One of the best things about WordPress is its ability to easily create new functionality on your website by installing plugins. Plugins have been around since WordPress version 1.2 which arrived in 2004. Today choosing the right WordPress plugins is hard, especially when you have more than 55,000 plugins to choose from!
But not every plugin is equal. For any given category of plugin, there can be a wide range in terms of quality. For example, a plugin that hasn’t been updated can break your site or expose it to hackers. Let’s look at some of the obvious and less obvious ways to go about choosing the best WordPress plugins.
Note what features you need
It’s a good idea to create a comparison matrix when evaluating different plugins. This becomes more important if the plugin is handling complex functionality like a WordPress membership plugin, but it’s a good practice for any plugin research. Use a spreadsheet (Google sheets works great for this) listing out the following in columns:
- each of your must-have features,
- setup fees,
- costs of any add-ons or needed integrations
- support options (and cost),
- review ratings, and
- nice-to-have features.
Enter the names of the plugins you’re considering in rows and make notes in each column as you do research. It’s important to note the total cost of ownership as plugins have wildly different pricing structures. For example, some plugins may charge a very low monthly fee, but if your organization requires an integration that costs $500 to access, that changes the equation.
Do you want a paid vs. free WordPress plugin?
It’s always nice to get something for free, but the adage, “You get what you pay for,” is often correct. Free plugins are much less likely to offer support or respond to your questions in a timely manner. Free plugin developers also have less incentive to spend time and attention to keep the plugin secure and current.
You’ll have the most questions when you are in the process of installing and configuring a plugin. Having support through this process to answer questions or troubleshoot problems will save you time. If you charge an hourly rate, a paid plugin with support could be more cost effective and less frustrating. Of course there are WordPress tutorials, but typically with a free plugin you have to figure out all the answers yourself. Look at the tasks that the plugin is handling. The more complicated they are, the more likely a paid plugin is going to be the right answer.
Regulatory compliance, maintenance and security
With any plugin, consider what responsibility your organization is shouldering for compliance in regards to:
- security and privacy regulations such GDPR, PCI and new laws that emerge,
- data backups, and
- security/data breaches that can occur on your WordPress server.
These responsibilities can have financial and legal consequences that greatly outweigh the savings of selecting a free plugin that may do little to shield you from these risks.
Is it really free?
Sometimes a free plugin isn’t actually free; software development has a cost. Investigate to see if the author of a free plugin is monetizing the plugin by charging for support, inserting hidden advertising/tracking code, collecting data, or something else. If the plugin creator offers a “pro” version at a price, that’s usually a legitimate business model. However, a free plugin with no monetization opportunities for the developer should lead you to do further research. Unfortunately we’ve seen a rise in the creation of free plugins and themes that are actually malware. Typically the goal of these malware plugins/themes is to:
- Generate backlinks from content on your site to point back to a site they control (for SEO reasons)
- Add in advertising
- Redirect your website to another site
- Create a backdoor to your site where they can take control or access data later
Note star ratings and reviews
If you have used a search engine and landed directly on a plugin developer’s website, you might not see their official WordPress plugin reviews. In that case, go to the WordPress plugin repository to search for the same plugin there. (Note that if a plugin is not listed in the repository, that is a red flag as to its intentions.) Each plugin has a page on the repository where you can read their reviews. Ratings are a clear indicator of a plugin’s worth, but it’s not a 100% guarantee of quality. Tips:
- Look for plugins with four to five star ratings, but also note the quantity of reviews. A plugin with 20 four-star ratings is more tested and proven than one with just two five-star ratings (which may be given by the plugin author’s friends for all you know).
- Read a number of reviews to be sure the plugin will meet your needs and doesn’t have a glaring flaw that is commonly mentioned within the review comments.
- Look to see if the plugin author is responding to the questions. A lack of responses or slow responses can be a red flag in terms of the quality of the plugin. You want to know that the plugin’s creator actually supports and maintains it.
See how recently was the plugin updated
Because WordPress is open source software, sites with WordPress and plugins are more likely to become the target of hackers than closed source software. Plugins that do not update to keep up with vulnerabilities put your site at risk. Just as you should stay on top of WordPress and plugin updates on your own site, plugin authors should remain vigilant in making sure new threats that may impact their plugin users are quickly addressed with a new version release if it is called for.
