The quality of the plugins on your site matters more than most people realise. A bad plugin can slow your site to a crawl, introduce a security vulnerability, or break something when it updates. Choosing well from the start saves you problems later.
The first rule: fewer is better
Every plugin you add is another piece of code running on your site. More plugins mean more potential conflicts, more update overhead, and more attack surface. Before installing anything, ask whether you actually need it — and whether what you already have can do the job.
What to check before installing a plugin
- Last updated — A plugin that has not been updated in over a year is a red flag. It may not be compatible with the latest WordPress version and likely has unpatched vulnerabilities
- Active installs — A plugin used by hundreds of thousands of sites has been tested at scale. A plugin with 200 installs has not
- Ratings and reviews — Read the reviews. One-star reviews mentioning site crashes or broken functionality are warnings worth heeding
- Support activity — Check whether the developer responds to support questions. An abandoned plugin is a liability
- Compatibility — Confirm the plugin has been tested with your version of WordPress
One thing that often goes wrong
Plugins get installed, do their job for a while, and then get forgotten — even after they are no longer needed. Deactivated plugins still sit on your server. Outdated plugins that nobody is watching are one of the most common entry points for hacks.
Plugin management — knowing what is installed, keeping things updated, and removing what is no longer needed — is part of our WordPress maintenance service. Read about what WordPress plugins are or explore the WordPress knowledge base.