I see many people adding plugins to their websites without giving much thought to security, performance, the overall health of their website, and the long-term sustainability of their business. They install anything and everything as long as it “gets the job done.”
Some might argue that this is not necessarily their fault because “you don’t know what you don’t know,” but when I first started building websites, I wanted to know as much as possible before blindly adding stuff. Did I make mistakes? I sure did! But it wasn’t because I wasn’t really trying my best to make the best-informed decisions I could.
In this guide, I share my methodology for evaluating plugins for my and my client’s websites, hoping to inspire people to give more thought to the solutions that affect their websites.
Step 1: Functionality
Does the plugin solve everything I need it to solve? If so, it makes the list of potential candidates.
Does the plugin solve the most critical things I need it to solve now, with a roadmap (if there is one) indicating the other “nice-to-have” features are planned? If so, it makes the list of potential candidates.
This is step #1 because if the functionality isn’t there (or won’t be there), nothing else matters.
Step 2: Support
The plugin has all the functionality you need, but you will likely need the vendor’s assistance at some point. It’s important (especially for more complex plugins) to feel like the vendor will respond and be willing to help you as issues arise.
Premium Solutions
How do the solutions that are premium-only (i.e., paid) provide support? Can you eventually reach a human (if you really need to), or do they make you jump through many hoops via an automated chatbot? Do they provide phone support or at least have a support contact form?
Especially if you’re paying for a solution, you need to be able to reach a human at some point, whether it’s through chat, a contact form, or some other way.
Freemium Solutions
How do the solutions that are a mix of free and premium (i.e., paid) provide support? Let’s focus on the “free” portion of the freemium model for this.
Is the solution listed in the WordPress plugin repository? If so, open up the plugin’s repository page and take a peek at the support forum.
Is the vendor actively replying, or are they taking weeks to get back to people? What is their attitude when they do respond to inquiries?
If the vendor is actively providing support for their free plugin, great!
This is a typical indicator that the vendor’s business is healthy and sustainable, as supported by their premium pricing.
If the vendor is not actively providing support for their free plugin, that’s a red flag. This is a sign that, for whatever reason(s), the free version of their plugin is not their focus. The saying “you get what you pay for” exists for a reason.
Step 3: Trust
If you’ve gotten this far, you’ve started getting an overall “vibe” about the plugin and the vendor. Let’s go a bit deeper by reviewing the key pages of the vendor’s website.
Team
I often hear (and I believe) that “people buy from people.” Whether it be by social media, a website, email, a phone call, or in person, people buy from people, so it’s important to maintain “the human touch.”
If this is important to you, one thing you could do is see if the vendor has an About page and what it has to say. Sometimes it’s easier to trust when you can put a face (or faces) with a solution. Do they seem personable and approachable? Or do they come across as being cold and unapproachable?
Website
Review the vendor’s website to see how invested they are in their business, how much attention to detail they pay, etc. Does it have a sloppy design? Is it slow to load? Do they seem desperate by advertising sales all over the place? Are they asking for donations for their business?
Some businesses create terrible websites because they are not confident in their products or services. They don’t yet consider their business serious enough to invest time and money in making a great impression.
Step 4: Security
While you might not be a developer and able to validate the secure nature of a vendor’s plugin, you can check the plugin’s history of discovered vulnerabilities.
Vulnerabilities alone are not a reason not to trust a plugin. What’s important is the vendor’s response to the vulnerabilities, especially if they were responsibly disclosed.
Responsible Disclosure: The practice of responsibly and privately disclosing to the vendor a security problem before publicizing it so a fix can be prepared and damage from the vulnerability minimized.
At the time of this writing, it was all over the news about how the company behind one of the most popular security plugins chose to ignore a responsibly disclosed vulnerability. You read that right! A security plugin that doesn’t take security seriously. Their customers left them in droves, and it was mainly because of how they responded rather than the vulnerability itself. Being a security plugin with a vulnerability as big as it was didn’t do them any favors.
In short, do your due diligence to see the history of vulnerabilities for a particular plugin and learn how the vendor responded.
Step 5: Cost
Are you surprised to see this as the last step I take? Sure, I might take a quick peek at the pricing towards the beginning of the evaluation process (it’s human nature to do so), but that’s more to see if the cost is so outlandish that it doesn’t make sense rather than spending time to weigh the overall pricing pros and cons.
At this point in the evaluation process, I’ve determined the plugin meets my requirements, and the vendor has checked all (or most of the boxes regarding support, trust, security, and the overall vibe they give off.
So, to me, the cost is what it is (assuming there is a cost), and I’ll pull the trigger on a purchase. Obviously, if the plugin comes with a free trial or a solid refund policy, it becomes even more of a no-brainer.
You Get What You Pay For: I’m a firm believer in this saying. Unfortunately, WordPress has, for the longest time, brought with it a “free” this and “free” that message, leading many people to take on this same mindset.
How motivated would you be to work super hard on running a business while providing your products and services for free? That’s what I thought. 😉
Step 6: Testing
The best practice is not to use your production website as a testing ground and instead test plugins in a staging or local dev environment. Only if you determine a plugin passes your tests should it reach your production website.
For those hosting their websites on Kinsta, as I do, they provide really nice staging environments that are super simple to use.
Video Tutorial
