Could Some WordPress Plugins Actually be Harming Your Blog?

97 amazing comments

wordpress plugin

I absolutely love WordPress plugins. Let’s be honest – it’s the plugins that make WordPress as powerful, popular and flexible as it is.

Want some more security? There’s a plugin for that. Want a floating box that captures email subscribers? Plugin for that. Want to rank better on Google? Sure, plugins do that too.

But what if you had a WordPress plugin that was actually harming your blog?

Scary thought…

I’m going to take you through a few scenarios and situations where that fancy WordPress plugin might be having a negative impact on your blog. In fact, sometimes that can destroy everything you’ve been working on.

If you’re a big plugin user you’ll want to read this post.

How can a WordPress plugin be dangerous?

I thought I’d start with a photo of a different kind of plugin.

This is an image I snapped of my brother plugging in our PCs so we could have a fun LAN weekend. Shortly after taking this a giant colorful orb of electricity pulsated out from one of the boards and nearly fried him.

We all had a good laugh.

The kind of laugh where you’re laughing at your sibling and not with them.

A photo posted by Ramsay Taplin (@ramsaytaplin) on

In a way this photo is unrelated to WordPress plugins, but in another sense it’s actually a very good comparison for how things can go wrong.

Before my brother plugged in we obviously did not take into account things like the power supply strength, the quality of the equipment being used, the age of the equipment, the suitability of the plugs for this use, the way in which we plugged them all together, etc.

WordPress is actually very similar and I’m going to show you how.

What should I know about WordPress plugins?

We didn’t assess the power supply, equipment, configuration, etc. of the chords and plugs we were using that day.

In the same way, WordPress users can get stuck when they don’t assess things like their server type and setup, capabilities, and things like whether their plugins are out of date or conflicting.

So what do you need to know?

1. They can (and do) pose security threats

You might not realize this but the plugins you use can actually provide a nice little backdoor for someone to get into your blog, read your files, steal your passwords or even shut the whole thing down.

Gross, I know.

Even just last week the WordPress security firm Sucuri published an article showing that they’d discovered that one of the world’s most popular plugins, Akismet, had a vulnerability allowing naughty people to put stuff you don’t want on your website.

This isn’t some dodgy little plugin either. Akismet is used by millions of users and has a team of really smart people running it.

How do I deal with this?

The number one thing you can do is make sure you keep your plugins updated!

Generally speaking, a plugin will be updated in order to add a new feature or to correct some security issue that has been discovered. If you have updates sitting in your WordPress dashboard for weeks at a time you are putting your whole operation at risk.

akismet

Take a look at the screenshot above where we can see that Akismet has updated their plugin seven days ago patching out the problem. Before you install any plugin on your blog you should check out how often it is updated, when it was updated last, and how many quality reviews it has.

The next thing you can do is install a plugin called Plugin Vulnerabilities which scans your installations to see if there are any current or historical problems. This can be quite insightful.

2. They can dramatically slow your blog down

We all know that site speed is one of the most important factors for keeping people on your blog, preventing bounces and even making more sales.

So it’s important to note that if you are using a lot of WordPress plugins, or out of date ones, there is a good chance that they will be slowing down your load time.

I honestly don’t think that any blogger needs to run more than 10-15 plugins at a time (of course there will be exceptions).

How can I overcome this?

One way to overcome this is by using another plugin called P3 Plugin Performance Profiler (the irony is magical!) which assess the impact each of your other plugins is having on your load time.

pc

You simply install the plugin by going PLUGINS > ADD NEW > SEARCH and then finding P3 Plugin Performance Profiler and clicking INSTALL. You can then run a test (as seen above) and find out which of your plugins are causing a slow down to your load time.

Remember that 40% of users will abandon a blog that takes longer than three seconds to load.

3. They can cause downtime, access issues and more

A lot of bloggers think of plugins as being a kind of product that is endorsed by WordPress itself. Unfortunately that isn’t the case at all.

