What would WordPress be without plugins? Over 50,000 plugins are available in the official directory. But when you're looking for the right one, it's like searching for a needle in a haystack. This article will help you find the best plugins so your WordPress and WooCommerce projects remain as secure as possible.
There is, of course, no guarantee that these tips will always help you choose the right plugins. But you'll certainly hit the target more often. So let's get started! We'll begin with a seemingly easy enough question:
Obviously, there's the official directory on WordPress.org. And market places like CodeCanyon from Envato - who also operate ThemeForest. Or various smaller shops for individual plugins. Developers can also find plugins on GitHub. You'll need an extra extension for automatic plugins, however. Not every plugin supports this technology so this option is only really for advanced users.
Let's start with WordPress.org. The search function for plugins in this directory is unfortunately really, really poor. There's only a full-text search and a tagged keyword search. So you can't filter by the number of active installations, number or level of ratings, compatibility, number of solved support questions, or anything else for that matter.
What's missing above all is the ability to search for plugins that work together. There's no standardized way to search for plugins that extend the functionality of other plugins, for example WooCommerce or Contact Form 7.
You might have some luck by using suitable tags, for example /plugins/day/woocommerce/. But this doesn't work all the time. The search results may also contain unsuitable plugins. A quick Google search will give you a brief overview of the plugins available for a specific purpose.
Tip: There are plenty of "best of" collections for most use cases and these often get updated every year. Such lists provide a good starting point for choosing your plugins. Alternatively, you can look for plugins in a curated repository like Tidy Repo.
But the best tip is yet to come:
You get the best recommendations for plugins when you engage directly with the WordPress community. WordCamps and at local meetups are places where you can discuss your exact requirements. Above all, you have the chance to ask questions. This is the fastest way to find suitable plugins.
Meetups sometimes have rounds where good plugins are collected and discussed. Nice summaries can be found on the blogs of Meetups Hamburg and Stuttgart. Speaking of Stuttgart: the WordCamp Stuttgart is being held in November. Join other WordPress enthusiasts and get great plugin recommendations.
So now you've got a load of plugins to choose from and hopefully a clear idea of what functions you need. A checklist with all the required features would be ideal. And now? How can you separate the wheat from the chaff?
I don't follow any set-in-stone rule regarding the last plugin update, I just use my common sense. A plugin whose latest update was over seven years ago is obviously out of the equation. Unless, of course, the plugin is so simple that it consists of only a few lines of code and the filter used hasn't changed for seven years. It helps to take a quick look at the support forum. Has this question been discussed before? And if so, was it answered by the author? Or by another member of the community?
The date of the last update is one of the most important indicators of whether a plugin is being actively developed further. But if a few months have gone by since the last update, I wouldn't give up on the plugin just yet. There are many more factors that can shed light on a plugin's usefulness:
The number of installations is another indicator of a good plugin. At the same time, a plugin with very few installations is not necessarily a bad one. Could the plugin be very new? Or is the functionality only interesting for a very specific target group? You should always consider this number in context. On the other hand, hundreds of thousands or millions of users clearly indicate that a plugin is popular and many other users already rely on it.
There's one source of information not everyone knows: you can click on "extended view" to the right of the sidebar. There you'll find the infographic "growth of active installations" which shows you the installation history of the plugin. You can easily recognize "dying" plugins this way.
The information on compatibility also helps you get a feeling for the quality of the plugin. The version should of course always be one of the latest WordPress versions. Even slight delays are fine as long as the plugin doesn't have major issues. Check for any such issues by taking a quick look in the support forum.
Some plugins may have been very popular in the past with a huge number of downloads but the developer has since stopped publishing any updates. Perhaps the technology is outdated or the feature has already been incorporated into the WordPress core files. Take a close look at the plugin description. The support forum can also reveal important information: Are there threads on there about the status of the plugin? Have any questions been left unanswered or are all the questions from years ago?
Star ratings only give you a vague impression of the plugin quality. Most plugins that offer paid (pro) versions are constantly asking the users of their free version for 5-star ratings. So this info is not really helpful most of the time. I, for one, am not going to sit and read through hundreds of rave reviews. Who can even be sure the reviews are from real users at all? People will, of course, use sneaky tricks in the ratings to promote their business.
I prefer to take a look at the 1 and 2-star ratings instead. Hopefully, the plugin will have fewer of these! Bad reviews can reveal how criticism is dealt with. Is the author of the plugin quick to respond and address the issue? And if so, how? Does the interaction remain professional or turn ugly? This often says much more than a review like "Amazing plugin! Highly recommended".
