When you install a plugin, you are essentially putting someone else's code within your website. Not all plugins are well-coded. Some are fantastic, while others are less so.
Some plugins could pose risks to a website--from causing security issues and vulnerabilities or slow down a website. Also, the functions of one plugin can affect another, which can be compounded as an organization installs more and more plugins.
An organization should do some due-diligence on the plugins that they install. Wordpress web design best practices should be considered both prior to launch and after launch in order to keep a website in good shape. Also, it is important to have at least a basic web maintenance process in place:
- Do regular back-ups
- Monitor the speed and availability of a website
- Have a web development production environment, which will allow you to test before rolling out an update
- Keep everything in Wordpress (from core to plugins) up-to-date
Basic due diligence on Wordpress plugins
- Positive reviews in the Wordpress plugin directory
- Number of downloads, reviews and positive remarks
- Is the plugin compatible with your version of Wordpress?
- Search Google for blogs, forums and articles on the use of your desired plugins
- Check the author of the plugin: Do they have a Git account? Do they publish regularly? When was the update or author response on that particular plugin?
- Code audit if your organization has the capability
- Is there a simpler approach to solving this problem that installing another plugin? Can we build this function into the theme or use another approach to get the same result? What is the priority of this plugin and the features it offers?
Our favorite plugins:
- Yoast SEO
- Editflow