Plugins are, 99% of the time, part of an open source environment and are often created by individuals who have an interest in developing a certain feature for their own site. These are often the ones that don’t get updated.

Then you have the plugins developed by companies in order to make money. I strongly recommend you use more of these as they are usually obliged to provide some kind of support service, or at least be open to greater public scrutiny. The problem? They can be expensive.

And when you mix all of these different plugins together you sometimes get something called a conflict.

I had this happen when I first launched the Blog Tyrant XPeriments podcast.

blog tyrant xperiments

For a long time I couldn’t get the artwork for my podcast to appear in the iTunes store. As it turns out, the plugin that I use for the podcast was conflicting with my security plugin that was preventing iTunes from fetching the image uploaded to my server. This particular issue took days to resolve – even a phone call from iTunes couldn’t figure it out.

How can I overcome this?

The first thing to note is that, in my experience, a lot of these conflicts are caused by caching plugins or security plugins which have features that sometimes prevent other plugins from doing their job in the name of patching up security holes. So if you’re experiencing a conflict it’s good to start with those guys.

A plugin conflict will usually manifest with weird warnings, server error messages or an inability to access certain features of your blog or WordPress dashboard. When this happens you turn each plugin off one at a time, starting with the last plugin that you installed/updated and see if that helps resolve the issue.

The next step is to contact your server support staff who have probably heard about it a million times and know exactly what is going on.

Lastly, head on over to the WordPress Support Forums and do a search for the names of the plugins you think might be causing an issue. I did a quick search for “plugin conflict” and get over 600,000 results. You’re not alone.

4. They don’t do what you think they are doing (and it’s costing you)

The last thing I wanted to mention is that sometimes the WordPress plugin you have installed doesn’t actually do what you think it’s doing. This might be your fault or it might be the fault of the designer, but it can have a really big impact on your blog.

twitter name

One common example I see is with social sharing plugins. When you click the Twitter button on Blog Tyrant you get a little “via @blogtyrant” at the end of the tweet. However, on a lot of blogs you actually see the Twitter handle of the creator of the app, not the blogger.

How can I overcome this?

This is all about testing.

When you first install a new plugin (after making sure it’s safe) spend some time looking at all the reviews and see if you can find some blogs where it is installed. See how it’s operating for them and whether it’s working cleanly.

Then make sure you fill out all of the settings properly. Sometimes missing a field can result in a big error at the end. You should also test your blog on various browsers, screen sizes and devices to make sure it is all appearing as it should be.

Have you ever had problems with a plugin?

I’m really curious to know whether you’ve ever had any problems with any WordPress plugins? What was the problem and how did you get it resolved? Lastly, if you have any plugins that you absolutely love please let me know in the comments below. I reckon you lot would know some cool things that I haven’t encountered yet!

Top photo Β© Zygotehasnobrain.

SO, WHAT'S NEXT?

Hi, I'm Ramsay. If you enjoyed this post you might like to check out:

Finally, hit the button below to get a free report and email updates so you're never out of touch.

LEARN MORE

97 Comments. Join in. *Closed after 30 days*

  • CC

    This couldn’t have come at a better time. I was starting to wonder how many is too many (I have 5, so I’m fairly safe, I think), and whether the SEO plugin I just installed is causing the tab titles from my site to double up on elements (probably yes). At least it has stopped me downloading a plug-in to fix it! By the way, the piggy-backing you have going on in your tech set-up there is truly impressive. How did that not ring alarm bells??


    1. Ramsay

      Hey CC. Which piggy-backing are you referring to sorry?


      1. CC

        ha ha ha God knows what you think I’m talking about! The power boards plugged into power boards plugged into double adapters aka piggy-backing. (I googled just in case I made this up. It IS a thing)


        1. Ramsay

          Ooooohh! Yeah, of course. My bad.

          Umm… we knew it was a bad idea but we really wanted to play games. Honestly, the orb that came out was about the size of a basketball and sounded like thunder.

