The Home of the Security Bloggers Network
Home » Security Bloggers Network »
Many things make WordPress great. Firstly, it’s free. This fact alone has allowed countless people to set up their own websites, contributing to the mass democratization of information that we enjoy today. Secondly, it is open-source – allowing hobbyists and professionals alike to hack away, change, and optimize whatever they want. Completing the trifecta of great things about WordPress is an entire ecosystem of plugins, counting more than 60,000 from the official repository alone.
This modularity allows anyone to transform a WordPress website from a barebones blogging CMS to anything from a multi-site network of websites to a fully-fledged e-commerce solution. When it comes to WordPress and plugins, the world is truly your oyster.
When embarking on a WordPress project, the requirements and specifications will invariably be the major decisions drivers. From the hosting plan or server on which the website is to be installed to the theme and plugins, all of these specifications must be set up according to the website’s requirements. At this point, one dilemma inevitably rears its ugly head – How many plugins can or should I install on my WordPress website?
What now seems like a lifetime ago, I was managing a project that is not unlike an extensive WordPress deployment. The client wanted to know what specifications the server should have before all of the requirements were laid out, to which our regional partner asked him:
How long is a piece of string?
I remember, very clearly, the process through which the client’s facial expressions went from deep thought to bewilderment before finally reaching the realization that it’s a trick question.
As discussed earlier, WordPress plugins are nothing short of amazing. They come in all shapes and sizes from all kinds of developers for all sorts of things, helping us build very different kinds of WordPress websites.
Because a WordPress website can be built and configured in countless different ways, we can never have a universal, fixed ideal number of installed plugins.
Instead, we first and foremost need to have our requirements and specifications fully laid out – that is to say, what the website needs to achieve and how it will achieve it. Then we can plan our specifications – from web server resources and bandwidth to the plugins that need to be installed. This can help us make sure that we can accommodate the functionality we need.
Having said that, there are a few other things we need to consider, minimizing the impact of our decisions. These considerations can help us make sure our WordPress website will be a success.
Blindly installing every plugin under the sun just in case someday someone will need it is not a good strategy. Instead, things should be planned according to the exigencies of the website at that time, while keeping in mind any growth plans. Good planning allows us to meet current requirements while designing systems in such a way that we will not need a complete redesign in a few months time.
Whenever a plugin is installed on a WordPress website, you add lines of code to the website. Unless proper planning and testing have gone into the plugin’s development, those same lines of code could very well be introducing new vulnerabilities to your website.
While WordPress security is often overused to sell a product or a service, it is a valid concern that any WordPress administrator should think about.
Of course, the only truly secure system is the one that’s switched off and unplugged, but that’s hardly a usable system. Risk is something that is managed rather than eliminated, and the same is true for WordPress plugins. The question then becomes, how do we manage risk? Glad you asked.
Firstly, make sure that the plugin comes from a reputable supplier. Make sure the plugin is available from the official WordPress repository, and remember to check customer reviews.
One other thing that deserves attention is the update cycle, that is to say, how frequently the developer releases plugin updates. As it might be challenging for plugin developers to account for all usage scenarios, frequent updates can put your mind at rest that the developer is actively working on and maintaining the plugin. In the same vein, a developer who is responsive to customers’ questions and queries is someone who you can trust more.
Some plugins require more resources than others. The more functionality a plugin brings to the table, the more resources it probably needs to run. In this regard, you need to make sure that the server on which WordPress is installed is adequately equipped for what it needs to do.
For example, an e-commerce plugin will require way more resources to run than a plugin that allows you to add Syntax highlighter plugin. Therefore, a shared hosting account might not be a wise choice if you’re building an e-commerce site that will bring in substantial revenue.
It can be counterintuitive to only install plugins that use minimal resources simply because the server does not have the resources required to properly run the more extensive plugins – if you need the functionality that they offer. This is especially true for those plugins that do a lot of reading and writing to the database, which tend to offer important functionality but may need additional resources to function properly.
One other primary concern many WordPress administrators have is the number of HTTP requests the website and all of the plugins generate. While this is a valid concern, as long as the plugins are fully optimized, and the WordPress hosting provider can handle the requests, website performance will be fine.
One other argument that tends to come up when discussing plugins is that of single-function vs multi-function plugins. In essence, a plugin that helps you enforce strong passwords and offers no other functionality is considered a single role/single function plugin. On the other hand, a plugin that allows you to take backups, improve SEO, and order pizza is, by definition, a multirole plugin.
While it might be justified to think that a multi-function plugin might be the better option since there will be fewer overall plugins running on the website, in reality, things work a little bit differently.
The issue is not the actual plugins that might cause problems, but rather the amount of unoptimized code. A single function plugin is more likely to be optimized for doing that one thing very well and as such, might be the better option. Of course, we must not forget the other considerations mentioned earlier, including developer reputation and functionality requirements.
The required website functionality should always be the driver of the server specifications. This can help us make sure that we can install the plugins we need without worrying about website slowdowns or increasing security risks. Here it’s important to remember to always choose a reputable developer, and your WordPress website will be more than fine. For more information on the criteria to consider when choosing a plugin, refer to our guide on how to choose the best WordPress plugins for your website.
You might also want to consider developing a system through which you can frequently test the performance of the website, especially after upgrades or the addition of new functionality. One tool that you might want to look into is the Google Search Console (formerly Webmaster Tools).
A vehicle can be a tractor or a sports car, but it cannot be both. Work out what you need first, then build a system that can do what you need it to do.
The post How many WordPress plugins can I install? appeared first on WP White Security.
*** This is a Security Bloggers Network syndicated blog from WP White Security authored by Radostin Angelov. Read the original post at: https://www.wpwhitesecurity.com/how-many-wordpress-plugins/
document.getElementById( “ak_js” ).setAttribute( “value”, ( new Date() ).getTime() );