Plug Ins

How To Evaluate A WordPress Plugin

One of the great advantages of WordPress is that there is an enormous community of contributors that add functionality all of the time. This includes the code in WordPress, itself, but also in the form of plugins. I use them, you probably use them, we all use them. That is what they are there for. But, that does not mean that all plugins are great. Many are not even good. Today, we are going to look at the art of choosing plugins and hints to tell if they are good or not. Enjoy

What are WordPress Plugins?

Plugins are a community built a bit-o-code that users can install onto their WordPress installation. These bits of code are intended to solve some problems that you, as a website owner, are trying to solve. While it doesn’t have to be listed, you can find many great plugins in the searchable WordPress Plugin area or you can search for them in the Plugin area of your WordPress Admin area. 

Why Evaluating Plugins Is Important

It is more of an art than a science to separate the good from bad plugins, but it is very important to make an effort to do this when you are searching for a new plugin. Being able to look at a plugin and make a good guess on the quality of it could save you time in the future, as bad plugins can wreak havoc on your website (and your time). 

Plugins Can Be A Security Risk

A plugin can bring your website down if it is written poorly, which is always a harrowing experience, but that isn’t all of it. It could put your visitor’s personal information at risk, if you keep that sort of information. Nefarious hackers might highjack any advertising you have on your website or add their own advertising, which can steal from you. Sometimes, I have seen this kind of advertising result in porn ads being injected into sites.

I have also seen hackers redirect all traffic from a website. The hackers literally make it impossible for your readers to see your content. It can even be more frustrating, as they may have done so in a way that makes it difficult for you to get to your admin area. 

While there certainly are other security risks that can cause these things to happen, plugins are one of the primary causes of problems.

Plugins Can Slow Your Website Down

Food bloggers are particularly sensitive to page speed and a plugin definitely can impact that. There are several reasons that a plugin can slow your website down and some of them are even valid, but evaluating your plugins before you introduce them to your environment is a great way to determine if a particular plugin is right for you and good for your website.

When your website is slow, it can impact your user experience, time on site, and bounce rate. Ultimately, these metrics can impact your bottom line.

Plugins Break Websites

All plugins have the potential to break websites. Even good ones. It does happen. There are massive companies like Google and Facebook that employ thousands of developers that still release bugs. It is silly to think that little plugins with a few people working on them might not do so occasionally, as well. Even though we know that bugs will happen, we can somewhat control our exposure to those bugs that might break your site.

Working to weed out the bad plugins brings your total risk down. Not only can it help prevent traumatic events like website crashes, but it can help eliminate the small things that break. If you ever find your website or admin area doing odd things on a regular basis that just don’t seem right, it might be a bug. Identifying bad plugins before they make it onto your website can help reduce these.

Deleting a Plugin Doesn’t Mean It Is Gone

Once you install a plugin, you might find that it isn’t so easy to get rid of it! Even after a plugin is deleted, both code and data can get left behind. Even though it may not show up in your plugin page, there might be remnants of those plugins left. Controlling the quality of plugin gets installed in the first place can help you in the future.

There are certainly valid and great reasons why plugins might do this, but there are also some not so great or valid reasons. Have you ever deactivated a plugin and realize you lost all your settings? Sometimes that really sucks. Or even removed a plugin to troubleshoot and then realized a bunch of data was missing? That can be disastrous. Evaluating the plugins you install into your WordPress environment can help keep the bad ones out of your environment.

A General Note About Adding Plugins To Your Website

Plugins are an awesome part of WordPress. The plugin ecosystem is the primary reason that I chose to use the WordPress platform for my food blog. It is why a food blogger can be up and running with the latest SEO, recipe schema, and speed enhancements lickety-split. All without knowing the first thing about code. Plugins also, however, are some of the most dangerous and risky parts of using WordPress.

Each plugin you add to your website adds code. Each line of code on your website adds an element of risk. Security, site speed, and functionality all are at increased odds of being compromised with each new plugin you install.