          My brother is a doctor too. Should have known better.


  • Joep van der Poel

    Ramsay,

    Great and very helpful post! I absolutely love the power and seeming endless possibilities that plugins offer. Funny that you also mentioned that caching and security seem to be the cause of many problems, I have a similar experience.

    Personally I try to keep the number of plugins as low as possible. If I can achieve a similar result with some simple code I prefer to do that instead. But as I am growing my site I noticed that as I grow I also need more added functions. I feel that this is a continuous struggle to keep the number of plugins limited, but also grow and scale your website.

    How many plugins do you consider to be acceptable on a website, and how many is considered too much?

    Thanks for your post and have a good day!

    Joep


    1. Ramsay

      Hey Joep.

      I build a lot of things I need instead of using plugins as well. I have a great coder who works quickly and it keeps my site speed fast.

      Honestly, I’m not sure about the number. I’ve seen people who have 30+ plugins and the site works fine. For me, however, that seems like too big a security risk.

      I think it sounds like you know what you’re doing. I’m sure you’ll be fine.


  • Abhishek

    I don’t think 10-15 plugins are good enough. For me, there are 40+ plugins. They are required for various purposes.


    1. Ramsay

      Wow.


  • Saif Ullah

    Great. I am confused about using plugins. I have share buttons on my blog. But when someone shares on twitter it always show ‘ via @ ad.ly’ or somthing like that. I want to remove this. How can i do that?


    1. Ramsay

      What plugin are you using for that?


  • Jess

    Always grateful when wise words from BT show up in my inbox, thanks again!!

    So now what I understand is that as long as we keep current with updates, continuing to use Akismet should be ok?


    1. Ramsay

      Yep!


  • Hassaan Khan

    Hi, Ramsay!

    Thank you for this post. I had a problem with a plugin, after a lot of brainstorming, I finally figured it out, uninstalled it, and resolved the issue.

    I’ll share that experience in a blog post very soon.

    Thanks for writing this post.


    1. Ramsay

      Great! Thank you.


  • Diana Meyer

    Hello Ramsey,

    first of all, I’d like to thank you for this valuable post which helped me better understand the plugins and how to protect my website! I have installed P3 as suggested, thanks πŸ˜‰

    To answer your question, few months ago I had a problem with the plugin that most of us know “WordPress SEO” by Yoast!

    I even had to contact the hosting company who helped me find out what exactly was making my website run so slow! They deactivated my plugins one after the other and they found it was the WordPress SEO by Yoast. As soon as we deleted it, my website ran again as normal.

    Thanks again Ramsey and have a wonderful day πŸ™‚

    Diana


    1. Ramsay

      Was it a Yoast setting or the whole plugin causing issues?


    2. Hassaan Khan

      Hi, Diana!

      Never heard of someone actually complaining about WordPress SEO by Yoast. Even though, I’m not a user of Yoast but it has got a pretty high ratings.
      Could you please elaborate a little more what exactly your web hosting told the plugin was doing?


      1. Diana Meyer

        Hello Hassan,

        trust me, I have been surprised as well because I have been using WordPress SEO for years without any issue and as my website kept being way too slow I decided to contact my hosting company.

        They have been looking into all my plugins and deactivating my plugins one after the other and me also testing at the same time. As soon as they deactivated WordPress SEO my website navigation was fast again!


  • Michael D Gorman

    This was a very useful post, and I installed the P3 profiler plugin-interesting! I found I had the most problems with W3 caching 7 minify plugins. they tended to really impact some WP sites, distorting the layout in some cases. i solved this by just going with the ‘Falcon engine’ caching module on the WordFence security plugin, which in my experience with WordPress is the finest free security solution out there, plus the caching really works.,


    1. Ramsay

      Never heard of the Falcon. Might look it up. Thanks!


  • Jonah

    Thanks Ramsay,

    Knowing which to use and how many is a conundrum for all us beginners.

