» » Signs You Should Avoid Downloading a WordPress Plugin

Signs You Should Avoid Downloading a WordPress Plugin

posted in: Blogging | 14

No two WordPress plugins are created equal. Some can make your site downright awesome.

Others can make all your hard work come crashing down, either through shoddy or malicious code.

Here’s how to tell the difference between the good plugins and the ones that you should avoid downloading.

You have chosen a company to host your website and decided on a text as well as basic design.

The next step any entrepreneur wants to dive into is to start downloading some cool and functional WordPress plugins to enhance your site and user experience.

WordPress’s open-source nature is simultaneously the best and worst thing about it.

Best because it has one of the most active, vibrant, and creative development communities on the web.

Worst because in spite of all that creativity, there are also a ton of bad eggs who – either through well-meaning ignorance or straight-up malice – release plugins to avoid instead of great plugins.

Sometimes, it can be hard to tell the difference.

At least, it can if you don’t know what to look for.

Every bad plugin ever developed shares certain things in common.

Knowing how to recognize these red flags can help you avoid downloading a bad WordPress plugin and to exclusively install only the ones that’ll make your website shine.

8 Big Signs You Should Avoid Downloading a WordPress Plugin

Eight Big Signs You Should Avoid Downloading a WordPress Plugin

Nobody Seems To Be Downloading It

The first thing you should look at before you download a new plugin is to look at the plugin’s number of active downloads.

Does there seem to be a fairly extensive user-base?

Are there lots of active conversations in the support forum?

What are the total sales statistics – how many people are actually using it?

While a lack of active installations could indicate that the plugin is still fairly new to the marketplace (or just poorly marketed), a low download count (or a total lack of download stats on the plugin’s repository) should make you wary.

There’s probably a reason no one is using it.

Check the documentation, too. Apps with a developer that cares about their product generally have fairly extensive documentation.

An even better sign than developer-managed documentation is an active wiki – it means people are using the app, and they like it enough to help others learn how to use it. 

This is step one to avoid downloading a bad WordPress Plugin.

 

The Reviews…Aren’t Great

Next up, look at what people are saying about it.

  • What sort of reviews does a Google search turn up?
  • How many stars does it have on the store?
  • How many positive vs. negative reviews are there?
  • Are there screenshots of the plugin in action?

Don’t just look at the rating, either.

Look at the review content, as well.

Do the reviews read like they were written by actual human beings, or is there something…odd about them?

There are plenty of unscrupulous developers who are willing to use paid-for services (or bots) to artificially inflate their plugins or apps rating.

Here’s what to look for:

  • Are all the positive reviews posted on or around the same date?
  • Are there really weird, unusual language choices in the reviews?
  • Look at the profiles of the people who reviewed the plugin – have they reviewed anything else?
  • Again, look at other sources such as Google.

 

YouTube also has plenty of tutorials of WordPress developers doing screencasts of using the actual plugins.

Watch these screencasts to ensure that the plugin is user-friendly and valuable to your website.

If you find great plugins, you, too, can make some helpful video tutorials to help others in the WordPress community make smart choices about which plugins to download.

Join the conversation - 8 BIG signs you should avoid downloading a plugin!Click To Tweet

 

There’s Something Off About The Plugin’s Repository

Assuming you aren’t downloading straight from WordPress’s own repository or another reputable source like CodeCanyon or WPMU DEV, pay careful attention to where you are downloading from.

Don’t trust anything from spammy websites laden with obviously-fake reviews or poorly-placed banner ads.

Ditto for sites that seem to load unusually slow or sites that promise premium plugins for ‘free.’

These repositories are set up with the sole purpose of causing WordPress security threats and infecting websites

In addition, many of these fake plugins can collect valuable information about your website such as the current WordPress version, plugins installed on the website, the site’s admin users, name of logged-in users, their passwords, as well as IP addresses.

As you can see, these fake plugins could undo years of great work on your website in a single download and expose your site as well as the people who work on your site to a myriad of security breaches.

