If you don’t like some of the plugins I recommend, or need a function I haven’t discussed, search the plugin catalog yourself.
Tips for finding and evaluating plugins:
- Search for articles listing the “fifteen best” plugins for a particular feature. Reading these reviews will often let you eliminate some that don’t have what you want, or only have needed features in their paid versions.
- When you search for plugins in the “New Plugin” screen of your dashboard, read the description and look at screenshots, looking for the ways in which the plugin can be customized with options.
- Avoid anything that mentions PHP or using the editor, since you’d have to edit program code to customize it.
- I tend to first try plugins whose descriptions include screenshots. If the developers skipped the minimal work to show what you’ll be getting, chances are they haven’t put a lot of effort into quality and security, either.
- How recently was it updated? I like to know it’s being maintained, so if a WordPress update breaks it, or someone finds a security issue, it’s likely to get fixed.
- Check the number of reviews and the number of stars. Negative reviews are often most useful, because they tell what important stuff the developers left out, and whether the bad reviews are all recent, suggesting the new version is no good.
- Especially check reviews for people saying the free version is just a demo or that it’s useless unless you upgrade.
- Read the plugin’s privacy policy. After activating a new plugin, use webbkoll.dataskydd.net to scan your site for any new privacy issues. It’s not polite to give away tracking data on your visitors.
Security considerations:
- Plugins from (semi)official sources, like the WordPress organization, WPMU Dev, and Automattic, are very secure.
- Avoid plugins that are brand new or have only been installed by a few other people. Nonexperts don’t need to be on the bleeding edge.
- When was the plugin last updated? This is a good indication of whether it’s still actively maintained, so if a security problem is reported, something will be done about it. Some plugins are simple and don’t need much maintenance, but they’re still expected to be updated periodically to show they’ve been tested and still work with recent WordPress versions.
- Is it doing something complicated? The more functions something has, the more potential there is for a developer to have left security holes. The social media links plugins, which only need to generate a little HTML, are pretty safe. The book list plugins, which have special page types and URL arguments and options to fetch various data, are at higher risk (by the way, there have never been issues reported for the ones I reviewed in this book).
- Turn on automatic updates for all plugins (and all themes). If you keep the code up to date with developers’ security patches, it’ll generally be secure and you don’t have to do any work to keep it that way.
Performance considerations:
- Loading up your site with unnecessary plugins can slow it down. Every time someone requests a page from your server, the server potentially has to execute code from every plugin. Deactivate things you aren’t using.
- A deactivated plugin doesn’t affect performance.
- You get better performance with multiple small, simple plugins as opposed to monsters with tons of options you don’t need. If you have to choose between a few small plugins and a single huge plugin with those same functions plus lots of other stuff, choose the former.
If you see something you like on another WordPress website, try to identify it with the website scanwp.net.
If that doesn’t work, right-click that part of the page and use the “Inspect element” function in your browser. This is like the View Source function of the browser, except it takes you right to that point on the page, so you don’t have to search.
That’s far from 100 percent — it just might give a clue based on comments or CSS class names. The HTML code associated with a plugin often isn’t all in one place, but might include code or links near the top of the HTML.