Plugins are the backbone of WordPress sites. Whether you want to add a contact form or an eCommerce store, plugins are always there to lend a helping hand.\r\n\r\nBut despite the essential role they play, plugins are also one of the places on your WordPress site that are most likely to go "wrong".\r\n\r\nBecause plugins are made by independent third-parties, they <em>can<\/em> open the doors to <a href="https:\/\/pagely.com\/blog\/3-simple-wordpress-security-tips\/">all kinds of security<\/a> and compatibility issues.\r\n\r\nThat's why there are some <strong>plugin best practices<\/strong> you need to follow when you're running a WordPress site.\r\n\r\nThese best practices span tips for how to choose plugins, how to analyze their performance, and how to properly maintain them once they're a part of your site.\r\n\r\nNo matter what type of site you're working on, here are the best practices you should follow when working with WordPress plugins...\r\n<h2>How To Pick The Right Plugins To Install<\/h2>\r\nThe WordPress core team has made it incredibly simple to install plugins nowadays...which is a double-edged sword because it means that you can install new plugins <em>without a second thought<\/em>.\r\n\r\nDon't do that - put some effort into only using quality plugins on your site.\r\n\r\n<em>Some of the tips in this section might seem a little basic, but I think they're important to cover nevertheless.<\/em>\r\n<h3>1. Consult The Wisdom Of The Crowds<\/h3>\r\nWhile popularity doesn't always mean quality, it is a good starting point in your quest for a plugin.\r\n\r\nThat is if you're staring at one plugin that's been downloaded 500,000 times and another that's only been downloaded 3,000 times, the former plugin is <em>probably<\/em> going to be the better option <em>more often than not<\/em>.\r\n\r\nWordPress.org shows this information in the right-hand sidebar:\r\n\r\n<img class="aligncenter size-full wp-image-13269" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/04\/plugin-best-practices-1.png" alt="plugin update and popularity" width="976" height="443" \/>\r\n\r\nAnd Envato also publicizes sales numbers in its sidebar:\r\n\r\n<img class="aligncenter size-full wp-image-13270" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/04\/plugin-best-practices-2.png" alt="plugin update and popularity at envato" width="1004" height="566" \/>\r\n<h3>2. Check The Last Update Date<\/h3>\r\nThis is another one that's a good general guideline, but not an absolute rule.\r\n\r\n<em>Most of the time<\/em>, you want to see that a plugin is still receiving regular updates to ensure it's compatible with the latest version of WordPress.\r\n\r\nThat doesn't mean a plugin that hasn't been updated is <em>always<\/em> bad - sometimes a plugin "just works" and doesn't need updates.\r\n\r\nBut unless you have the knowledge to actually look at the code yourself, it's hard to know whether or not that applies to your chosen plugin.\r\n\r\nSo, <em>when in doubt<\/em>, seeing a recent update date is important.\r\n\r\nAgain, both WordPress.org and Envato show this information in the sidebar (<em>marked above<\/em>).\r\n<h3>3. See What The Reviews Say<\/h3>\r\nFor every savvy copywriter crafting copy that makes you want to install the plugin right away, there's a reviewer willing to tell you all that plugin's potential flaws.\r\n\r\n<strong>Consult those reviewers before you pick a plugin<\/strong>.\r\n\r\nAgain, both WordPress.org and Envato make it easy to access third-party reviews.\r\n<h3>4. Gauge How Responsive The Developer Is To Issues<\/h3>\r\nBeyond the reviews, another good way to gauge a plugin's quality (<em>at least on WordPress.org<\/em>) is to look at the support forum.\r\n\r\nIt's a good sign to see that the developer is actively resolving support requests:\r\n\r\n<img class="aligncenter size-full wp-image-13271" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/04\/plugin-best-practices-3.png" alt="support forum" width="1003" height="456" \/>\r\n\r\nOne thing to note, though, is that some developers only handle support requests on their own website. So check to see whether that's the case before you ding them for unresponsive support.\r\n<h3>5. Don't Use Nulled Plugins<\/h3>\r\nIf you've ever searched for a premium plugin in Google, you may have noticed that Google's autosuggest feature <em>almost always<\/em> suggests "plugin_name nulled" as a query:\r\n\r\n<img class="aligncenter size-full wp-image-13272" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/04\/plugin-best-practices-4.png" alt="nulled plugins" width="705" height="362" \/>\r\n\r\nThat means there are a lot of people looking for nulled themes and plugins...\r\n\r\nIn case you're on the fence, <strong>nulled plugins are a horrible idea<\/strong>. Unlike their legal (<em>but ethically debatable<\/em>) cousins, GPL Clubs, nulled plugins are rife with malware and other vulnerabilities.