    I think the key is to install the very basics first, such as security and comments plugins then any plugins recommended by your theme then social media plugins.

    Over time and after learning and playing with the system you will become accustomed to how things work.

    And after some more time you will be able to do away with certain plugins once you get your head around a little coding.

    It’s a learning curve for sure but for beginners plugins do away with the need to know any coding but as you say, they can affect the speed and security.

    A fine balance can only be achieved through trial and error unless you make use of a good coder.


    1. Ramsay

      That’s really good advice – go slow and become familiar with it. I like it.


  • Mer

    Great and smart way to promote your instagram presence, Ramsay!


    1. Ramsay

      Ha ha. That wasn’t really the intention although I do love the way instagram embeds photos. Looks nice I think.


  • Augustus

    Hi Ramsay,

    I agree with the fact that WordPress is what it is (popular and flexible) because of various modification and enhancement you can achieve with various plug-ins.

    A lot of mistake I have seen bloggers make is installing and activating various plugins at the same time on their blog. Naturally, have many plug in would slow down the page load time, and this is bad for business.

    It’s also important to keep an up-to-date version of each plug-ins, because the developers are always fixing a blog or the other.

    I once had a bad experience with a particular plug in, I tried installing the plug-in from the WordPress option but it wouldn’t work, so I downloaded the file directly from the developer’s website and installed the zip. Before I knew it, my blog wasn’t accessible again.

    I don’t know much about coding (it’s too sophisticated for me) so I had to call a friend who assisted in sorting the issue out by going through the WordPress file from the original source code in the control panel.

    What am trying to point out here is that, not all plug-ins are trustworthy. If the ratings are not good, then you don’t have to install it on your blog, else you might end up causing more harm than good.

    Thanks for sharing this, and am sure tons of bloggers would benefit from it.

    Kind Regards.

    Augustus.


    1. Ramsay

      Hi Augustus.

      Yes, this can happen. It can also be due to your server configuration. It can get quite complicated which I why I always recommend people have a host who offer quality support services.

      Thank you for sharing!


  • Kristine Manley

    Hi Ramsay,

    This post is so helpful. I installed that P3 Performance Profiler Plugin right away. I keep my plugins updated, and I also remove plugins I’m not using. Thank you for sharing.


    1. Ramsay

      Glad it helped!


  • Ratko IvanoviΔ‡

    Great subject and love the article:)

    We’ve had somewhat a bad situation with one plugin when we started doing business – we hired a development company to create a simple plugin for us, something like a questionnaire that displays the results in a really nice fashion.

    When it was developed, and activate, it broke our backend. And I mean completely broke it – the layout was all over the place and we couldn’t access a lot of features of our admin panel. It didn’t hurt our website though from the visitor’s perspective, but still – a non-accessible WordPress admin hurts enough.

    What we’ve learned from our experience (and a bunch of research and tests on plugins), adding to the points of the article is to check for the theme’s plugin compatibilities (if you use a theme from a developer) and aside from the reviews – check when the plugin has been updated last. Plugins that haven’t been updated in a while pose a great risk that someone isn’t keeping them up to date with all the changes with WordPress.

    There is one good thing though – if you find a really good WordPress developer, they normally take only a short period of time to find any mishaps.


    1. Ramsay

      Sorry to hear that.

      Yeah, I found a good WordPress coder a few years ago and he is worth his weight in gold. Fast, reliable and no guessing anymore.


  • Chris Hufnagel

    Ramsay,

    Great read. Sharing with my clients. You know, the ones that have a plugin for everything. Last site I worked on, the site had 107 plugins. It took a few minutes just to load his admin panel. Ridiculous.

    Working with him I was able to build a lot of the functionality of some of the 107 plugins into the site and got the number down to 19 on his new site design. What a speed difference!

    Some people don’t realize that every time you install a plugin you are creating a chance of a small vulnerability on your site. And every time you don’t update it… that vulnerability grows…

    Like I said, great read. Could not have said it better myself.

