Every time you choose a WordPress plugin, you are potentially introducing security vulnerabilities and unknown incompatibilities into your website. The WordPress community puts an enormous amount of trust in WordPress plugins built by people we do not know. Therefore it’s a good idea to do some vetting before deciding to use a plugin. Here are some simple checks and signs that you can trust using a specific WordPress plugin.
Is the plugin author active in the support forums?
If the plugin author is active in the support forums, then you can feel more confident that if a problem arises there will be someone there to help.
There are many ways to kill a website, a small PHP syntax error is one of them. Plugin authors don’t intentionally break websites but some negative feedback in the support forums can hint towards shonky and potentially dangerous development practises. A plugin author’s development practices will continually improve over time though as people learn from their mistakes and find better ways of doing things.
Does the plugin have documentation or a dedicated website?
If someone has spent the time to put together documentation and/or a dedicated website for a WordPress plugin, it’s a good sign they care about the people using it.
Does the plugin feel like it oozes quality?
You should always test a WordPress plugin on a local site or staging area before using it. The user experience of a plugin should give you a good indication of the underlying quality of the product.
Is there a proper changelog?
Check that plugin changes are properly documented and explained to a level of detail you can understand. If changes are vague, then you do not know what you are subscribing to. You must know what changes have been made before updating a plugin, otherwise you have no idea what can go wrong.
If there’s a blog post about a major plugin change, then this is a very good sign that the plugin author is trying to help you understand what changes have been made.
The changelog also tells you whether the plugin has been actively maintained or not. Simple plugins may not require many updates. But in general it’s a bad sign if a plugin has not been updated for a long time.
Is the plugin’s compatibility kept up to date with the latest versions of WordPress?
It’s a good sign if the plugin author has updated the plugin readme to support the latest version of WordPress, simply because the plugin author has remembered to do it.
Is the plugin author highly reputable?
You should be right if the plugin author is highly reputable. Similarly it’s an excellent sign if the plugin has been downloaded a lot, has a lot of 5 star ratings and has an active fan base.
Is the plugin well coded?
If you’re tech savy, a quick inspection of the code will help you understand the quality of the plugin. The code should be easy to read with a consistent coding style. Bad code is a sign that not enough care and attention has been given to the quality of the plugin. A poorly coded plugin will be difficult to maintain.