\r\n\r\nThat means what you think is a way to save money is actually going to cost you down the road. Just don't do it - there are plenty of quality free alternatives to most plugins.\r\n<h3>6. Use A Sandbox Tool Like Addendio To Test Plugins<\/h3>\r\nFound a plugin that checks all the boxes above? Before you install it on your live (or staging) site, you can give it a quick test run in a sandbox thanks to tools like <a href="https:\/\/addendio.com\/" target="_blank" rel="noopener">Addendio<\/a> or the oddly-named, but highly effective, <a href="http:\/\/poopy.life\/" target="_blank" rel="noopener">Poopy.life<\/a>.\r\n\r\nAddendio lets you spin up a sandbox with the plugin already installed (<em>if it's listed at WordPress.org<\/em>), while Poopy.life lets you create a blank sandbox where you'll need to manually install the plugin yourself:\r\n\r\n<img class="aligncenter size-full wp-image-13273" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/04\/plugin-best-practices-5.png" alt="addendio" width="965" height="528" \/>\r\n<h2>How To Pick The Proper Number Of Plugins (Or Why There Isn't One)<\/h2>\r\nOnce you know how to pick quality plugins, let's dig into the next question:\r\n\r\nHow many plugins should you use?\r\n\r\nContrary to the oft-repeated advice, too many plugins will not slow down your site.\r\n\r\nBut too many <em>plugins that slow down your site<\/em> will...slow down your site.\r\n\r\nWhat I mean by that is that there's no <em>direct<\/em> relationship between the number of plugins that you have installed and your site's speed.\r\n\r\nSome plugins will have essentially zero effect on your site's speed, while others might cause a noticeable slow-down. You could have one hundred of the former with no issue, but one of the latter is bad for business.\r\n\r\nIn a <a href="https:\/\/pagely.com\/blog\/wordpress-survey-2018\/">recent survey<\/a> we ran with WordPress users ranging from specialty dev agencies and bloggers to enterprise tech leads and CEOs we found that 44% of users have 1-5 plugins installed, where 30% of users have 6-10 plugins installed, and 22% have over 10 plugins installed. The rest claimed to have none.\r\n\r\n<strong>So how do you figure out which plugins are slowing down your site? <\/strong>Here are two tips:\r\n<h3>7. Use The P3 (Plugin Performance Profiler) Plugin<\/h3>\r\nThis one is a good example of how a plugin that hasn't been updated in a while can still work great. While <a href="https:\/\/wordpress.org\/plugins\/p3-profiler\/" target="_blank" rel="noopener">P3 (Plugin Performance Profiler)<\/a> hasn't been updated in three years now, the plugin still performs its function admirably (<em>at least in my experience - some reviewers do cite issues with detecting plugins<\/em>).\r\n\r\nAll you do is run the test. Then, P3 (Plugin Performance Profiler) will give you a beginner-friendly look at how your plugins impact your site's performance, as well as how individual plugins perform:\r\n\r\n<img class="aligncenter size-full wp-image-13274" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/04\/plugin-best-practices-6.png" alt="p3 plugin performance" width="970" height="655" \/>\r\n<h3>8. Go To The Waterfall (Use GTmetrix)<\/h3>\r\nAnother way to <a href="https:\/\/pagely.com\/blog\/diagnose-slow-pages\/" rel="noopener">catch slow-loading plugins<\/a> is to look at the <strong>Waterfall<\/strong> tab in tools like <a href="https:\/\/gtmetrix.com\/" target="_blank" rel="noopener">GTmetrix<\/a> or <a href="https:\/\/tools.pingdom.com\/" target="_blank" rel="noopener">Pingdom<\/a>.\r\n\r\nWhile the information isn't quite as detailed and requires more technical savvy to interpret, you can single out plugins that are slowing down your site with slow requests.\r\n\r\nJust run the performance test as usual. Then, look at the <strong>Waterfall<\/strong> analysis chart and hover over lengthy requests to see if any plugins are slowing things down.\r\n\r\nI've pointed out a couple of the most obvious WooCommerce requests below so you can see how it generally works:\r\n\r\n<img class="aligncenter size-full wp-image-13275" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/04\/plugin-best-practices-7.png" alt="gtmetrix waterfall tab" width="777" height="372" \/>\r\n<h2>How To Safely Update Your Plugins To Keep Things Functioning<\/h2>\r\nIf you want to keep your WordPress site secure, keeping your plugins updated is an absolute necessity.\r\n\r\nIn a <a href="https:\/\/www.wordfence.com\/blog\/2016\/03\/attackers-gain-access-wordpress-sites\/" target="_blank" rel="noopener">survey from Wordfence<\/a>, plugins accounted for 55.9% of the hacked sites <em>where the respondent knew how the hacker gained entry<\/em>. Similarly, <a href="https:\/\/blog.sucuri.net\/2017\/01\/hacked-website-report-2016q3.html" target="_blank" rel="noopener">Sucuri found<\/a> that three <em>un-updated<\/em> plugins accounted for a massive percentage of hacks.