A Foolproof Guide to Installing Safe and Trusted WordPress Plugins

The beauty of WordPress lies in the fact that you can extend its features and add additional functionality to it within minutes with the help of plugins. While WordPress is a capable CMS in its own right and it can be used to power virtually any genre of website, if you ever need something extra, say a contact form or a slider on your homepage, or even a newsletter signup widget, you can turn to plugins and set it all up within minutes.

The official WordPress repository currently has over 42,000 plugins, and this number is rising as we speak. Not to mention, in addition to these free plugins, you can also opt for premium or paid plugins that can be purchased by marketplaces such as CodeCanyon or directly from developers.

Amidst such a populated and crowded universe, how do you pick the right plugin for the job? More importantly, how do you ensure that the plugin you choose is safe and trustworthy enough and will not compromise or break your website? In this article, I will be answering these questions.

Guide to Installing Safe and Trusted WordPress Plugins

The Importance of Making Sure Your Plugins are Safe

So why should you bother about safe and trusted plugins anyway? Well, there are two reasons for this: firstly, a poorly-coded or ill-maintained plugin might be an open invitation for malicious activity on your website. Outdated or obsolete code in your plugins can be used by hackers to gain access to your site, and as such, relying on trusted and safe plugins is very important.

Secondly, each plugin consumes a part of your server’s memory, and therefore, it is a good idea to opt for the better plugins, so they do not arbitrarily waste server resources. In other words, a bad plugin might have functions and methods that will consume more resources and affect the functionality of your website, and even slow it down for your visitors.

But then, you can easily pick a plugin from the WordPress repository and be assured that it’s safe and perfect for your site? Well, it is indeed true that plugins and themes undergo some testing before they are added to the official repositories, especially in terms of coding standards. However, if a plugin has not been maintained in a long time, you might risk your website’s safety, even if you chose the said plugin from the official repo.

So, how do you avoid the bad apples here?

Statistics

When looking for a plugin the WordPress repository, do not just read the description and view the screenshots. Instead, also consider giving the “Stats” tab a look. This tab mentions the active versions and total download counts for a given plugin. Now, the more popular a plugin is, the more successful it becomes, and it goes without saying that a million users will not count on a horrible plugin. So if the plugin in question has active usage on different WordPress websites, it has a better chance of being a good candidate for your website, when compared to a similar plugin with lesser usage.

Of course, download counts are also dependent on a plugin’s age, and a below par plugin that is 4-years old might have more active downloads than an above par plugin that is just a year old. In such cases, consider looking to the sidebar on the plugin’s description page: look for the ratings and support sections.

Now, the Ratings on WordPress.org are not loved by everyone in the community, as two good ratings can lead to an overall 5-star rank for a plugin, whereas 10 bad ratings can bring down a plugin’s rank to 3-star, even if the said plugin has had 20+ 5-star ratings. That said, the Support section offers very useful numbers: check out the number of support threads, and how actively the developer(s) is/are responding to support requests. This will tell you whether or not a plugin is being actively maintained, and you can then make a better and more informed choice.

Follow the Crowd

In the world of WordPress plugins it might be a good idea not to reinvent the wheel, and follow the majority opinion.

When browsing through the plugin repository, go through the Featured and Popular tabs. These tabs mention the best plugins in their respective categories, generally those with millions of active downloads. Naturally, if you are comparing plugin A that can cache your site and has 10,000 users, and plugin B that can cache your site and has 2 million users, it might be wiser to give plugin B a spin first, simply because it has wider usage and is thus more likely to be actively maintained and easier to use.

The Featured and Popular tabs are especially useful if you are looking for plugins for a specific task, but do not know which plugin to choose. This is not a rule of the thumb, and a lesser popular plugin can also be a viable choice, but in general, sticking to the popular and bigger plugins will help you avoid security issues that might arise later on.

Premium Plugins

The logic behind premium plugins is the same as free ones: you should opt for ones that are highly popular, and have good reviews and an active support desks. Almost all major plugin marketplaces offer such statistics that you can check before purchasing a given plugin.

You must note, however, that certain free plugins such as WooCommerce tend to have premium addons that may or may not be actively supported by the parent plugin. For instance, a third party addon for WooCommerce will be supported by the developers of the addon, and not by WooCommerce. In such cases, it is even more important for you to check the quality of not just the parent plugin, but also the addon.

Conclusion

As a backup strategy, consider relying on plugins that offer an export or import option for you. For example, if your SEO plugin allows you to export your SEO metadata, so that you can import it on another plugin, it will be beneficial for you if you ever wish to change the plugins or the plugin you are using falls out of development.

You might also wish to run a security scan on your plugin files, possibly by means of a security plugin such as Wordfence Security. You can then be notified of any changes in your plugin files, and also keep track of plugin updates and patches.

What would your advice be for selecting a safe and trusted WordPress plugin? Share your views in the comments below!