What would WordPress be without plugins? Over 50,000 plugins are available in the official directory. But when you're looking for the right one, it's like searching for a needle in a haystack. This article will help you find the best plugins so your WordPress and WooCommerce projects remain as secure as possible.
There is, of course, no guarantee that these tips will always help you choose the right plugins. But you'll certainly hit the target more often. So let's get started! We'll begin with a seemingly easy enough question:
Where can you find WordPress plugins?
There is, of course, the official directory WordPress .org. And marketplaces like CodeCanyon by Envato - who also run ThemeForest . Or various smaller shops for individual Plugins. Developers can also find Plugins at Github. But for automatic Plugins an extra extension is needed. And not every Plugin supports this technique, so this is something for advanced users.
Let's start with WordPress.org. The search function for plugins in this directory is unfortunately really, really poor. There's only a full-text search and a tagged keyword search. So you can't filter by the number of active installations, number or level of ratings, compatibility, number of solved support questions, or anything else for that matter.
What is missing above all is an assignment to other Plugins. Thus, it is not possible to search for Plugins in a standardized way, which complements other extensions - such as WooCommerce or Contact Form 7 - complement each other.

Often this works via suitable tags, for example /plugins/tags/woocommerce/. But not always. Or the search results also contain unsuitable Plugins. For an initial inventory, it therefore does no harm to first start a Google search.
Tip: There are various "best of" collections for most use cases, often they are renewed annually. You can use them as a good starting point for the selection of your plugins. Alternatively, you can search in a pre-selection like the Tidy Repo.
But the best tip is yet to come:
Nothing beats a direct recommendation!
The most promising leads to good Plugins come from talking directly with the community. At WordCamps and local meetups, you can describe your requirements in detail. And above all, you can ask questions there. This is the quickest way to find a suitable Plugin.

Sometimes Meetups also host Plugin rounds, where good Plugins is collected. Nice summaries can be found on the blogs of the Meetups Hamburg and Stuttgart. Speaking of Stuttgart: In November, WordCamp Stuttgart will take place there - with lots of talks and tips on good Plugins!
Assessing the quality of a plugin
So now you've got a load of plugins to choose from and hopefully a clear idea of what functions you need. A checklist with all the required features would be ideal. And now? How can you separate the wheat from the chaff?
When was the last update?
I don't follow any set-in-stone rule regarding the last plugin update, I just use my common sense. A plugin whose latest update was over seven years ago is obviously out of the equation. Unless, of course, the plugin is so simple that it consists of only a few lines of code and the filter used hasn't changed for seven years. It helps to take a quick look at the support forum. Has this question been discussed before? And if so, was it answered by the author? Or by another member of the community?
The date of the last update is one of the most important indicators of whether a plugin is being actively developed further. But if a few months have gone by since the last update, I wouldn't give up on the plugin just yet. There are many more factors that can shed light on a plugin's usefulness:
How many active installations?
The number of installations is another indicator. Few installations are not necessarily a sign of a bad plugin. Is the plugin perhaps very new? Or is the function only interesting for a very pointed target group? So this value should always be seen in context. On the other site hundreds of thousands or millions of users clearly speak for the fact that a plugin is popular and has already convinced others.
Not everyone is familiar with this additional source of information, for example: On the right side of the sidebar, there is an "Advanced View" item. There you can find the infographic "Growth of active installations", with a history of installations. So you can easily recognize "dying" plugins.

With which version compatible?
The information on compatibility also helps you get a feeling for the quality of the plugin. The version should of course always be one of the latest WordPress versions. Even slight delays are fine as long as the plugin doesn't have major issues. Check for any such issues by taking a quick look in the support forum.
How does the support look?
Some plugins may have been very popular in the past with a huge number of downloads but the developer has since stopped publishing any updates. Perhaps the technology is outdated or the feature has already been incorporated into the WordPress core files. Take a close look at the plugin description. The support forum can also reveal important information: Are there threads on there about the status of the plugin? Have any questions been left unanswered or are all the questions from years ago?
Good reviews vs. bad reviews
Star ratings only give you a vague impression of the plugin quality. Most plugins that offer paid (pro) versions are constantly asking the users of their free version for 5-star ratings. So this info is not really helpful most of the time. I, for one, am not going to sit and read through hundreds of rave reviews. Who can even be sure the reviews are from real users at all? People will, of course, use sneaky tricks in the ratings to promote their business.