    Chris


    1. Ramsay

      107 plugins! Kill it with fire!


  • Andrew

    Hey Ramsay,

    This is a great post with some really great points.

    I’m one of those people that use to install interesting plugins all the time. There was one point I had over 40 plugins and guess what happened? I didn’t update them … or some weren’t updated in years and I left myself vulnerable.

    It was hell fixing it and I learned my lesson now.

    I have around 20 plugins but I’m looking to really bring that down to under 10. Thanks again for this post, Ramsay.

    – Andrew


    1. Ramsay

      I think 20 is okay as long as they have a use and are kept up to date.


  • Osvaldo

    Hi Ramsay. Recently I have to uninstall the wordfence plugin because it was sucking all the memory of my website (according to one of the reps who helped me with this issue), which is hosted on Bluehost. Did you ever use this plugin before? Does somebody had the same problem like me? What other options are available for the security of my blog?

    Cheers and thanks for another great post!!


    1. Ramsay

      Bulletproof security is another one you can try that has a good reputation.


  • Renard Moreau

    [ Smiles ] Ramsay, I never thought for a moment that certain WordPress plugins can actually pose as a security risk.

    In this case, it would be wise of all WordPress users to research those plugins before adding them to their blog.


    1. Ramsay

      Absolutely.


  • Pauline Baird Jones

    I was using mark down to code my posts faster and the plug in hosed my site. I had to remove it. I also had to remove an outdated version of the Triberr plugin. Not sure why that hasn’t been updated. Their site is still active.


    1. Ramsay

      How long since last update?


  • Paul Maduagwu

    Hello sir, I saw your post in my email and I came here immediately, it’s my first time commenting so i’m really excited. I started my blog on Oct 5th and it was your blog that helped me set it up to what it is now. Thanks to your help I managed to get accepted for some affiliate programs and my blog is barely 3weeks old. I studied your post literally, with jotted points everywhere on my desk. My cousin thought I was going crazy. Usually 8 open tabs (all blogtyrant post), linking within a blog helps business, I’ve been trying it on my blog too. Thanks so much for the help you’ve given to this soon to be great blogger and other future bloggers.
    Your loyal subscriber,
    Paul


    1. Elizabeth

      Wow congratulations Paul! Love seeing all different elements I’ve read from Ramsay on your site. I’m currently working through Ramsay’s ultimate guide and setting up my blog too, so this is inspiring. Good luck!


      1. Paul Maduagwu

        Thanks, I appreciate it.


    2. Ramsay

      Paul, thank you so much for the kind words. I’m glad my blog helped you. Please keep me posted on the progress.


      1. Paul Maduagwu

        Ok sir, I will!


  • Mark B

    As any IT tech or semiconductor engineer can tell you, using sources of adequate electrical power is very important. Never load a single outlet with more than 10A (preferably less).

    Do a rough calculation of needed power, taking into account all computer power supplies, RAID boxes, network routers and switches, WiFi amplifiers, DSL and cable MODEMs, printers, scanners, and any other peripherals.

    Then use a UPS with a breakered power strip to plug eveything in, AFTER you determine you have a total amperage your wiring / outlet can supply.

    And like anything else, avoid gunking up your WordPress blog with anything you don’t need.


    1. Ramsay

      Hi Mark. So I take it you don’t like our set up in the photo above? Ha.


  • chris

    I look for a few things when I NEED a plugin.
    1. Is the functionality so simple I could put a few lines of PHP code into my functions.php file? If so, I go that route. If not…
    2. Has the plugin been around for a few years? If so…
    3. I check the support forum for the plugin to see if it’s still maintained and how often they reply to questions in the forum. If so…
    4. I look at the download rate – a great graph in the wordpress plugin pages. If it has a healthy amount of users…
    5. I download and test for speed and functionality. This is where I’ve been disappointed with a few paid plugins. They were either poorly coded or relied on off-site scripts they added several seconds to the page load time.

