There are over 59,000 WordPress plugins at the time of writing this article. The number is fluctuating as new plugins emerge, and older ones get removed from the library for security reasons.
Using all 59,000 is definitely an overkill.
But on a serious note, the short answer is: it depends.
In my opinion, the fewer the better. In the past, we’ve handed over websites with just one plugin. We recommend keeping it to the minimum. There’s rarely a reason to include more than just a few. Including the most important plugins such as Yoast SEO or Gravity Forms is usually enough for a business website.
Smaller projects and personal websites are a bit different. There are several issues with using too many plugins, but the trade-off is often worth it. We’ve seen complex websites use dozens of plugins as well, so I’d like to dive deeper into why that’s a problem.
Performance is, without doubt, the biggest pain point for plugins. It might not be the most severe consequence of installing them nonchalantly, but it’s the most common.
WordPress plugins can slow down your website in several ways, including executing heavy scripts or making unnecessary requests to the database – on top of occupying space on the server.
Moreover, they might be optimised but simply provide a redundant functionality, such as using plugins for caching or backups, both of which are usually covered by the hosting.
Here are some the WordPress plugins most likely to affect your performance:
In most cases, there are third-party services that offer the functionality you’re looking for. Alternatively, implementing bespoke solutions with your web agency might be justified in some cases.
Plugin vendors aren’t trying to put your website at risk, or at least the vast majority of these never make it to the official plugin repository.
They are, however, created by developers with various skill level. Freelancers usually can’t provide the level of support and testing needed to ensure a plugin is free of critical security issues. In some cases, plugin functionality is restricted because of security but workarounds that include code manipulation can be found online. This is another red flag.
WordPress itself often uses multiple functions that achieve the same thing functionality-wise, but the security settings of these functions may vary. Sending sensitive data using a function that doesn’t validate the input or user privilege won’t break the plugin, but it can harm your website and its visitors when discovered.
Plugins that are often banned for security reasons include:
Plugins are a bit like garden plants. They bring something good to your life but require careful maintenance. I’ve seen websites of large businesses break with one click of the “Update plugin” button.
Have you? Share your experience in the comments.
Even the powerhouses like WooCommerce suffer from occasional vulnerabilities due to the changes in WordPress or newly discovered issues.
Assuming you’ve dodged all the performance and security bullets and installed 30-40 best-in-class plugins, that doesn’t necessarily mean you’re all set.
As mentioned, plugins use various default WordPress functions to deliver their features. These functions interact with your website and database in various ways and sometimes this might simply lead to a plugin collision.
We’ve seen plenty of poorly maintained websites with plugin bloat and fixing these is extremely time-consuming – and sometimes even impossible. Introducing an unreasonable number of variables (plugins) to your site will cripple even the best websites.
In our experience, allowing clients to install plugins without consulting it with us almost always has a negative effect – both short and long-term.
And that price isn’t always directly expressed in pounds, euros or dollars. But it can quickly catch up, making the “free” solutions some of the most expensive ones you’ve seen.
Thankfully, using great plugins in moderation and under supervision almost nullifies the risk. If you recognise the issues listed in this article, your site will be safe.
All of the above issues are more or less solved with the “headless” approach to WordPress, in our latest article. We’re slowly introducing the new take on WordPress to those of our clients that would benefit from it. It’s still quite the fresh technology, but it has a ton of potential.
Originally published Nov 14, 2019 9:11:01 AM, updated June 30 2023.