Not only do the plugins have to play nicely with WordPress (which changes), but they often have to share space with a bunch of other plugins. Often, they have to work on the same things, and this brings risk. This means that every plugin is expected to work with 55,000 other plugins that are shown on the WordPress plugin page. That doesn’t even include the ones that aren’t listed in the plugin search area.

It is nearly impossible to know if one plugin is going to work well with the other 49,999 plugins. Even the developers don’t know that. Hopefully, they are following some best practices that help reduce conflict or errors, but no one is performing a full test suite of one plugin with a all possible combinations of the other 49,999 plugins. 

Think of WordPress as one giant sandbox and each plugin is a child. 55,000 children running amok in a giant sandbox with limited adult supervision. Can you imagine what that might look like? Even the best of those kids might get into a tussle or fight if left long enough. The same things happen with the Plugin ecosystem. You have your own sandbox (your website) and if you invite a bully into yours, you might have some problems.

Remember that many plugin developers are doing this for free!

We expect plugins to just work the way we want. For as much as I agree with this, I also believe in the old motto, ‘you get what you pay for.’ Often, these are completely free products and the developers are donating their time to a plugin out of the sheer joy of development. 

While I think there is an argument that if they provide a product, they should support it and be honest with it’s users, it is still merely a labor of love for many developers with no financial incentive. If they are skilled developers, they might be foregoing actual income for this problem they found interesting enough to solve for people like us. They might be providing a plugin just because they like it.

Imagine if you were doing something for fun, but people were belligerent and demanding? Most of us food bloggers love what we do, but we are running a business that often relies on FREE products from volunteers. People who likely have day jobs and families that need taking care of. While it is important to evaluate plugins and good to request support, I think it is fair to approach this process with the knowledge that some people build these things as a hobby and for free. It is part of what WordPress was built on and I think it is important to respect the people who donate time. If you get something for free, remember that it is free. 

Don’t Be Afraid Of Plugins, but Be Vigilant

The power that plugins bring can be a bit scary if you look at it like I have laid out. I am not intending on scaring you, but I do think it is important to talk about the risks of plugins. Your job as the manager of your site is to look at these plugins and see if they are the kind of kids you want in your sandbox.

I am going to give you a few simple things that you can do to look at these plugins without knowing any code and get a feel for what you can expect from the plugin. I want you to be able to look at a plugin and determine if it a stinker and also how to recognize quality.

If you are vigilant about protecting your environment from outside code, you are going to have a website that is easier to use, faster, and less prone to problems. Being vigilant about the plugins you use will help with this. Pick your plugins wisely!

How to Choose a Plugin

Finally! We are here at the list. If you follow these instructions when thinking about using a plugin, it will help you have a better running website. It will not assure that you will be problem-free, but it will start you on a path of taking better care of your WordPress installation and eliminating future headaches. This is also not a sure-fire guide to finding perfect plugins that never have problems, but more of a guide that can help you along in a journey to making better websites.

Is Your Potential Plugin Really Solving a Problem?

When thinking about a plugin, I think it is important to ask yourself what problem it is really solving. For example, remember that Hello Dolly plugin that WordPress installs right off the bat. It literally solves NO problem and also adds no actual value. While I doubt there are any real security or speed issues with the Hello Dolly, it is a waste of space. I delete that right off the bat.

The Hello Dolly plugin is a simple example, but there are others I have seen that are not quite as simple of a decision. One convenience plugin that many people have installed is the Ultimate Nofollow plugin. Forgive me, Ultimate NoFollow plugin. I am going to pick on your plugin a bit today. It is a little plugin that gives the admin a checkbox to add nofollow to your links, as encouraged by Google for paid links (they have updated to include a few other values, but they are all essentially nofollow-like).

This plugin makes it pretty easy to add nofollow links in your visual editor (Classic only), but did you know you can add this really easily without a plugin? By just flipping to your text editor and manually adding a ‘rel=”nofollow’ to the html (see tutorial)?

