When I started and discovered the WordPress plugin repository it was like walking into a free candy store. Calorie Free Candy store. It was soooo fun!
…install and test.
…install and play.
…install and forget.
This sounds good in theory, except for one huge problem: plugins are not candy.
Last year I did an object lesson with my youngest. We gathered ourselves a few balloons, pins and water. We filled the balloon with water (over the sink). And put a pin in it. A tiny sharp quilting pin. Water did not leak out. Nothing broke.
When we pulled the pin out, nothing happened. Not even a drop. So… being brave, we squeezed… one drop.
So we tried another pin… (this is a great object lesson but totally not the point today!)… it took several pins before we started to get droplets of water. And the pins that were left in the balloon didn’t leak.
Of course, half the fun was stabbing the poor balloon until swoosh all over the sink.
In this story, your site is the balloon. It is secure. You keep it on a secure host with a secure password. But did you know that plugins are little pins in your balloon?[clickToTweet tweet=”Did you know that plugins are to #wordpress what pins are to balloons? ” quote=”Did you know that plugins are to #wordpress what pins are to balloons? “]
Your site is made to accept plugins but notice one important thing: plugins are code. Code added to your site, from an unknown source is dangerous.
But WordPress.org has a simple vetting process. Most plugins, but not all, in the repository are safe to use. We even have our own plugin in the repository.
But when you remove the plugin, does it remove itself gracefully? The thing is, as a regular user you will never know if there are leftover unused tables in the database. You won’t know if there are orphan bits of code floating through your site. Those bits are dangerous.
Another striking parallel with the pins in the story and plugins: the more you use the more likely for conflicts. I recommend my clients narrow their plugin use to 15 maximum. (See below for tips)
For every plugin you install, you are opening the door to the
Once inside your website, plugins have the power to add the needed function or destroy the entire thing. What that plugin will do, depends on the source.
Below we’ll talk about how to pick plugins that are safe. For now, choose wisely for security’s sake.
One of the biggest complaints that we get are slow sites. The fix almost every time is removing plugins. You can prevent those maintenance fees and headaches, if you’d be judicious in your use of plugins.
When getting a new theme, it’s especially important to inquire about your designer’s use of plugins. Be wary if they use plugins at all (with the exception of shops, directories or extra functions outside of the norm). The only time a plugin should be used in designing a site is when your site requires a function that is theme-independent.
TIP[info_box type=”note_box”]When installing a new plugin, take a speed test before and after installation. It will tell you how the load time was impacted.[/info_box]
Now, I know you are going to use a plugin. We all do; the functions are limitless and wonderful, blah blah blah. So here’s what you need to know.
These are the cases, and the only cases, in which I recommend the use of a plugin.
FYI – in our All in One package, we will only install 7 – 10 plugins and they cover all the needs of every single website that we’ve ever installed. A ton of plugins are simply not necessary.
So you’ve decided to install a plugin. You know you need it, and you’re aware of the risks. Let’s review your plugin for safety and then you’re good to go.
Come back the rest of the week, and especially Friday to get your downloadable worksheet with all five assignments summarized for you!
All of this and more is covered in the free Essential Website Audit checklist below.