    Have I had plugin problems? I’ve had this only a few times with plugin conflicts or when I updated. With conflicts, I try tracking it down and notifying the plugin authors. If they fix it, great. If not, I look for a different plugin.

    I’m not quick on updates and I find this to be good. Once an update is released, I like to wait a week unless it’s a known quickfix due to a known security hole. This week gives them time to work out the bugs in the latest fix. Version 1 has lots of bugs. Version 1.1 fixes those bugs but introduces a few new ones. Version 1.2 is usually pretty solid. πŸ™‚

    As far as great plugins. I like Relevanssi for an improved wordpress search feature. I also love Thrive Leads for the form building with split-testing and I can even give a default opt-in form for a page unless the post is of a certain category in which case it uses the other form. That was too wordy.


    1. Ramsay

      Thrive leads – never heard of it but will check it out. Always looking for better lead plugins. Thinking about building one actually.


  • Ramona

    The first thing I do, when working for my clients’ sites is to see what plugins they have installed and remove the useless ones. It’s appalling how many they can install, just cause they look cool. Have installed P3 Plugin Performance Profiler on my blog, will run some tests now πŸ™‚


    1. Ramsay

      Did you see the guy above? One of his clients had 107 plugins!


  • Rich

    Hey Ramsay,

    Amazing article.

    I never realized how much site speed influenced overall user experience until someone pointed me to it via pingdomtool which you probably know. I discovered I had an over 10 second load time.

    In addition, to having way to much unused plugins, which were slowing down my website. I unstalled most of them and boom, my site hit the <1 second mark. I was amazed.

    Your blog has made me aware once again of the power and threat of plugins, so I'll be searching through mine to find some faulty ones or redundant ones.

    Thanks for the awesome post, just installed the P3 Plugin btw! Time to check it out.

    Regards,

    Rich


    1. Ramsay

      Congratulations on the fast load time. That is a massive difference! I wonder which plugin was causing the biggest impact?


  • Akaahan Terungwa

    Hi Ramsay,

    I’ve had a ton of challenges with plugins – especially when I started out about 3 years ago…I was an expert at installing just any plugin I encountered and often, I experienced a crash or abnormality and usually, had to isolate and uninstall the culprit.

    Recently, I noticed that resources on my host were running at a rate I couldn’t understand…the CPU usage bar was almost on red and I was clueless.

    Just then, I installed P3 and discovered that W3 Cache was the issue! The plugin alone was using up almost about 90% of the total slot my entire plugins were taking. I changed the plugin immediately and the CPU bar went down. I also discovered that my site speed improved by almost 2 seconds!

    As for plugins I really love, Akismet and Wordfence are simply the best! These 2 awesome plugins ensure that the greatest enemies of online buisness are kept in check: spammers and hackers!

    Your posts always rock πŸ™‚

    Enjoy the day.

    Always,
    Akaahan Terungwa


    1. Ramsay

      Seems like a few people have problems with that caching plugin. I wonder if it’s a server side setting?


  • Dawn

    Thanks, Ramsay, for the useful information! Sometimes plug-ins can conflict with each other. I had this happen a year or so ago, but I can’t remember the details. Had to do with a lighbox pop-up plug-in, as I recall. Uninstalling one of the plug-ins fixed the problem. Sorry for my foggy memory. It’s worth noting, though, when something suddenly stops working, it could be because of a conflict with a different plug-in.


    1. Ramsay

      Thanks for sharing Dawn.


  • Theodore Nwangene

    Great post as always Ramsay,
    Plugins are really what made plugin exceptional among every other content management system because as you mentioned, just think of any thing you want your blog to do, there is a plugin out there for it and that is so awesome.

    However, these useful plugins can also cause us more harm than good in so many case and the most common case is when you have lots of it installed, it will definitely affect your blog performance negatively.

    Its also very advisable to ensure the plugins are regularly updated for security reasons.

    A very wonderful post Ramsay, thanks for sharing.


