Did you know that plugins are the biggest security risk for a WordPress website?
55.9% of WordPress security breaches are because of an insecure or out-of-date plugin, according to a 2016 survey of 1,032 website owners.
But security is only one thing you need to consider.
What about functionality, stability, support, ease of use and documentation? Choosing the right plugin for you is a daunting task.
How can you be sure that your dream plugin isn’t a nightmare waiting to be unleashed?
Or you may already know about a headache inducing plugin. Causing your website to grind to a halt, display cryptic errors, crash and/or leak confidential data.
You end up pulling your hair out.
There are over 54,000 plugins in the official WordPress plugin repository.
If you don’t have a technical person to help you out, how do you know where to start?
This guide and free checklist will help you deal with plugins without the headache, so you can get on with building your business without worrying about your website going offline or having your customers’ data stolen.
Planning – Choose your must-have features
List your features
What do you want from the plugin? Do you want visitors to sign-up to your newsletter? Show off your featured products? Improve your page loading times?
Some plugins come loaded with features. But if you only need one or two things, there may be smaller, faster plugins that will do the job better.
What features do you need?
Which features would be nice but not necessary?
Keep that list next to your screen while you search for plugins.
Set a budget
How much do you want to pay for a plugin? Not all of them are free.
There are a few ways developers make money from their plugins.
A lot of WordPress plugins are free. WordPress has a fantastic community of plugin developers, which might have been why you chose WordPress in the first place?
A completely free plugin may ask you to leave a review, feedback or a small donation. If you can, leave a good review.
Free plugins with paid add-ons
A lot of plugin developers offer the main plugin for free. You only pay for add-ons.
Most customers only need the main plugin, but if you want the extra features, you’ll pay for them.
So to give you an example. A free contact form plugin will have an optional paid add-on, which will let people sign up to your Mailchimp newsletter.
Free “Lite” version with paid “Pro” version
This is similar to the previous example, but instead of add-ons for different services, you’re getting things like more core features, unlimited usage, custom branding options, etc.
Plugins available on WordPress.org often use this payment model.
You get a free version of the plugin with the basic features, which will cover most things you need it for.
The paid, professional version will have more options. E.g. customer support, more style options, more features, etc.
A few plugins are only available to buy. You won’t find a free version on WordPress.org.
Most have a trial period of 14-30 days, so you won’t get stuck with an expensive plugin you don’t use after testing it out for a few days.
If a plugin doesn’t have a trial or refund policy, check the website you buy it from. Marketplace websites have refund policies that plugin developers need to honour.
Tip: The two types of payment options you need to know about.
You’ll be charged annually for a license to use the plugin. The license will give you access to plugin updates and support.
Once the license expires, you can keep using the plugin, but you won’t get updates or support.
If you renew your license, you’ll get another year of updates and support from the developers. You’ll also get all the latest features if the plugin is still in development.
If you don’t renew, you’ll still be able to use the current version of the plugin you’ve got installed. You won’t need to pay, but you won’t get updates either.
It’s not necessary to always have the latest version of a plugin. But it’s worth subscribing to plugin update emails, so you get notified about new updates.
You’ll want to keep an eye out for any security patches. Don’t let your site get hacked because you’ve got an old plugin that has a security issue in it.
You pay for the plugin once. You’ll get a license that will give you access to plugin updates.
Plugins using this option don’t usually have free support. Instead you will get access to a community forum where you can ask other customers for help.
Searching – Find the plugins that match your requirements
Where to find WordPress plugins
WordPress.org plugins directory
WordPress.org should be your starting point. It hosts over 54,000 plugins, which makes it the largest plugin repository.
Use the search bar at the top of the page to find plugins. Look back at your list of features to pick what search term you want to use.
Every plugin has tags. These tags group together plugins with similar features. Searching by tag will help you narrow down your results.
One downside of the WordPress plugin search engine is that it’s quite limited. You can’t search for more than one tag at the same time, which can be frustrating if you’re trying to to search for a combination of features.
But you can look at the tag list for each plugin to see other tags, which will help you find plugins you might have missed.