 

The Developer Has A Bad Reputation

Don’t just do a Google search on a plugin before you install it.

Do a quick lookup of the developer’s name or handle.

People with a history of publishing poor-quality, spammy, or malicious plugins usually tend to attract negative attention pretty quick.

A developer’s LinkedIn profile can also reveal some clues surrounding their credibility.

A well-respected developer will have plenty of connections, endorsements, and recommendations.

They also will have other noteworthy accomplishments that can be found with a quick search such as interviews, speaking engagements, and awards.

This is something you should do even if a plugin looks reputable – you never know what sort of skeletons or phenomenal success stories are in a developer’s closet until you go digging.

 

It’s Horribly Outdated

Generally speaking, a good plugin is one that’s regularly updated – avoid any add-ons that haven’t been touched in months.

That’s a sign that the plugin has either been abandoned or that the developer doesn’t really care about keeping it current.

It also means your plugin is likely laden with easily-exploitable security vulnerabilities.

Even if a plugin is compatible, that doesn’t mean it’s up to date.

Make sure that it’s been properly tested with the last three major releases of WordPress.

In the same vein, if you deactivate a current plugin on your site because it has not been updated in quite a while, you must remove the plugin.

Another tip is to see how often the plugin is updated.

More regular updates show that the developer is responsive to user feedback and current on their understanding of WordPress as well as security.

It is safe to say that any plugin that has not been updated in the last year can be deleted.

Otherwise, you’re potentially opening the door to all kinds of security threats.

 

It Takes Up A Massive Amount of Space

Most plugins should be pretty lightweight.

After all, your site probably has a laundry list of different add-ons that it uses to function.

If even one of those addons is a behemoth, it could cause your entire site’s performance to drag.

With site speed optimization such an important ranking factor for SEO, you cannot afford to compromise your website’s speed for the sake of a giant-sized WordPress plugin.

A plugin should have no issues skirting in under the 2MB default limit for some PHP installations.

If it’s any larger than that, you should take a step back and ask yourself why.

It could be that it’s terribly optimized – or it could be that the developer is sneaking in a nasty surprise or two alongside the plugin.

 

The Code is Suspicious

Make sure you check the WPScan Vulnerability Database to see if your plugin pops up, and do a full security scan both before and after you install.

Even plugins that don’t throw up a bunch of red flags can put your site at risk if they aren’t coded well.

Ideally, what I’d advise is taking a look at the code yourself – even if it doesn’t trigger any vulnerability or malware scanners.

If the code looks well-written and organized, you’re in the clear. If it looks like it was written by a beginner, proceed with caution.

There’s a very good chance it contains a ton of newbie mistakes, and you probably don’t have the time to fix all of them yourself.

 

Your Web Host Disallows It – For Very Good Reason

Last but certainly not least, check your website host’s plugin blacklist.

Most hosts maintain one,  and they’ll usually give you a decent explanation of how each plugin made its way onto it.

Now, it’s important to note that just because a plugin is disallowed, doesn’t mean it’s bad – it might just overlap with something the host offers on their own.  

Of course, more often it’s to do with known security issues.

 

8 Big Signs You Should Avoid Downloading a WordPress Plugin  - Pinterest image

Eight Big Signs You Should Avoid Downloading a WordPress Plugin – Know The Signs

There are plenty of talented developers in the WordPress community, and they’ve coded tons of amazing plugins.

But there are plenty of bad apples, too.

Fortunately, it’s not hard to see the difference between the two.

That said, as a general precaution, always backup your site before you download any plugin.

Even if you think it is top-notch.

It’s also a good idea to download one plugin at a time and test it out.

It is generally not the number of plugins that causes issues; however, it is the quality of the plugins that you use on your site.

Now you know what to look for.

Enjoy creating and updating great websites!

 

That’s all for now!

So have you had any bad experiences downloading a plugin?

Let us know in the comments section, make sure that you subscribe to the comments so that you are notified of our reply

Regards

MAX

 

Related Articles

WordPress Mistakes To Avoid in 2018 And 5 Must Have Plugins

GDPR and SEO – What does GDPR mean for SEO?

