Here at Duckpin, we’re big advocates of the WordPress CMS and use it for many of our web projects. It’s open source, flexible, widely known and accepted, client-friendly-ish, and after building custom WordPress solutions for years, our team knows it like the back of its hand. We even have a handful of go-to WordPress plugins we love to implement on our websites: Yoast for rapid implementation of our SEO and content strategy, iThemes Security for fine-tuned control over a wide range of security aspects, Simple 301 Redirects to allow our content team to configure redirects without bugging our developers, and a few more.
That said, I’d stop short of touting the endless supply of third-party plugins as a major selling point for joining the WordPress platform. We’ve seen our fair share of WordPress sites bogged down by dozens of plugins that cause conflict, poor performance, and that terrible feeling in your stomach when it’s time to click “update”. Yikes!
While the appeal of plugins is quite obvious (there’s no need to reinvent the wheel), the hidden costs seem to be rarely evaluated when building a new site. In the pursuit of added functionality, the impact on performance, maintenance, and security are often glossed over.
Impact on Performance
Impact on Maintenance
There are thousands of WordPress plugins available, and most of them are free. While there are some great plugin development guidelines provided at wordpress.org, there is simply no way for every plugin to take into consideration the functionality of every other plugin. While adding one plugin may seem harmless and simple, a serious maintenance issue could arise after adding a bunch of them! They don’t always play nice together, particularly when it’s time to perform updates.
Updating a WordPress site with a lot of plugins can sometimes feel like playing whack-a-mole. Update one, another breaks. Fix that, and another breaks. Two certain plugins don’t like working at the same time, but work just fine individually. You get my point – lots of plugins, lots of conflicts, lots of different places to look to solve the problem.
Impact on Security
Speaking of all those plugins…those thousands of plugins are developed by thousands of different people or teams, with a range of development experience from “I started writing plugins yesterday” to “I can keep international digital financial transactions secure in my sleep.” Unfortunately, most plugins are installed with a focus on what functionality will be added to the site, not how competent the plugin developer is.
When adding plugins, it’s important to pay attention to the number of downloads, how often updates are being released, the size of the development team and the number of contributors. A widely-used plugin with a passionate team will almost certainly have any exploits discovered and patched sooner than a rarely-used plugin that hasn’t seen an update in over 2 years.
All it takes is one “bad” plugin to leave a security hole in your site, and there are serious consequences to a malicious party finding their way in. It’s not uncommon to see sites that have been defaced with vulgar language, political rants, adult advertisements, or even completely taken down and left in a pile of corrupt files. This can have detrimental effects on your business – from loss of trust from your customers to loss of revenue from website downtime.
It’s Not All Bad
“Everything in moderation,” so they say. Plugins can and do provide great value to millions of businesses around the world, extending functionality for website owners at a fraction of the cost of building and maintaining a custom solution, and those plugins have an incredibly powerful home in the WordPress community. That said, it’s important to work with a web provider that can help you make effective choices when it comes to the balance of maintenance, security, and performance.