WordPress website security is a concern and plugins are one of the biggest risk factors. As WordPress developers, we often get asked if WordPress plugins are dangerous. The answer is yes, WordPress plugins can cause a lot of problems:
- They can slow down your website.
- They can create difficult to find conflicting behaviour with other plugins.
- They can go out of date.
- They can contain viruses.
That being said, plugins are essential to WordPress development, the entire platform is predicated on their use. Bearing that in mind, here's how we minimise plugin issues:
- Where possible, pay for a plugin over using a free one. Paid for plugins are far more likely to be updated so when you upgrade your WordPress website, an update for the plugin will be available.
- Where possible, buy plugins from a single source. For instance, when using WooCommerce, only use plugins in the WooCommerce family produced by WooCommerce.
- Update your WordPress website and all its plugins quarterly.
- If you insist on using free plugins, make sure they are the leading plugins in their field and have high ratings.
- Where possible, code plugin behaviour from scratch rather than using a plugin. Eventually a website with a large number of even paid for plugins will start to slow down.
- Never install plugins flippantly just to see what they do, too many plugins slow down WordPress websites. Only install plugins that have critically important features.