January 23, 2018

Manage WordPress Plugins For Optimal Security And PerformanceThe plugin ecosystem is one of WordPress’s greatest strengths. Thousands of developers build and maintain a bewildering array of plugins with features that range from minor graphical tweaks to full-blown eCommerce stores. But the variety of plugins can introduce problems, especially if they aren’t managed properly. Plugins are of varying quality and usefulness.
Experienced WordPress site owners keep a close eye on the number of plugins they use, where they come from, and how well they’re developed. In my years as a WordPress user, I’ve discovered a few rules for dealing with plugins that help keep site secure, fast, and uncluttered.

Less Code Is Better

My first rule: use as many plugins as you need, but no more. There’s nothing wrong with using plugins to give a site the functionality it needs. Installing a lot of plugins doesn’t necessarily cause a problem, but leaving too many unnecessary plugins installed might.
Every plugin introduces code into your site, and, in general, the less code you can get away with the better.
The code needs to be executed, and that takes time. If a plugin collects data from the database, it runs queries. Many plugins introduce front-end elements that cause latency as they load and run on the user’s browser. The cumulative effect of these latencies can result in a sluggish experience for users. You shouldn’t be scared to incur a performance penalty if a plugin is genuinely useful, but if you’ve decided you don’t need the functionality, there’s no reason to keep the plugin installed.
Secondly, adding extra code to a site increases the likelihood of bugs and security vulnerabilities. Any plugin might introduce a security vulnerability. The risk is small if the plugins are kept up-to-date, but if you aren’t using the plugin, there’s no benefit to taking that risk.
In short, if your site doesn’t depend on a plugin, uninstall it. You lose nothing and may see security and performance benefits.

Take Care What You Install

As I’ve already said, installing plugins introduces new code into your site. That code has access to the database and to your users. You should think about the security implications of every plugin you install. Additionally, poorly coded plugins can introduce performance problems and break parts of a site.
Before installing a plugin, satisfy yourself that it is actively maintained, frequently updated, that a reliable developer created it, and that it is compatible with recent versions of WordPress. You should be able to find all of that information on the plugin repository or the developer’s site.

Update Your Plugins!

Finally, make sure you regularly update plugins. WordPress users who neglect to update WordPress are a major cause of hacked sites. Updates include security patches, so you should update even if you aren’t interested in new features.
In summary: take full advantage of the richness of the WordPress plugin ecosystem, but be careful what you install, remove plugins you aren’t using, and update plugins whenever a new version is released.


Nexcess, the premium hosting provider for WordPress, WooCommerce, and Magento, is optimized for your hosting needs. Nexcess provides a managed hosting infrastructure, curated tools, and a team of experts that make it easy to build, manage, and grow your business online. Serving SMBs and the designers, developers, and agencies who create for them, Nexcess has provided fully managed, high-performance cloud solutions for more than 22 years.

We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.