You can completely ignore the average rating for very new plugins with just a few reviews. When there are fewer than 50 reviews, the fluctuations are still far too high. Taking a closer look at the ratings will give you a better picture. When are the ratings from? Did the plugin perhaps only have teething problems at the beginning and they've long been resolved?
The majority of all infected WordPress installations are caused by security holes in (often outdated) plugins. So it doesn't hurt to check if this plugin has had or still has security problems. You can search the plugin's name in Sucuri's database to see if there are any issues. For example: https://wpvulndb.com/search?text=yoast.
If you can't draw any conclusions from the information you've collected so far, you're going to have to dig a little deeper. So let's follow the links we can see. At the end of the plugin page, you'll find the item "contributors & developers" with links to the profiles. Here you'll find other plugins including their rating and number of active installations. You'll also see what other projects the developers are involved in and this will help you develop a picture of the plugin. Especially if you find the author has other well-rated plugins that have been installed many times.
Many of the larger plugins in the official directory that have been around for a while and are constantly being updated use the freemium model. They have a free version and also a pro version with more features or more designs, depending on the type of plugin you're dealing with. These plugins are often the better choice as they're built on a business model that finances further development and support.
Free plugins, on the other hand, are often made by individual developers who don't always have the time to spend on their plugin. There are also associations of developers, like the Plugin collective. Among other things, this collective supports the popular plugins Antispam Bee and Statify. But even that is no guarantee that a plugin will be continuously updated.
As if often the case in life, you may also encounter black sheep among the WordPress plugins. There are freemium plugins, for example, where it's not even worth using the free version because the functionality is so limited. Unfortunately, the only thing you can do is carry out thorough tests with the plugin in a separate test environment.
If you decide to go for a premium plugin, it's worth taking a closer look at the payment model. It's certainly a good thing for your wallet if you only have to make a one-off payment. But it's not necessarily a good thing for the developer. The whole thing is therefore only worthwhile for them if more and more new customers buy the plugin. But that also puts much higher demands on the support they need to offer and this is how you can easily destroy a plugin's success.
Here the situation also needs to be assessed carefully. Is it a complex plugin that needs to be constantly updated to keep up with the technical innovations? Then a subscription model is completely okay and justified. If, on the other hand, the plugin is just a nice little gimmick and it's only needed as a small additional function, then a one-off payment seems more appropriate.
First of all, you shouldn't rule out the possibility the problem is located 30cm in front of the monitor. The better plugins usually have good documentation in, for example, the plugin description or FAQ section. This documentation often includes images, screenshots, and sometimes even videos. Occasionally this information is so complex that the whole thing has been moved to a separate website. In any case, this is your first starting point. Maybe the problem really is just an operator error!
Test any changes you've made before going live so you don't end up with problems later on. In the best case, you'll have set up your own test installation for this purpose. Maybe on a subdomain, or in a staging.
Here you can check plugin conflicts, performance problems, and any error messages before you start. Does the PHP version cause problems? Does something appear in the error log? Is the website suddenly extremely slow? It's best to test all this before it affects your live website.
Tip: Check out our article How to Solve Common WordPress Errors where we show you step by step how to eliminate four of the most common WordPress errors.
What can you do if the damage has already been done? For these scenarios, there's the Health Check & Troubleshooting plugin. In troubleshooting mode, you can disable all plugins just for the admin and switch to a default theme. Then you can reactivate the theme and the plugins one by one and track down any plugin conflicts causing issues.
If this doesn't help, the next step is the support forum. Sometimes support is provided elsewhere, just follow the information in the plugin description.
Do make sure you try to get support first before you leave a bad review. If you're lucky, you might get a helpful answer and you can change your rating. The developer will be happy and it will help others who are also trying to weigh up using the plugin.
Neither this article nor the "life" of a plugin will last forever. Even the best plugins are sometimes sold, have security holes or the company behind them has problems. So even after successfully choosing, installing, and using a plugin, you should still keep an eye on its progress.
Are updates still being published? Is it plugin still compatible with the current WordPress version? If you have problems here, you should think about exchanging the plugin. But this is hardly likely to happen as you'll have been following all the tips in this article 😉
How do you go about choosing your plugins? Do you have other methods? Is there anything else to think about? Or have I forgotten an important criterion? Feel free to let me know in the comments!