  • Janice Trinh

    There’s a plugin that’s been pretty popular lately called “reCaptcha” that alot of blogs seem to have. It’s supposed to stop spam even more than Akismet. However, I’ve run into a problem whenever I install it.

    I think “reCaptcha” has a conflict with Akismet. When it’s activated, my own comments/replies gets marked as spam, with a little note “cleared by Akismet”, and placed in my spam folder. I have to unspam my own comment AND then approve it.

    I have since deactivated the reCaptcha plugin and all is well with my comment system again.

    I was wondering, do you know anything about reCaptcha? And should I stick with Akismet or switch to reCaptcha? (not both since they conflict) As it is, I get a hundred comments in my spam folder with Akismet installed. I would love it if you looked into this and do a post about it!

    (P.S. I’m a new follower and I’m just loving all the stuff I learn from you! You are awesome!)


    1. Ramsay

      Hi Janice.

      I just use Akisment and also close comments on posts older than 30 days old. The spam was too much and having the comments open just didn’t seem to be worth it. Not everyone agrees with this approach, however, but it might be worth testing on your own blog.


      1. Janice

        Sounds like a good idea. However, does closing the comments (after 30 days) affect site rankings? And will the comments already there disappear?


  • dwebwalker

    I am currently having issues with my security plugin… I installed yesterday


    1. Ramsay

      Which one?


  • Tauseef Alam

    Hi Ramsay,

    I would say there are many such plugins which slow down a wordpress website.

    Although there are plugins available that will analyse all plugins installed on your site and will give you the report about plugins that are slowing it down.


    1. Ramsay

      Yep, mentioned one in the post. πŸ˜‰


      1. Tauseef Alam

        Hi Ramsay,

        I was talking about this plugin (P3 Profiler).

        https://wordpress.org/plugins/p3-profiler/

        Regards
        Tauseef Alam


  • Marjorie King

    I am new to blogging and WordPress. I was looking for a counter plug-in, so installed the CounterStatistic Free Counter Plugin. It has many good features, but suddenly stopped working for a few days, so I lost some of my counts. Fortunately, I was also using Google Analytics to track activity, so I installed a different Counter Plug-in with the starting value from GA. Your thoughts on Counter Plug-ins?


    1. Ramsay

      I don’t think they are really necessary. Google Analytics or Clicky Analytics does a much better job of managing your traffic.


  • Reba

    A great wake up call for those unaware of the risks of plugins … great read!


    1. Ramsay

      Thanks Reba.


  • dwebwalker

    To answer your question, I used the Simple Site
    Lockdown plugin, because I keep getting new user registration, but I disabled both plugin and ability for users to register..


    1. Ramsay

      Did they stop?


  • John Buzz

    after updating akismet plugin can our blog safe? or we need to remove from our blog please?


    1. Ramsay

      Yep, the plugin has been patched so it’s safe if it’s up to date.


  • dwebwalker

    I stop using it… and my site is OK..


  • scott

    Hi Ramsay

    I started my blog less than a month ago after doing a bit of research, including reading alot of your blog posts, within that month I have over 1000 subscribers to my aweber account and I am getting 200-1000 visits a day (depoending on my small amount of advertising)

    I have a couple of questions if you dont mind

    1 – what is your best plugin for comments?, I would prefer a box around each conversation rather than it just jutting out as I find this hard to follow.

    2 – I’m sure I saw on one of your blog posts the best place to find people with similar (niche and size) mailing lists.

    I have ore but I don’t want to bombard you at first contact

    thank you

    scott


    1. Ramsay

      Hi Scott.

      1. Usually this is just a default WordPress threading style where you get your designer or coder to add a background color to the replies. There might be a plugin but I’m not sure what it is, sorry.

      2. There are lots of ways. You can do a Google search for keywords and see who are the top results and top paying ads. You can also use FB ads to see what suggested communities are popping up. Also services like Majestic SEO will let you look into competitors backlinks to see who is linking to who.

      Hope that helps.


