Among designers and developers there is a war waging – to use plugins or not to use plugins. Herein is the argument against. We argue against using them in every situation – any and every situation – unless you can’t get around it. First let me say that we love plugins and plugin authors. Especially for smaller sites where the editors are doing all the developing and upkeep themselves, plugins can be a life saver – no coding knowledge is needed. We have a recommended list of plugins that we use in our All in One packages.
We don’t use plugins
However, I have to confess – we don’t use plugins. I consider it cheating. If you’re hiring me to write your theme, it goes without saying that I’ll create a theme that is a lean mean WordPress machine, right? It should be easy to use. It should run smoothly. It shouldn’t conflict with any plugins or content that you – as the webmaster – decide to add later. So we refrain from using plugins in our Genesis themes because:
- Plugins open the door for security holes.
- Plugins open the door for website problems (like slow loading times or plugins malfunctioning).
1. Plugins open the door for security holes
I’m not saying that all plugins are inherently a security risk. BUT, if the author doesn’t keep it well maintained then there is a high risk of it becoming a problem in the future. And frankly, plugin authors have very little incentive to spend hours and hours maintaining and supporting plugins when most are doing it in their spare time.
Love a particular plugin? Buy the author a beer!
There are donation buttons on most plugin pages. The more plugins you use, the higher the risk of one of them not being maintained. The older the plugins, the higher the risk of a security ‘hole’. Scan your site for malware here. (This is only good after you’ve been infected.)
2. Plugins open the door for website problems
Plugins are pieces of code that you add directly to your website. Its likely you do not know where that piece of code is being inserted (behind the scenes) or how it is loading into your site. Is it loading before the rest of the page? After? Does it change anything on the page that you cannot see with the naked eye? Does it change the readers experience if they’re using accessible browsers, translators or mobile devices? Plugins are powerful. They change stuff. They are code. And when you’re not a coder, you dont know what they do – but you trust its accomplishing what you like - and no more. A couple years ago, a timthumb script was commonly used in a lot of plugins to resize photographs. It was hacked and became a Trojan horse – giving hackers a back door into thousands of WordPress sites. This is one example of a plugin doing more than you want – unintentionally. And unfortunately not all plugin authors are adding malware unintentionally. Oodles of plugins add tracking and other stats to your blog. Most of it is benign – they simply want to know how many people are using and what version of WordPress you’re running. But like I tell my kids – “Most people are good guys. There’s no need to be scared. However, the problem is that we can’t tell the good guys from the bad guys.” The bottom line is please be careful!
Best Practices for Selecting Plugins
Check each and every plugin for:
- hosted at wordpress.org
- support forums (on each wordpress.org page or in the support tab of the plugin page) are regularly answered by the authors
- version of the plugin is compatible with the current version of WordPress
- there are 4+ stars
- there are tons and tons of downloads – and/or – you know the author
Always maintain your plugins. If they’re no longer upgraded and current – use a different one. Always always always keep your plugins upgraded. Have a question? Have a horror story to share? Tell me!
The post How you could be hurting your site with plugins appeared first on WordPress Barista.
View original entry