 

Max Emelianov

Max Emelianov started HostForWeb in 2001. In his role as HostForWeb’s CEO, he focuses on teamwork and providing the best support for his customers while delivering cutting-edge web hosting services.
 

Latest posts by Max Emelianov (see all)

Summary
 8 Big Signs You Should Avoid Downloading a WordPress Plugin.
Article Name
8 Big Signs You Should Avoid Downloading a WordPress Plugin.
Description
Plugins can add great functionality to your sites. Some can pose security threats. Here are 8 Big Signs You Should Avoid Downloading a WordPress Plugin.
Author
Publisher Name
Infobunny
Publisher Logo
Follow Max Emelianov:
Max Emelianov started HostForWeb in 2001. In his role as HostForWeb’s CEO, he focuses on teamwork and providing the best support for his customers while delivering cutting-edge web hosting services.  

14 Responses

  1. Moss Clement
    | Reply

    Hi Max,
    You nailed it right where you should. It is common knowledge to at least read reviews of other about a plugin or any app you want to download before making the decision to download it. That’s what I do always, I checkout reviews, what others are saying about the product and if there more negatives than positives, I give up.
    Moss Clement recently posted…The 10 Types of Blog Posts That Drives Massive trafficMy Profile

  2. Nisha Patel
    | Reply

    Hi,
    That’s a very great post. The Article is Awesome to read.
    Thanks for sharing with us your Post.

  3. Winnipeg web developer
    | Reply

    A lot of things to learn when reading your post. Really amazing.
    Winnipeg web developer recently posted…Top 6 Branding Trends in 2018My Profile

  4. mohdjabir
    | Reply

    I am interested on this post and provide word press plugin information on different different way.thank you so much share with us
    mohdjabir recently posted…How to manage your Facebook notificationsMy Profile

  5. Rachel Geller
    | Reply

    I enjoyed reading this. Very informative and helpful.

  6. Gaurav Kumar
    | Reply

    It is always a wise decision to check the reputation of the developer and the plugin before you download it. Glad you have shared this.
    Gaurav Kumar recently posted…20 Killer Ways to Get More YouTube Subscribers in 2018My Profile

  7. Sathish Arumugam
    | Reply

    The main powering to the WordPress website is all about adding the functionalities, WordPress website mainly relies on a lot of plugins that individually add specific power packed features to the site architecture. There are a lot of chances too to that these plugins are malicious and it may infect the site database and files. WordPress plugin can be amazing and with the growth of the community, the number of theme and plugin developer has also grown exponentially. The only way to stay out is the stay updated with the latest security updates and follow the warning signs so that we don’t fall to the malicious plugin.
    Sathish Arumugam recently posted…Best High DA Dofollow Web 2.0 Sites List 2018 – {Top Authority}My Profile

  8. Sathish Arumugam
    | Reply

    The main powering to the WordPress website is all about adding the functionalities, WordPress website mainly relies on a lot of plugins that individually add specific power packed features to the site architecture. There are a lot of chances too to that these plugins are malicious and it may infect the site database and files. WordPress plugin can be amazing and with the growth of the community, the number of theme and plugin developer has also grown exponentially. The only way to stay out is the stay updated with the latest security updates and follow the warning signs so that we don’t fall to the malicious plugin..
    Sathish Arumugam recently posted…Best High DA Dofollow Web 2.0 Sites List 2018 – {Top Authority}My Profile

  9. Er.Alam porle
    | Reply

    Nice post, keep it up.

  10. Marwix Upwarham
    | Reply

    Thank you for the great work and sharing this post from you. very detailed and informative. impressive!

  11. vivek
    | Reply

    I like to Read your Posts,
    Thanks for sharing
    vivek recently posted…Wonder Chef : how Sanjeev Kapoor Built an business EmpireMy Profile

Leave a Reply

You have to agree to the comment policy.

CommentLuv badge

This site uses Akismet to reduce spam. Learn how your comment data is processed.