CodeCanyon is an online marketplace for paid-for WordPress plugins.
These plugins are ALL paid for, not free. Skip to Search Engines if you aren’t ready to buy a plugin yet.
You’ll find more business/sales/marketing-oriented plugins on CodeCanyon than on WordPress.org. If you’re looking for these types of plugins, CodeCanyon is often your best bet.
Start your search by selecting the WordPress category. Use the category filters combined with the search bar form to filter your results.
Developers like to use CodeCanyon, as the platform puts their plugins in front of paying customers and handles the invoicing and payments for a small fee.
Any developer can create a plugin which can be sold here. To date there are over 6,800 WordPress plugins available to buy.
There is a plugin vetting process, but be aware that anyone can create a plugin, and quality can be questionable at times. Be sure to look at the feedback from existing customers to check for quality issues.
Tip: Sort by “Best Sellers” to see the most purchased plugins. These plugins have already been reviewed by other website owners.
Search engines give you all the results from each platform. But they work best if you know what you’re looking for.
If you’re just browsing, the tags and categories filters on WordPress.org and CodeCanyon might be a better option.
Plugin developer’s websites
Many of the larger plugin developers host their plugins on their own websites.
These plugins often have the best functionality, support and documentation. Entire companies are built around these plugins and developers’ livelihoods depend on how well these plugins work for their customers.
Because of this they are usually the most expensive plugins.
Some developers will include a free version of their plugins on WordPress.org so they get the increased exposure. If you want to get the premium features, you’ll need to purchase the full plugin directly from their website.
WooCommerce extensions store
WooCommerce is the largest e-commerce plugin for WordPress. If you don’t want an e-commerce website you can skip this section.
The WooCommerce extensions store is where you’ll find most of the add-ons you’d need for a WooCommerce shop. The add-ons extend WooCommerce with more features like shipping prices per country, multi-currency support, additional payment gateways, etc.
You can get WooCommerce plugins from other websites. But the plugins here have been reviewed and approved by the WooCommerce team, so you can trust you’re getting plugins that will work seamlessly with your WooCommerce shop.
Github is a website for developers to host their projects.
If you need a very niche plugin, you might find it here.
Don’t expect to get the same level of support as you would from the other websites. But you can contact a developer directly and if they’re still working on the plugin, they’ll usually be happy to help.
Developers will have likely built the plugins for themselves, so don’t expect it to be as pretty or easy to use as a commercial plugin.
Comparison shopping – What to look for when choosing a plugin
Lots of positive reviews from other WordPress website owners is a great indicator that a plugin could be a good choice.
But you’ll also want to consider the neutral and negative reviews.
- Are the most recent reviews mostly positive, negative, or mixed? Has the plugin developer has released a new version which sets your computer on fire?
- For the neutral and negative reviews, what are people complaining about?
- What type of reviews are people leaving? Some plugins really push you to leave a review. Do the reviews seem genuine or did someone leave a review to get rid of an annoying pop-up?
- Do the reviews look like they have been written like real people? Learn how to spot fake reviews.
WordPress version compatibility
WordPress has been in development since 2003.
In 2018 alone, there have been 11 minor updates and 1 major update with WordPress version 5 being released. WordPress 5 comes with the new Gutenberg editor, which is a huge change in the way WordPress handles the content editor.
Because of the frequent changes and the complexity of WordPress, you should plan for plugins to have problems and break from time to time.
Updates can change how WordPress works and plugin developers are sometimes caught out by these changes, leading to problems.
You can save yourself a major headache by checking a plugin works with the version of WordPress you’re using.
If a plugin says it was updated 2 years ago and was last tested with WordPress 4.6 or below. Be worried.
Sure, the plugin might work, but be careful!
Overall, it might be easier and less stressful to choose a different, more recent plugin. If you can find an alternative that has all the features you need (or most of them) and is compatible with the version of WordPress you’re using, go for that one.
But if you have to use this particular plugin check the other things in this section, read the support forums, take a backup and test it on a computer. Preferably not the one running your website!