This plugin is solving a problem for many people. I think if I were to put this down in the form of a user ask, it would go along the lines of “As a post creator, I want to be able to easily add nofollow to my links without using HTML.” 

The Ultimate Nofollow plugin says that this is a problem they solve. And it appears really simple! 

Is it solving a problem that needs solving?

So, we have established that it does solve a problem, but now we need to ask ourselves if the risk of adding a plugin is worth the problem it is solving. I might be fine with editing HTML. If that is the case, why would I install this? I might be willing to learn a small bit of HTML and editing these on my posts just aren’t a big deal. If that is true, why would I install this?

I should look at my other plugins and see if there are current plugins installed that already solve the problem. For many of us food bloggers, there was a time when it was advantageous to have both Social Pug and Tasty Pins. Social Pug updated its functionality so that I did not need both. In this case, even though the Tasty Pins team is great, I just did not have a need to have two plugins solving the same problem. 

Back to Ultimate Nofollow. The plugin does solve a problem, but in the scenarios above where I know I can, and am willing, to do it myself, why would I install the plugin? It adds code to my website, which inherently adds risk.

Who should move forward with looking further at this plugin?

If you have no interest in touching the HTML, this might be a plugin for you. If you understand HTML, but just feel it is too much of a burden, this might be a plugin for you. If you know that this solves a problem that you want to be solved, consider moving ahead with looking at the other criteria for installation.

A note about currently installed plugins.

As an aside, it is just as useful to go through your plugin list and look at the problems they solve. Many times, a plugin solved a problem at one point, but it no longer is useful. These are great candidates for removal. Getting rid of unused plugins is a great way to decrease your risk and maybe speed up your website.

Evaluate the Plugin Stats

If you are looking at a WordPress plugin page on a desktop browser, you should be able to see a plugin stats overview on the right-hand side of the screen. These statistics are very important in evaluating the quality of a plugin. It includes metrics like last-updated, active installations, tested up to, ratings, and support. These are good things to look at and evaluate

Image of Ultimate NoFollow in WordPress Ecosystem

Last Updated 

This is the last time the plugin was updated and it is a great way to get a feel for how active the developers are in maintaining the plugin and adding features. While there is no hard and fast rule on this, I want to see that they have updated it in the past few months, at least. Any number over a few months and my spidey sense starts to tingle. Anything over a year and I would have some pretty grave concerns. Anything over 2 years and it would almost be a definite no-go for this guy.

At the time of writing, Ultimate Nofollow was updated 3 months ago. This would make me wonder a little, but it wouldn’t be a deal-breaker for me. Mind you, if there is a super small, single-use plugin that is written really well, it might not need to be updated often.

If it is a big plugin that promises to do everything and throw in the kitchen sink, but hasn’t been updated in six months, I would be more worried than a plugin like Ultimate Nofollow that has limited functionality. 

Active Installations

How many people are using this? This is an important question when evaluating a plugin. It isn’t that hard to put a plugin in the WordPress ecosystem, but the rubber really starts to hit the road when people start using the plugin. Many plugin developers (and all developers) unfortunately put testing on the backburner. This means that YOU are the testers. 

If there are a million people who have this installed, you likely are getting into a plugin that has been well tested and has enough goodwill to draw people to it. If you look at a plugin like Redirection, it has a million+ installs. It solves a problem for many people and niches. It has been proven to be a trusted source.

The plugin we have been looking at, Ultimate Nofollow, has 50,000+ installs. This is a great number, as well. Remember that some plugins solve problems for niches or certain groups, so they may not have the number of installs as some of the big guys. For Ultimate NoFollow, a user probably has to be interested in and know about SEO. The number of installs on the Ultimate Nofollow plugin would not concern me.

When you start getting down into the 3 and 4 digits, I would start to worry a bit. It would make me scrutinize the other statistics even more, but still may not be a deal-breaker for me. The number of installs is one snapshot in the picture book of this plugin. This individual picture might be out of focus and make me uncomfortable, but it doesn’t necessarily mean that the entire picture book is. I would need to look at the rest of the snapshots to get a better feel. 

