It’s safe to say WordPress owes a lot of its popularity to plugins. Being able to expand the functionality of your website with a single click is extremely convenient and efficient. The features range from simple quality of life improvements to advanced ecommerce solutions. But the convenience comes at a price. Careless usage of WordPress plugins has several disadvantages.
Performance is, without doubt, the biggest pain point for plugins. It might not be the most severe consequence of installing them nonchalantly, but it’s the most common.
WordPress plugins can slow down your website in several ways, including executing heavy scripts or making unnecessary requests to the database – on top of occupying space on the server.
Moreover, they might be optimised but simply provide a redundant functionality, such as using plugins for caching or backups, both of which are usually covered by the hosting.
Here are some the WordPress plugins most likely to affect your performance:
In most cases, there are third-party services that offer the functionality you’re looking for. Alternatively, implementing bespoke solutions with your web agency might be justified in some cases.
Plugin vendors aren’t trying to put your website at risk, or at least the vast majority of these never make it to the official plugin repository.
They are, however, created by developers with various skill level. Freelancers usually can’t provide the level of support and testing needed to ensure a plugin is free of critical security issues. In some cases, plugin functionality is restricted because of security but workarounds that include code manipulation can be found online. This is another red flag.
WordPress itself often uses multiple functions that achieve the same thing functionality-wise, but the security settings of these functions may vary. Sending sensitive data using a function that doesn’t validate the input or user privilege won’t break the plugin, but it can harm your website and its visitors when discovered.
Plugins that are often banned for security reasons include:
Even the powerhouses like WooCommerce suffer from occasional vulnerabilities due to the changes in WordPress or newly discovered issues. We publish a monthly WordPress Vulnerability Report to keep you in the loop.
Assuming you’ve dodged all the performance and security bullets and installed 30-40 best-in-class plugins, that doesn’t necessarily mean you’re all set.
As mentioned, plugins use various default WordPress functions to deliver their features. These functions interact with your website and database in various ways and sometimes this might simply lead to a plugin collision.
We’ve seen plenty of poorly maintained websites with plugin bloat and fixing these is extremely time-consuming – and sometimes even impossible. Introducing an unreasonable number of variables (plugins) to your site will cripple even the best websites.
In our experience, allowing clients to install plugins without consulting it with us almost always has a negative effect – both short and long-term. To tackle this, Nerd Cow offers bespoke WordPress maintenance services, from consultation, through plugin updates, to bug fixes.
And that price isn’t always directly expressed in pounds, euros or dollars. But it can quickly catch up, making the “free” solutions some of the most expensive ones you’ve seen.
Thankfully, using great plugins in moderation and under supervision almost nullifies the risk. If you recognise the disadvantages listed in this article, your site will be safe.
All of the above issues are more or less solved with the “headless” approach to WordPress, described by our developer, Michał Kotowski, in our latest article. Nerd Cow is currently researching the possibility of bringing the new face of WordPress to our customers.
Originally published Nov 14, 2019 9:11:01 AM, updated October 23 2020.