If you look in the right column of a plugin’s page in the WordPress repository, you’ll see the Last Updated information for the plugin in question. A plugin that is more recently updated shows that its creators are taking care of maintenance and upgrades. If a plugin hasn’t been updated much to keep up with updates to WordPress itself, the WordPress plugin repository will display a warning message. In the interest of safety and maintenance, plugins that are not keeping up with updates eventually get excluded from the WordPress plugin repository’s search results. This is why a favorite plugin from another WordPress site you have access to may no longer be listed in the repository.
Is it compatible with your site’s version of WordPress?
There are two pieces of information to look for in the repository to examine compatibility: WordPress Version and Tested up to. Best practice dictates not installing a plugin that requires a higher version of WordPress than you are using. In that case, you can update your site to align with the required version of WordPress. It’s a good idea to back up your site before upgrading WordPress or before installing or updating any plugin. If you skip performing a backup and end up with a plugin conflict or the dreaded white screen of death, it may be hard to quickly get your site back up.
In regards to the Tested up to version number, it’s not always critical that the plugin you are looking at is tested up to the very latest version of WordPress, but it is a good indicator of the developer’s attentiveness to the plugin’s maintenance.
Standard paid plugins vs. SaaS plugins
What’s a SaaS?
SaaS (Software as a Service) plugins are plugins that interface your website with a SaaS such as Google Maps, MailChimp or MembershipWorks. The SaaS’s software service does not actually run on your WordPress server; the plugin just provides a simple way to integrate that service on your website. Typically with a SaaS no processing is done on and no data is actually stored on your WordPress server; it’s cloud based. Fees are typically charged on an ongoing monthly or annual basis.
Standard paid plugins
Many paid plugins are standard WordPress plugins where the software runs on and the data is stored on your WordPress server. The plugin author chooses to monetize the plugin, either with a one time fee or by licensing the software for a specific period of time.
Is a cloud-based plugin better?
Using a cloud-based plugin for WordPress can give you peace of mind not only on the support and training front, but also in terms of data storage security and application stability. If you are looking to add mission-critical functionality to a site — such as online event registration — that must work consistently on an ongoing basis, a SaaS plugin is the way to go. Given that hackers and scammers are looking for people’s data, protecting information such as member data is also more important than ever. In relying on a SaaS to host something like a membership database through a WordPress membership plugin, you are reducing security risks, compliance, liability and responsibility. SaaS developers stay on top of these issues so you as a developer, designer or builder can move on from a given website’s maintenance and security responsibilities after it is built. In this case, maintenance and security efforts are shared across all SaaS customers. The cost of remaining legally compliant for data privacy is also shared among many.
Number of downloads — does it matter?
WordPress itself has been downloaded more than 30 million times (and counting!). While some may think that number of downloads a plugin has is an easy way to determine its value, that number can be misleading because:
- Older plugins have more downloads. Older doesn’t always equal better. For example, a new plugin might have a more modern interface and be more user friendly.
- Paid and SaaS plugins have less downloads than free plugins (although some SaaS plugins do have a free version).
- Plugins with a lot of release updates have more downloads than plugins with less updates. Fewer updates are common with SaaS plugins.
Is support or training provided?
The ecosystem of plugin developers has evolved beyond simply providing functionality to now offering complete software solutions. The SaaS or cloud business model reflects this change and represents a growing category of plugins. This is good news for developers and designers who are searching for the right plugin for their client’s website; ongoing support and maintenance are traditionally part of this model. Support may be available by email, a support forum, phone calls or chats. When you are building a WordPress website, would you rather install a plugin that the developer supports on an ongoing basis (and your client pays for) or one that may break, leaving you to hire help or troubleshoot code and settings you haven’t looked at in a while?
Support is critical for robust plugins, so consider the complexity of the functionality when considering if you need the plugin to offer support or training. Training is a rarity in terms of services a plugin creator might offer unless they are a SaaS company. Even if you are a developer, consider whether or not you want to offer training or perhaps allow your client to take training directly from the company. If you can get out of the training and support loop, you’ll have more time to spend working on building new WordPress websites and less time explaining.