The plugin ecosystem is one of WordPress’s greatest strengths. Thousands of developers build and maintain a bewildering array of plugins with features that range from minor graphical tweaks to full-blown eCommerce stores. But the variety of plugins can introduce problems, especially if they aren’t managed properly. Plugins are of varying quality and usefulness.
Experienced WordPress site owners keep a close eye on the number of plugins they use, where they come from, and how well they’re developed. In my years as a WordPress user, I’ve discovered a few rules for dealing with plugins that help keep site secure, fast, and uncluttered.
Less Code Is Better
My first rule: use as many plugins as you need, but no more. There’s nothing wrong with using plugins to give a site the functionality it needs. Installing a lot of plugins doesn’t necessarily cause a problem, but leaving too many unnecessary plugins installed might.
Every plugin introduces code into your site, and, in general, the less code you can get away with the better.
The code needs to be executed, and that takes time. If a plugin collects data from the database, it runs queries. Many plugins introduce front-end elements that cause latency as they load and run on the user’s browser. The cumulative effect of these latencies can result in a sluggish experience for users. You shouldn’t be scared to incur a performance penalty if a plugin is genuinely useful, but if you’ve decided you don’t need the functionality, there’s no reason to keep the plugin installed.
Secondly, adding extra code to a site increases the likelihood of bugs and security vulnerabilities. Any plugin might introduce a security vulnerability. The risk is small if the plugins are kept up-to-date, but if you aren’t using the plugin, there’s no benefit to taking that risk.
In short, if your site doesn’t depend on a plugin, uninstall it. You lose nothing and may see security and performance benefits.
Take Care What You Install
As I’ve already said, installing plugins introduces new code into your site. That code has access to the database and to your users. You should think about the security implications of every plugin you install. Additionally, poorly coded plugins can introduce performance problems and break parts of a site.
Before installing a plugin, satisfy yourself that it is actively maintained, frequently updated, that a reliable developer created it, and that it is compatible with recent versions of WordPress. You should be able to find all of that information on the plugin repository or the developer’s site.
Update Your Plugins!
Finally, make sure you regularly update plugins. WordPress users who neglect to update WordPress are a major cause of hacked sites. Updates include security patches, so you should update even if you aren’t interested in new features.
In summary: take full advantage of the richness of the WordPress plugin ecosystem, but be careful what you install, remove plugins you aren’t using, and update plugins whenever a new version is released.