Tested Up To

This is important to look at. What version is WordPress currently on? What version has this been tested up to? If it is more than a few minor versions, it is important to take this into consideration. While I am not sure on the specific rules, at some point this comes with an additional warning on the plugin page from WordPress that it hasn’t been tested in a while and may not work.

If that WordPress warning shows up, I would be worried. It would make me wonder if the developers are working on this and if they care that WordPress is marking them. It still might not be a deal-breaker, but this would definitely cause concern. At the time of writing, the Ultimate Nofollow plugin was not showing this warning.

Advanced View

There is an Advanced View link under that top section that can give a little bit more information. Specifically, it can share the number of downloads over time. More interestingly, it shows Active Install Growth. If this is declining and a negative number, I would wonder why. Once again, not a deal-breaker, but something to stay aware of. 

Ratings and Reviews

How many ratings are out there and what does it look like? I would look at the number of people that have left ratings and then also what distribution they had in terms of quality. If a plugin has 10 ratings and they are all one or two stars, I would be concerned!

The redirection plugin has about 500 ratings and it is obvious that most people rate it really high. If we look at Ultimate Nofollow, I start to worry a bit. I see that there are 15 five-star ratings, but 6 one-star ratings. The number of ratings would not worry me as much as to why there are so many bad ratings compared to good ones.

Fortunately, there is a link right there that brings you to the details of the ratings and reviews. Now, I am starting to get a clear picture. At the time of writing, the last three ratings over a 1-year span say that it doesn’t work and leave one star. Based on those reviews, I am getting the sense that it doesn’t work with Gutenberg. 

Additionally, those reviews have no responses from the plugin writers. That would definitely be an issue for me in evaluating a plugin. Do they not care about the reviews or addressing the issues in the plugin ecosystem?

From personal experience, I can confirm the plugin doesn’t work with Gutenberg. To be honest, I still use this plugin on an install that has classic and it has been fine for me, but I know it’s time is limited in my WordPress world.

If you are using Gutenberg, these reports should tell you that this plugin is likely going to be problematic for you. These ratings and reviews should help you determine if this is going to be a good plugin for you and give you a sense of how much they care about this plugin.

Support Section

This consists of two parts. The first part shows recent issues. The summary tells you how many issues have been opened and resolved in the past few months. If the number of issues is high, I would start to question why. If the number of issues is high and none of them have been resolved, I would be more worried. At least if they are resolving some, it looks like they are actively participating in the development. 

The second part shows a link to the WordPress Support Forum. Take a peek at that. How many issues are showing in this area. Are the developers responding to them? Is it an active and vibrant forum or is a desert echo-chamber with no results.

In our example of the Ultimate Follow plugin, they have a stickied comment that says to go to a different, non-WordPress page to submit support tickets. Unfortunately, it is a dead link. 

Perusing through the comments in the support forum, it looks like ownership has been transferred to a different company than the original owner. It also looks like they made the last update a few months ago and have been somewhat active in the forum. That there are still stickied dead link posts (at the time of writing) pointing to the old owner and a dead link is still concerning. It feels sloppy.

Support Plugin view for Ultimate No Follow
Ultimate No Follow Support Page

A Note About Plugins Not Showing In the WordPress Plugin Ecosphere.

Be wary! Some plugins don’t show in the plugin ecosystem. This can be by choice of WordPress or by choice of the plugin developer. There are certainly some legit ones out there, but it comes down to your trust of the authors. Do you trust the author? Do they have a website? Does the website look nice? Can you ask them questions and do they respond? Do they have testimonials on the webpage? Can you find other users that use them?

Who Created The Plugin?

This shows on the Plugin page and there should be a link. Check out the company. Is it a single person just writing stuff as an after-school project or is it a company? If it looks cheesy, it probably is cheesy. In our example, we already saw that there was a dead link in the support forum to the company that used to own it.

