No two WordPress plugins are created equal. Some can make your site downright awesome.
Others can make all your hard work come crashing down, either through shoddy or malicious code.
Here’s how to tell the difference between the good plugins and the ones that you should avoid downloading.
You have chosen a company to host your website and decided on a text as well as basic design.
The next step any entrepreneur wants to dive into is to start downloading some cool and functional WordPress plugins to enhance your site and user experience.
WordPress’s open-source nature is simultaneously the best and worst thing about it.
Best because it has one of the most active, vibrant, and creative development communities on the web.
Worst because in spite of all that creativity, there are also a ton of bad eggs who – either through well-meaning ignorance or straight-up malice – release plugins to avoid instead of great plugins.
Sometimes, it can be hard to tell the difference.
At least, it can if you don’t know what to look for.
Every bad plugin ever developed shares certain things in common.
Knowing how to recognize these red flags can help you avoid downloading a bad WordPress plugin and to exclusively install only the ones that’ll make your website shine.
Eight Big Signs You Should Avoid Downloading a WordPress Plugin
Nobody Seems To Be Downloading It
The first thing you should look at before you download a new plugin is to look at the plugin’s number of active downloads.
Does there seem to be a fairly extensive user-base?
Are there lots of active conversations in the support forum?
What are the total sales statistics – how many people are actually using it?
While a lack of active installations could indicate that the plugin is still fairly new to the marketplace (or just poorly marketed), a low download count (or a total lack of download stats on the plugin’s repository) should make you wary.
There’s probably a reason no one is using it.
Check the documentation, too. Apps with a developer that cares about their product generally have fairly extensive documentation.
An even better sign than developer-managed documentation is an active wiki – it means people are using the app, and they like it enough to help others learn how to use it.
This is step one to avoid downloading a bad WordPress Plugin.
The Reviews…Aren’t Great
Next up, look at what people are saying about it.
- What sort of reviews does a Google search turn up?
- How many stars does it have on the store?
- How many positive vs. negative reviews are there?
- Are there screenshots of the plugin in action?
Don’t just look at the rating, either.
Look at the review content, as well.
Do the reviews read like they were written by actual human beings, or is there something…odd about them?
There are plenty of unscrupulous developers who are willing to use paid-for services (or bots) to artificially inflate their plugins or apps rating.
Here’s what to look for:
- Are all the positive reviews posted on or around the same date?
- Are there really weird, unusual language choices in the reviews?
- Look at the profiles of the people who reviewed the plugin – have they reviewed anything else?
- Again, look at other sources such as Google.
YouTube also has plenty of tutorials of WordPress developers doing screencasts of using the actual plugins.
Watch these screencasts to ensure that the plugin is user-friendly and valuable to your website.
If you find great plugins, you, too, can make some helpful video tutorials to help others in the WordPress community make smart choices about which plugins to download.Join the conversation - 8 BIG signs you should avoid downloading a plugin!Click To Tweet
There’s Something Off About The Plugin’s Repository
Don’t trust anything from spammy websites laden with obviously-fake reviews or poorly-placed banner ads.
Ditto for sites that seem to load unusually slow or sites that promise premium plugins for ‘free.’
These repositories are set up with the sole purpose of causing WordPress security threats and infecting websites
In addition, many of these fake plugins can collect valuable information about your website such as the current WordPress version, plugins installed on the website, the site’s admin users, name of logged-in users, their passwords, as well as IP addresses.
As you can see, these fake plugins could undo years of great work on your website in a single download and expose your site as well as the people who work on your site to a myriad of security breaches.
The Developer Has A Bad Reputation
Don’t just do a Google search on a plugin before you install it.
Do a quick lookup of the developer’s name or handle.
People with a history of publishing poor-quality, spammy, or malicious plugins usually tend to attract negative attention pretty quick.
A developer’s LinkedIn profile can also reveal some clues surrounding their credibility.
A well-respected developer will have plenty of connections, endorsements, and recommendations.
They also will have other noteworthy accomplishments that can be found with a quick search such as interviews, speaking engagements, and awards.
This is something you should do even if a plugin looks reputable – you never know what sort of skeletons or phenomenal success stories are in a developer’s closet until you go digging.
It’s Horribly Outdated
Generally speaking, a good plugin is one that’s regularly updated – avoid any add-ons that haven’t been touched in months.
That’s a sign that the plugin has either been abandoned or that the developer doesn’t really care about keeping it current.
It also means your plugin is likely laden with easily-exploitable security vulnerabilities.
Even if a plugin is compatible, that doesn’t mean it’s up to date.
Make sure that it’s been properly tested with the last three major releases of WordPress.
In the same vein, if you deactivate a current plugin on your site because it has not been updated in quite a while, you must remove the plugin.
Another tip is to see how often the plugin is updated.
More regular updates show that the developer is responsive to user feedback and current on their understanding of WordPress as well as security.
It is safe to say that any plugin that has not been updated in the last year can be deleted.
Otherwise, you’re potentially opening the door to all kinds of security threats.
It Takes Up A Massive Amount of Space
Most plugins should be pretty lightweight.
After all, your site probably has a laundry list of different add-ons that it uses to function.
If even one of those addons is a behemoth, it could cause your entire site’s performance to drag.
With site speed optimization such an important ranking factor for SEO, you cannot afford to compromise your website’s speed for the sake of a giant-sized WordPress plugin.
A plugin should have no issues skirting in under the 2MB default limit for some PHP installations.
If it’s any larger than that, you should take a step back and ask yourself why.
It could be that it’s terribly optimized – or it could be that the developer is sneaking in a nasty surprise or two alongside the plugin.
The Code is Suspicious
Make sure you check the WPScan Vulnerability Database to see if your plugin pops up, and do a full security scan both before and after you install.
Even plugins that don’t throw up a bunch of red flags can put your site at risk if they aren’t coded well.
Ideally, what I’d advise is taking a look at the code yourself – even if it doesn’t trigger any vulnerability or malware scanners.
If the code looks well-written and organized, you’re in the clear. If it looks like it was written by a beginner, proceed with caution.
There’s a very good chance it contains a ton of newbie mistakes, and you probably don’t have the time to fix all of them yourself.
Your Web Host Disallows It – For Very Good Reason
Last but certainly not least, check your website host’s plugin blacklist.
Most hosts maintain one, and they’ll usually give you a decent explanation of how each plugin made its way onto it.
Now, it’s important to note that just because a plugin is disallowed, doesn’t mean it’s bad – it might just overlap with something the host offers on their own.
Of course, more often it’s to do with known security issues.
Eight Big Signs You Should Avoid Downloading a WordPress Plugin – Know The Signs
There are plenty of talented developers in the WordPress community, and they’ve coded tons of amazing plugins.
But there are plenty of bad apples, too.
Fortunately, it’s not hard to see the difference between the two.
That said, as a general precaution, always backup your site before you download any plugin.
Even if you think it is top-notch.
It’s also a good idea to download one plugin at a time and test it out.
It is generally not the number of plugins that causes issues; however, it is the quality of the plugins that you use on your site.
Now you know what to look for.
Enjoy creating and updating great websites!
That’s all for now!
So have you had any bad experiences downloading a plugin?
Let us know in the comments section, make sure that you subscribe to the comments so that you are notified of our reply
Latest posts by Max Emelianov (see all)
- Signs You Should Avoid Downloading a WordPress Plugin - October 24, 2018