Tip: Before you install any plugin, take a full backup of your website and database. Not sure how to do this? Watch our backup guide video or contact us for free advice.
Can you see how many times has the plugin been downloaded?
The total downloads number will give you an idea of how popular a plugin. Popularity is a good indication of trustworthiness.
Don’t discount a newer plugin because it’s download count is lower than a plugin a few years older. Look at the release date for the plugin as well.
Support response time
Most plugins will have some level of support from the developers.
Check how long it takes the developer to reply to customer questions. A day or two is decent, but more than two weeks with no response is a red flag. The last thing you want is to be waiting weeks to hear back from a developer about a critical bug.
WordPress.org and a few other sites have forums for each plugin, where customers can post messages and get help from the developer and each other.
How often are people posting about problems with the plugin? Are a lot of people posting about the same problem without getting an answer?
Some plugins will have a Frequently Asked Questions (FAQs) section.
Newer plugins may have more general FAQ questions and answers written by the developers. But older plugins should have real questions from customers.
Check to see if there are any questions which might be relevant for you and what you’re trying to do.
Also check if the developer has a contact form or email address to submit FAQ questions.
Good documentation is useful. Bad or no documentation is a big red flag.
The most useful documentation you can read are the setup and troubleshooting guides.
These two guides should show you how to use the plugin and how to set it up correctly. If you don’t easily understand them and you’re not naturally technical, that could mean you’ll struggle to get value from the plugin.
You may also find answers to common customer questions in the documentation.
Changelogs are notes from the plugin developer. These notes list the plugin’s changes since the last version.
You might see a changelog like “Minor bug fixes”, which isn’t very helpful. But many developers will list all the updates. The biggest changes are at the top of the list.
Changelogs are a good way to see what changes a developer makes to their plugins. They are very concise lists, quickly telling you about all the important updates, saving you time and making you aware of new features, bug fixes and security fixes.
Changelogs aren’t required and may not contain any useful information if the developer doesn’t want to include it.
If a hacker gets into your WordPress website, the most likely reason is an insecure plugin.
Check the WordPress Vulnerability Database for your plugin to see if there are any known security vulnerabilities with it. Look at older versions as well.
If there are a lot of vulnerabilities, it may be that the developer isn’t taking security seriously. Do you want to trust their plugin on your website? Would you let someone with this kind of lax attitude to security look after your house while you’re away?
The developer’s other plugins
Check the developer’s website or profile to see what other plugins they have developed.
Does it look like they’re working on WordPress full time, or is their plugin just something small they made on the side? If they’re making a livelihood from their plugins, they’re more likely to be invested in getting things right.
Decision time – Narrow down your shortlist of plugins
By now you should have found a few plugins that have the features you listed at the start.
Now it’s time for you to start testing them. Don’t just test the features, but also test how the plugin affects your website.
Do you notice any new error messages or performance issues? A badly written plugin could really mess up your website.
Tip: Before testing, take a full backup of your website and database. Use our backup guide if you don’t know how to do this.
Make sure to take a backup of your website and database before making any changes to your website. That includes installing plugins.
Tech alert: This section requires intermediate knowledge about setting up websites.
If you don’t have experience with this please do not attempt it yourself as you’ll be spending more time than you’re saving using this guide. If you need our help testing a plugin, please contact us.
Take a backup of your website and install it on your computer or on a test/staging server, if your hosting provider offers a test/staging server. That way you can test the plugins without affecting your main website.
How to test your plugins
Before testing, make sure you have a full backup of your website.
You should be testing plugins on your own computer or a test/staging server, rather than your main website, but if you need to use your main website do these things first:
- Make sure the backups include all your website files, media and database
- Check you have access to the server and/or a support person
- Do the testing outside of business hours
- Set aside a few hours in case of problems
- Put your website into maintenance mode
- Read each item in this section before making any changes
Installing the plugin
Tech alert: This section requires intermediate knowledge of the WordPress filesystem and PHP. If you aren’t familiar with these topics, please skip this section.