I prefer to read through the reviews with 1 to 2 stars. Those are fewer at best. And they reveal how criticism is handled. Is the author/writer of Plugins prompt to respond? And if so, how? Does it become unkind or remain professional? This often says more than a "Great Plugin! Would recommend." - with no further indication.
For very young Plugins with few reviews, you can completely ignore the average. With under 50 evaluations the fluctuations are still much too high. Here only a precise sifting helps. When are the ratings from? Did the Plugin perhaps only have problems at the beginning, but which have long since been solved?
Is the plugin safe?
The majority of infected WordPress installations are caused by security holes in (often outdated) Plugins. So it doesn't hurt to check if Plugin had, or still has, security problems. A search in the Sucuri database for the Plugin name will reveal any problems. For example: https://wpvulndb.com/search?text=yoast.

Is the developer of the plugins trustworthy?
Just when the data found so far does not allow clear conclusions, you need more data. So let's follow the links that are still offered to us. At the bottom of the plugin page is the "Contributors & Developers" section with links to the profiles. Here you can find the other plugins, if any, including rating and number of active installations. Also the other activities of the developers. This usually gives a better view of the plugin. If you know that the author has other plugins that are very well rated. And which have high installation numbers.
Free or "Premium" - how sustainable is the plugin?
Many of the larger plugins in the official directory that have been around for a while and are constantly being updated use the freemium model. They have a free version and also a pro version with more features or more designs, depending on the type of plugin you're dealing with. These plugins are often the better choice as they're built on a business model that finances further development and support.
Free Plugins , on the other hand, often comes from individual developers who sometimes don't have time for their Plugin . There are also associations of developers, such as the Plugin Collective. Among other things, it maintains the popular extensions Antispam Bee and Statify. But even this is no guarantee for the permanent development of a Plugins.
And as is often the case, there are also black sheep on the other site . Freemium-Plugins, which are so strongly limited and thus "crippled" that the free version actually makes no more sense. Unfortunately, only an extensive testing of the Plugins, in a separate test environment helps here.
Subscription or one-off payment
If you decide to go for a premium plugin, it's worth taking a closer look at the payment model. It's certainly a good thing for your wallet if you only have to make a one-off payment. But it's not necessarily a good thing for the developer. The whole thing is therefore only worthwhile for them if more and more new customers buy the plugin. But that also puts much higher demands on the support they need to offer and this is how you can easily destroy a plugin's success.
Here the situation also needs to be assessed carefully. Is it a complex plugin that needs to be constantly updated to keep up with the technical innovations? Then a subscription model is completely okay and justified. If, on the other hand, the plugin is just a nice little gimmick and it's only needed as a small additional function, then a one-off payment seems more appropriate.
Where can I turn if I have a problem?
First of all, you shouldn't rule out the possibility the problem is located 30cm in front of the monitor. The better plugins usually have good documentation in, for example, the plugin description or FAQ section. This documentation often includes images, screenshots, and sometimes even videos. Occasionally this information is so complex that the whole thing has been moved to a separate website. In any case, this is your first starting point. Maybe the problem really is just an operator error!
"Test who binds himself forever, if not something better can be found!" Or to put it another way: Test the heck out of it before going live, so that there are no problems later. In the best case you have set up your own test installation. Maybe on a subdomain, or as a staging environment.
Here you can check plugin conflicts, performance problems, and any error messages before you start. Does the PHP version cause problems? Does something appear in the error log? Is the website suddenly extremely slow? It's best to test all this before it affects your live website.
Tip: Read also our article How to solve WordPress errors. In it, we show you step by step how to fix four of the most common WordPress errors.
And if the child has fallen into the well? Then there's the site health-Plugin. With the troubleshooting mode you can deactivate all Plugins for the admin only and switch to a default theme. After that you can reactivate the Plugins and the Theme individually. This way you can track down a Plugin conflict.

If that doesn't help, then the support forum is the next step. Sometimes support is also available elsewhere. Just follow the information in the plugin description.
Only if all this doesn't help, you can leave a bad review. If you're lucky, you'll get a helpful answer - and you can adjust your rating afterwards. This makes the developer happy. And it helps other Plugin-seekers in the assessment of the Plugins...
Nothing lasts forever
Neither this article nor the "life" of a plugin will last forever. Even the best plugins are sometimes sold, have security holes or the company behind them has problems. So even after successfully choosing, installing, and using a plugin, you should still keep an eye on its progress.
Are there still updates? Is the plugin still compatible with the current WordPress version? If you have problems here, then you should think about replacing the extension. But with the tips from this article, this is hardly the case 😉
How do you go about choosing your plugins? Do you have other methods? Is there anything else to think about? Or have I forgotten an important criterion? Feel free to let me know in the comments!