\r\n\r\n<strong>Suffice it to say, you need to keep your plugins updated<\/strong>. Here's how to do it safely:\r\n<h3>9. Read The Changelog To Check For Any Likely Issues<\/h3>\r\nA lot of people don't know that this feature exists, but it's super helpful for sussing out potential issues with a new plugin update.\r\n\r\nWhenever you see the update prompt in your WordPress dashboard, you can click the <strong>View version X details<\/strong> link to see a changelog for the latest update:\r\n\r\n<img class="aligncenter size-full wp-image-13276" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/04\/plugin-best-practices-8.png" alt="changelog" width="782" height="281" \/>\r\n\r\nWhile the depth of this changelog is up to the developer, it can help you pinpoint specific areas to test after you update the plugin. Speaking of...\r\n<h3>10. Use A Staging Site To Check For Compatibility Issues<\/h3>\r\n<a href="https:\/\/pagely.com\/blog\/wordpress-staging-site-create\/" target="_blank" rel="noopener">A staging site is an awesome tool<\/a> for testing plugin updates before you push them to your live site.\r\n\r\nCombined with the information from the changelog, you can quickly run through the relevant functionality on your staging site to make sure there aren't any issues.\r\n\r\nThen, once you've given everything a test, you can safely update the plugin on your live site.\r\n\r\nThe easiest way to get access to a staging site is to choose a <a href="https:\/\/pagely.com\/" rel="noopener">managed WordPress host<\/a> that offers that feature. But if that's not an option, the <a href="https:\/\/wordpress.org\/plugins\/wp-staging\/" target="_blank" rel="noopener">WP Staging plugin<\/a> provides a slick, host-independent implementation.\r\n<h2>What To Do With Plugins You No Longer Want<\/h2>\r\nJust like ~50% of marriages end in divorce, there will come a time when you decide to break up with one of your plugins. To make a clean break, here are two more best practices to round out this post.\r\n<h3>11. Don't Leave Unused Plugins On Your Server<\/h3>\r\nThis one is simple:\r\n\r\nIf you're not actively using a plugin (and have no plans to use it in the future), <strong>delete it<\/strong>.\r\n\r\nHere's why:\r\n\r\nEven when a plugin is deactivated, all that code is still sitting on your server.\r\n\r\nMany malicious attacks target specific PHP files that are included with a plugin. So even if you've deactivated the plugin, those attacks could still access the PHP files (Mark Maunder from Wordfence <a href="https:\/\/www.wordfence.com\/blog\/2016\/03\/attackers-gain-access-wordpress-sites\/#comment-23476" target="_blank" rel="noopener">discusses this here<\/a>).\r\n\r\nSo if it's not being used - <strong>get rid of it<\/strong>.\r\n\r\n<img class="aligncenter size-full wp-image-13277" src="https:\/\/pagely.com\/wp-content\/uploads\/2018\/04\/plugin-best-practices-9.png" alt="delete plugin" width="765" height="279" \/>\r\n\r\nAll you need to do is hit the <strong>Delete<\/strong> button in your WordPress dashboard and that should get rid of all of the plugins files. But...\r\n<h3>12. Remove Left-Behind Database Tables, Too<\/h3>\r\n...sometimes hitting that <strong>Delete<\/strong> button isn't going to remove all traces of a plugin from your server.\r\n\r\nOften, plugins will leave behind gunk that <a href="https:\/\/pagely.com\/blog\/optimize-wordpress-database-wp-optimize\/" rel="noopener">clutters up your database<\/a>.\r\n\r\nWhile you can <a href="https:\/\/wpsites.net\/wordpress-tips\/drop-plugin-database-tables-after-deleting-unwanted-plugins\/" target="_blank" rel="noopener">manually remove these tables<\/a> if you're comfortable working with phpMyAdmin, a more user-friendly approach is to use the premium version of the <a href="https:\/\/sigmaplugin.com\/downloads\/wordpress-advanced-database-cleaner" target="_blank" rel="noopener">Advanced Database Cleaner plugin<\/a>. Specifically, you're looking at the categories that relate to <strong>Orphan options<\/strong> or <strong>Orphan tables<\/strong>.\r\n<h2>Final Thoughts On WordPress Plugin Best Practices<\/h2>\r\nFollowing these WordPress plugin best practices isn't especially difficult or technical, but it can have a major effect on the stability and functioning of your site going forward.\r\n\r\nIf you:\r\n<ul>\r\n \t<li>Properly vet and test plugins before installing them<\/li>\r\n \t<li>Analyze how plugins affect your page load times after installing them<\/li>\r\n \t<li>Safely (and quickly) update your plugins<\/li>\r\n \t<li>Properly delete unused plugins<\/li>\r\n<\/ul>\r\nThen you're setting your WordPress site up for success both now and in the future.