importantly, if you see a premium plugin — a plugin you must pay for — offered for free, be cautious. It might be tempting to install “pirate plugins,” but they’re often riddled with malware and backdoors. Pirate plugins put your site and its users at risk.
Almost as important, don’t install plugins that look like their developer has abandoned them. Unmaintained plugins cause two types of problems. Firstly, unpatched security vulnerabilities may lurk in the code, and they are unlikely ever to be fixed. Secondly, WordPress changes over time; if plugin developers don’t keep up, their plugins may include incompatibilities that can stop them working correctly or cause issues on your site.
The WordPress Plugin Repository’s plugin pages have the information you need to understand how well the plugin is maintained. Look for details about when the plugin was last updated. I would recommend caution for any plugin that hasn’t been updated for more than six months. The plugin page will also tell you which version of WordPress the plugin is compatible with. Make sure it’s compatible with the version of WordPress your site runs on (which is the most recent version, right?)
Have a clear idea of what you want the plugin to do. Do you want a caching plugin, a security plugin, a Google Analytics plugin, an eCommerce plugin? Once you know what you’re looking for, use the search box on the WordPress Plugin Repository to find plugins that fulfill your criteria. The repository search is quite good, but I always use Google for supplementary searches. Google searches also unearth reviews and curated plugin lists that can be quite useful in sorting the wheat from the chaff.
After searching, go through the candidates. Reject any plugin that seems to be unmaintained, or that has a low star rating in the repository. Popularity isn’t always an indicator of quality, but you should at least look at the number of installations a plugin has: if it’s low, there is probably a reason.
For premium plugins, the filtering process is different, but the principles are the same. Reviews, user comments, and support requests give a strong indication of the quality of a plugin.
Once you’ve settled on a candidate plugin, it’s time for a test drive. It is not a smart idea to test plugins on a busy live site, so I use a local WordPress installation or a staging site that has been synced with the live site. Creating local WordPress development environments and staging sites is beyond the scope of this article, but there are many excellent guides available online.
Install the plugin and play with it. Check that it doesn’t break anything and it that it includes the features that you need.
At this point, you can be reasonably sure that you have settled on a useful plugin, so all that’s left is to install it on your live site. Once that’s done, load a few pages to check that everything is working as before.
This might seem nonsensical for a single plugin, but once you know what you’re looking for, you’ll be able to zone in on the perfect plugin in no time at all.