  • Ahmad Rashid

    Nice work.
    Plz guide me if i am wrong, but for me, all those plugins with million or above installs for wordpress are usually ok to go with, as its all about user dependability ..


    1. Ramsay

      I think big plugins are like any popular service – usually they have better security but they also become bigger targets.


  • Ron Gilleland

    I recently took over the maintenance of a WordPress site for a small charity. I was shocked when I went into the admin panel the first time. They were running on WordPress 3.9.? and had 18 plugins that were needing updating. Many good intention people had tried to do work on the site …added a plug-in or two and then left. No one knew what anything did or what was necessary to the site. It took 3 weeks of my spare time (volunteer work) to untangle the mess …delete about half the plugins and smush some 5meg jpg file. The site loads much quicker now but there are still a few issues I have yet to figure out.
    I say “less is best”.


    1. Ramsay

      Less is best. Yep!


  • G T

    You are missing a lot of mistakes that can happen with plugins:

    1) Category plugins that change your .htaccess files:
    – You might lock yourself out, or set the directories of your site wide open.
    – You get wrong results or displays on your site when the .htaccess files contains filters on filenames. (e.g. it blocks the png or css files by accident). This is really hard to discover!

    2) Plugins that abuse your website for ads. Some (free) plugins put in some keywords, website links in your footer or header (visible or invisible) html. I have seen lot of plugins doing this. Some even with encoding / eval() constructions to hide it from the php sourcecode.

    3) Plugins that conflict with your theme and themefunctions

    4) Plugins for emailing (newsletter, contactforms etc) that send a copy of every mail-address to a suspicious site.

    5) Plugins that load (mallicious) content (javascript, png etc) from external sites.

    6) Plugins with counters, analytics, that are phoning home for statistics of your site.

    7) Plugins causing heavy load on the hosting server (memory/cpu) by doing tasks with your database or media, or backing up.

    8) Plugins trying to go to the root of your hostingsite and see if other websites exist within the same webserver/hosting

    9) Plugins messing with your database: extra tables, not cleaning up after install. Adding fields to existing basetables of WP. Adding extra posttypes. Messing with your category/tags library.

    10) Main problem is: all plugins run default with a sort of Admin rights on your website. Compare with Android phone where every app is ROOT and is allowed to mess with all your phone settings, files, contacts and apps.


    1. Ramsay

      Great list here. I think I probably thought a lot of those would be covered under the “security” section in the post but I’m glad you expanded these out. I probably should have gone the extra mile! Thank you.


    2. Extreme Sports Blogger

      Most of these can be avoided through looking at reviews, only installing plugins that are frequently updated and created by reputable developers.

      Only installing those plugins that are listed on WordPress and adhere to codex is also a must.


  • Ryan Biddulph

    Ramsay I love these points because I am plug in light…..for these reasons. Too many bogged down my blog and I recall a few creating a white screen effect on my blog, killing that sucker. Not good. I love a bit of function with them but keep things simple to avoid the nightmares and performance issues.

    Ryan


    1. Ramsay

      Yeah there’s no point having a slow blog in order to get some plugin feature like a color sidebar widget. Meh.


  • M. Khorev

    I’ve had problems with bad plugins in the past, but nowadays I try to keep the amount of plugins I use to a minimum. It can be tough though – there are so many out there that do so many cool things. If you can think of it, there’s probably a plugin that does it.


    1. Ramsay

      Yeah they are amazing!


  • Devendra

    Thanks for sharing such great article with us.


    1. Ramsay

      I’m glad you enjoyed it! Thanks for leaving a comment.


  • Pankaj Dhawan

    I knew that they slow down your blog which means a lot and about the security but there are many things I got to know from here, thanks. I was once using plugins for GA code and even social sharing but social sharing is now I am not using many plugins that are not very relevant.

    Thanks again
    Pankaj


    1. Ramsay

      You’re welcome. Glad it helped.


Tweet
Share
+1
Share