Upon further look, the company that currently owns it has a link on the plugin page. It is also a dead link currently. This is concerning.

How big is the plugin compared to the problem I need to be solved?

What we have already looked at is a great start to evaluating a plugin. There is a more nuanced item that is worth mentioning. Some plugins promise to do everything for everyone and this always makes me a little wary and at least standing back and looking a bit further.

The more a plugin does, the bigger it probably is. It very likely will have more code, more risk, and more potential for failure. It is important to look at the problem you want to solve and weigh how much the plugin actually does.

A while back, when it became apparent that Ultimate NoFollow did not work with Gutenberg, I started looking for other solutions. Apparently, even though it really seems like a small problem, it is not trivial to solve in Gutenberg.  I saw another plugin that promised to do the same thing, but it was part of an entire suite of tools that were mashed into the same plugin. 

The nofollow bit was probably 2% of the functionality of this plugin. Because of this, I hesitated to recommend it. If we need to hang a picture in our house, there is no need to bring in a sledgehammer to do the job. In fact, there is a pretty good chance you will smash one of those fingers trying to nail in that tiny nail. 

There are some companies that do this really well. In the food blogging niche, plugins like WP Rocket, Jet Pack, and Yoast cover a whole gamut of functionality. They do it well. 

On the other hand, if there was ‘some dude’ that put together the Taj Mahal of plugins, I would have doubts that it works well on a mass scale and even if he did, I would doubt they would be able to support it well over a long period of time. 

One segment that I think tends to do this really poorly are page builders. Granted, this is a super complex problem. To be able to allow your customers to drag and drop anything to anywhere AND have it be graceful code is an enormous feat. They literally have to make it work for everybody. What is sacrificed? Often, speed is what is sacrificed. 

When evaluating a plugin, just try and find the right tool for the job.

What does your niche community say?

There are many great communities out there that provide feedback. For food bloggers, there are great Facebook groups like Food Blogger Central and forums like Food Blogger Pro where you can get feedback on plugins or search for past feedback. 

As time moves on, standards change and the plugins de jour change. These communities can help you keep abreast of what people like.

Backup before you add a plugin

Yes. Do this. If you start installing new plugins all willy nilly, you are cruisin for a bruisin. Back things up. Always.

Test In Google PageSpeed Insights Before and After

Speed is important for us. Using Google PageSpeed Insights before and after installing a plugin is a great tool for showing the impact of a plugin, particularly if it is a plugin that impacts the front end (as opposed to Admin) of your website.. Mind you, that you might get different results when you run this multiple times, you will want to test it a few different times before you really get a sense of the impact it has.

What can GPSI tell us?

It can give a general sense of any items that might slow or weigh your site down. If new ‘opportunities’ show up in the result and your speed is impacted significantly, it is worth investigating those items. It might even be worth removing the plugin if it impacts your site enough.

Cache and GPSI

If you run your site through GPSI, you have to do it a few different times. When you change something on your website and you have a caching tool, it is very likely that your pages need to pull more information. This means, the first time a page is hit, it will be slower. 

On top of your cache causing issues, Google tends to cache GPSI results. If you notice the GPSI tool showing a result instantly without appearing to process anything (it usually takes several seconds). 

Take your time testing this and test it several times before and after. If you do this, you will have a better sense of what really is impacting your site.

Would I recommend Ultimate NoFollow?

No. Between the reviews, the support area, and the dead links, it would be concerning enough for me to not recommend it. 

The thing is, however, is that I still have a site using the classic editor that has this plugin installed. For this site, I do not. For the site I do use it with, it will probably be gone soon.


You made it this far? Well, you should have a good sense of how to evaluate a plugin. If you spend some time looking each plugin you intend to install, you can reduce the risk to your website, help ensure it remains fast, and help prevent outages. Evaluating a plugin is an important skill for every WordPress site owner and I hope you enjoyed. Check out Ramshackle Pantry, where I blog for reals. 🙂