Enable the WP_DEBUG setting in WordPress before you install plugins. You can do this by editing the wp-config.php file.
Turning it on will show you any errors or warnings during installation.
Check there aren’t any errors or warnings before you install the plugin.
It’s not a big deal if there are some warnings, but note them down so you know they aren’t from the plugin. You’ll want to fix errors ASAP, so try to fix them before installing any new plugins.
Make sure you have the latest version of the plugin, and that it’s compatible with the WordPress version you are using before you install it.
Once it’s installed and activated, check for any new errors or warnings. You might not see these on the plugin management page, so also check the settings page for the plugin and the website.
Don’t forget to turn off WP_DEBUG once you’re done.
General First Impressions and Usage
Use the plugin and see if it has everything you were expecting. Compare it to your list and test each feature.
Do you notice anything bad?
Are your posts loading slower than before?
Is the plugin constantly spamming you to buy the full version?
Is it really confusing to use?
These are all easy things to check and you don’t need to be super technical to do them.
Chrome Developer Console
Google’s Chrome browser has a built-in console to help you find errors and areas for improvement. Other browsers have similar consoles, but we recommend Chrome.
You can learn more about using the console here.
As this is a basic check, we are just going to be looking for warnings and errors. These will be listed in red when you have the console open and you look at a web page.
The errors will tell you what’s gone wrong, but not how to fix them. Try copying and pasting the text into to Google along with the name of the plugin to see if anyone else has gotten the same error.
If it’s a common error you should be able to find a way to fix it by going through the results. If you can find other people asking the same question, but no answer, you can leave a comment saying you have the same issue, or reach out to the plugin developer for help.
As we mentioned earlier, look at the console for errors and warnings before and after installing the plugin to make sure it’s the plugin causing the errors, not something else.
Lighthouse is a tool used to audit websites and apps for performance, accessibility, best practices and SEO.
You can use it using the Chrome Dev Tools instructions here, or on the web.dev website. If you’re testing on your computer as opposed to a website that’s accessible to the public on the Internet, you can only use the Chrome Dev Tools.
When you run a check on your website, you’ll get a score in the four categories.
You can view a detailed report, which gives you a list of all the issues that the tool has identified along with recommendations and options about how to fix them.
Tip: Read our guide about how to fix the most common issues generated by the web.dev report.
As above, run this tool before and after installing the plugin and note any issues.
All WordPress plugins will have their code available to review. Code reviews check for code quality, bugs, ease of maintainability and security issues.
You can do automated and/or manual code reviews. In either case you will want an experienced WordPress developer to help you understand the results.
If you are comfortable with WordPress and have an idea of how it works, you can use a monitoring plugin to check performance.
Developers use the Query Monitor plugin to check performance and debug error messages. It shows you lots of technical information, so we only recommend it if you have a working knowledge of WordPress.
Do you want more actionable tips to save time improve the performance of your WordPress website? Enter your email address and we’ll send them straight over.
You’ve learnt how to plan, search, compare and and decide which plugins to use for your website.
Plan: Remember that a solid plan, listing the required and nice-to-have features is the first step to saving time. Target those required features first to eliminate unsuitable plugins.
Search: Use the websites we’ve listed in order. WordPress.org and CodeCanyon are the most popular websites for plugins. If you can’t find them there, use a search engine and include “wordpress plugin” in your search query.
Compare: Compare the features, but also consider what other customers have to say about the plugins. Check the documentation and support forums so you know you won’t be left high and dry if you have a problem.
Decide: Use the tools we suggest to check how the plugin performs on your website. Really dig in to the plugin and check it against the features you’ve listed in your plan.
You now have the tools to save yourself hours by having a concrete method for reviewing WordPress plugins. You can feel confident that your choice of WordPress plugin won’t end in disaster and that you’ll have your website running smoothly and looking great, ready to get you new traffic and more business.
If you’re not sure about any of these steps or don’t have time to go through them by yourself, please send us a message. We’ve got loads of experience helping our customers choose, install, troubleshoot and fix WordPress plugins.