Pre-built plugins are not one-size-fits-all solutions to WordPress-related issues. Using too many plugins can bloat websites and leave exploitable holes in your website.

To avoid this and to get the best out of plugins, you need to learn how to use WordPress plugins to get the most benefit out of them.

Below, we discuss what plugins are, some of the most common plugin development mistakes and how to use them effectively and safely.

What Are WordPress Plugins?

WordPress plugins are installable apps that add features and/or functionality to a website. Some plugins can completely change how a site operates, whereas others can simply make small adjustments or can even be a way to remove features.

For example, WooCommerce provides eCommerce functionality which allows WordPress websites to trade goods and services.

Some plugins, like WooCommerce, are vast businesses in their own right, but anybody can develop a plugin and place it on the WordPress Plugin repository. Most plugins are free, but some come with a cost.

The varied nature of the WordPress plugin market leads to some creative solutions to the internet’s biggest problems, but it’s a double-edged sword.

A varied market of developers means users need to know how to use plugins properly, especially when it comes to security, licences and avoiding compatibility issues.

WordPress plugins that could be worth avoiding (and what to use instead)

How to Use WordPress Plugins Properly

Using WordPress plugins properly means you need to understand five key areas:

  1. How to download and install plugins
  2. The importance of security updates
  3. The impact of incompatible code
  4. The difference between premium and free plugins
  5. Reading between the lines of plugin reviews

Below, we breakdown how to understand each of these areas and their importance to your website’s security and performance.

How to Download and Install Plugins

The first step is an easy one, but getting lost in the labyrinth of the WordPress Repository is easily done.

First off, go to the WordPress plugin page and click “Add New.” There, plugins will be split up into several categories including “popular plugins”, “featured” and “beta plugins” ready for you to explore.

Plugin search in WordPress


Alternatively, an easier way to find the plugin you want is by using the search function.

GitHub is another area where plugins can be found, but do note that you’ll need to be extra careful installing plugins from here.

Broadly, we recommend the following plugins:

  • Yoast SEO
  • Contact Form 7
  • WooCommerce
  • MailChimp
  • Akismet

These plugins operate very well and are regularly updated. However, for other plugins, you’ll need to learn how to read between the lines of their reviews.

Understanding Plugin Reviews

The star rating of a plugin doesn’t tell the whole story. If you want assurance, you’re going to have to read the reviews.

Plugin reviews in WordPress

Star ratings can often be inflated, plus users can fall into the habit of rating a plugin 5 stars as default. By reading the reviews, you’re seeking to find out the following:

  • Is the plugin still supported?
  • Is it updated?
  • Does another plugin do the same job better?

If there are recent reviews praising the developer’s rapid response time or the developer is directly engaging with reviews and questions, it’s a good sign the app itself is supported.

Plugin reviews in WordPress

If a plugin has a lot of historical 5 star reviews and a bunch of recent, lower-rated reviews with no response, then it could no longer be receiving support.

Plugin reviews in WordPress

Ensure these answers come quickly and are detailed. You don’t want to download a plugin from a developer who relaxingly scrambles together answers.

At this stage, it’s worth checking if the plugin is updated regularly in line with core WordPress software changes. You can check if it’s well updated by a developer in the WordPress Repository in the sidebar on the right hand side.

Checking latest updates to WordPress plugins

In addition, the following message will appear before installation if it is out of date:
“This plugin hasn’t been tested with the latest ‘x’ major releases of WordPress…”

If this message pops up, it means the plugin could become an avenue for attackers to exploit your site in future. If you see that message, it’s time to do a 180.

When you’re looking for a plugin, you need to ensure it does the exact job you need it to. The more specific a plugin is, the better; you don’t need one that performs redundant extras.

Finally, if it’s a premium plugin, check to see if there is a free alternative and how the functionality stacks up. Often the key features you require are found in the free versions, with specific use cases reserved for premium upgrades. Of course, there’s no harm in using them if you need them and it’s good to support the developers creating these plugins for us.

The Importance of Updates

Updates are essential – they’re not a question of “if you feel like seeing the latest features,” they are the foundation of keeping WordPress watertight.

As a user, it is your responsibility to update plugins once a developer has performed a new release. The same is relevant for core WordPress software updates.

Of course, you can get busy and forget, but it’s important to get in a routine of updating plugins to keep your site secure. Alternatively, WordPress agencies can update your website for you as part of a maintenance service and usually this offers a lot more coverage than the average user updating their own site.

Deactivated plugins can still be avenues for hackers to exploit, so ensure you completely uninstall these or continue to update them in deactivation if you feel you really need them.

Notice the Code

You don’t need a degree in Computer Science to double-check plugin code. While this may seem like a step too far, you just need to check for two key things:

  • Is the plugin using the up-to-date PHP language?
  • Are there any language clashes across plugins?

If an installed plugin uses an older version of PHP, it’s going to cause issues from both a UX and security perspective.
We often see websites that run duplicate or multiple plugins that have incompatible languages. Sticking to one plugin for one job is the best bet, as duplication can cause a multitude of errors in the background.

Coding language incompatibly is huge too. What starts off as a small problem can snowball – it causes a big knock-on effect, eventually leading to websites that appear completely broken or function slowly.

This is where hiring a professional agency helps. We can analyse issues with plugins, and write custom code for bespoke needs.

It’s tempting to reach for an ill-fitting, mass-market plugin to solve a problem, but in niche scenarios, it’s better to have custom code.

You may be tempted to modify the code of a plugin, but this is very negative for websites, so hiring a professional to write a solution specifically for your need is better.

How Many Plugins Should You Use?

When it comes to expanding the functionality and features of your WordPress site, it can be really tempting to add more plugins that get the job done. However, where plugins are concerned, less is always more.

Wait, what? How does that work? Well the less plugins you add to your site, the higher performing your site is likely to be when it comes to speed and the more secure it’s also likely to be.

Every plugin you add, especially if you’re unsure about the plugin author or its code, is another opportunity for your site to become slow or open up a vulnerability for hackers to exploit. This is the main reason we choose our plugins carefully and strongly suggest that you do the same.

If you need a good example of when to use plugins only when necessary, let’s take Google Analytics for example. There are multiple plugin options available to integrate Analytics with your site, but one simple line of code in your core site files will do exactly the same job but will be more secure and less resource intensive.

For more reading on choosing the best plugins and keeping them secure, see our insight article: WordPress plugins that could be worth avoiding (and what to use instead).

The Benefits of Trusting a WordPress Agency

Hiring a professional WordPress agency means we can ensure there will be the fewest number of issues with plugin installation. If you’re left unsure about which plugins to trust and which to avoid, that’s where our industry knowledge can help. Or, a custom-coded solution may be the best avenue for what you’d like to achieve. It can mean the difference between an efficient website and one held behind with too much baggage.

Likewise if you’re in the market for developing your very own plugin to reach the world’s largest community of content management users, then we can help make this a reality with our plugin development services. Give us a shout today, we’re here to help!