Ask Penny: WordPress Plugins

Posted By on Dec 22, 2014 in CraftHack

Ask Penny

Penny Shima Glanz is a computer scientist with a passion for information management and how we interact with technology. She started PennyWise Consulting, LLC to help solo and small businesses figure out how to make the most of their technology needs and budgets. When not wrangling technology she can be found knitting, snuggling with her cats and reading, or out on a muddy trail run at sunrise.

Today’s question for Penny: What WordPress plugins do you recommend?

Penny’s Answer: This question always makes me pause as my default response isn’t expected.

I don’t have any.

There are many different factors that go into choosing a WordPress plugin, and while your site and needs might be similar to your neighbor’s, both sites are unique and what might be a perfect solution for another site, it might not be a good solution for you.

It’s easier for me to recommend plugins to avoid. Which ones are those? There are a few: they are the ones found with a search engine and you’re at a website you’ve never visited before about to download the plugin. They are the ones that haven’t been updated in over a year. They are the ones that aren’t needed.

Each time you add a plugin to your WordPress site, you add one more thing that requires maintenance (updating) and one more thing that could introduce a bug causing your site not to perform as expected (at best) or a security issue (at worst). I’m not saying to avoid all plugins, but you don’t add them just because your cousin’s best friend from 3rd grade uses it and says it’s the best thing ever.

First, identify your need. What do you wish WordPress did that it isn’t doing currently?

Second, while it’s not a guarantee that the plugin will be safe and secure and up-to-date, go to and search for your plugin there. Why? There are strict guidelines and if a plugin is known to have something malicious (bugs do slip through), the plugin is removed from the directory until it’s fixed. Look through the featured plugins to see if any of those do what you need. While I don’t like to recommend plugins cart-blanche, Jetpack is coded by the people who make WordPress and while it offers many different features you don’t need to turn them all on at once.

Let’s use Jetpack as my example of how you can do a quick review. The images are screenshots of the plugin page for Jetpack, as of early December when I’m drafting this post.

Here’s a screen shot of that page:



But what I want you to look at is a bit on the right of the screen:




First, Compatible up to: shows 4.0.1 which is the current version of WordPress at this time.

Second, Last updated: shows 2014-11-14 which is pretty recent.

Third, look at Authors and Support: automattic is the company that is behind WordPress. While that’s no promise that the plugin will be good, it does provide some reassurance. The Support heading is a little more difficult to evaluate, but it does quickly show that there are people asking questions and that most of those questions in the past two months were resolved.

Next just click through the tabs offered up at the top of the page just below the plugin title and download button. Honestly right now I’m just checking to see if they filled anything out. Some developers don’t want to maintain two sites (this plugin directory and their own website) so if they just have a link, click it to make sure there’s something there. Why? It means the developer took time to polish the plugin for release. If they care about that, then they hopefully care about writing good code. In particular, I focus on the tab Changelog and look for clear details. Again, that shows that the developer is practicing good coding and isn’t trying to hide things. Finally, I skim through the Support tab. What is the Freshness of the requests and how many are resolved? If there are lots of different unresolved threads, then I am hesitant to use that plugin.

Next, I skim Sucuri Seurity’s blog posts on WordPress Security (and their Twitter feed). If the plugin I want is listed there, it isn’t a reason to run fast away, but it does make me stop to research before I install it and turn it on.

Now why do I care about only installing the plugins I really need and reviewing some details about them before I click install? It’s easy to hide nefarious code inside a plugin. While a quick review can catch some big things, there are things that can easily slip by. This is a very technical article, but Spotting Malicious Injections in Otherwise Benign Code shows why.

If you want to install a plugin, go for it, please do some research first. And once you do, please keep that plugin up-to-date.

Thanks so much for joining us again this month, Penny! If you’re looking to spruce up your website for the New Year, take Penny’s advice on plugins into consideration. And as always – if you have a question for Penny, feel free to post it in the comments below and she might just answer it next month!

468 ad

Tags: , ,

Submit a Comment

Your email address will not be published. Required fields are marked *