When creating your website, you want a long-term solution that will meet your needs for years to come. Most websites are not static entities and need regular attention — as the content grows and changes, your audience (hopefully) increases, and new and unexpected needs arise. Whether you’re building your site for the first time, relaunching, or restructuring, the functionalities you implement today will impact the performance and maintenance of your site well into the future.
When evaluating a plugin that you’ll potentially use on a site, there are a number of things you want to keep in mind. The most important are security, performance and scalability, customization, and maintainability.
Performance and Scalability
There is a widely believed myth in the WordPress ecosystem that the number of plugins installed on your site will hinder performance. This isn’t quite correct; 1,000 small, performant plugins won’t impact your site as much as one plugin that has issues. When dealing with large and high-traffic sites, any change in performance will be multiplied quite a few times over. A personal blog with a few hundred visitors taking an extra half second to load isn’t that big of a deal, but if you have a million visitors each month, you’re now looking at over five days of loading across those visits!
Front-end versus back-end loading
There are two things to consider when evaluating plugin performance — which assets get loaded on the front end and what happens on the back end. Quite a few plugins will bundle their own scripts and styles, sometimes loading them on every page. This process adds extra requests for each visitor. (And some plugins will do this whether or not the asset is even necessary!) Extra requests aren’t the worst thing (especially when they’re minified and cached), but it’s worth taking the time to see if you can disable that loading and move the needed styles into the existing stylesheets that you’re loading.
Pro tip: You can use tools like Pingdom, GTMetrix, and Google Lighthouse to evaluate the front-end speed or Query Monitor and New Relic for the back end. This way, you can assess page speed and performance on your site both with and without the plugin.
Database reads and database writes
Your website performance will also be affected by database reads (which retrieve stored information) and database writes (which update or add information).
Ideally, you want a plugin that interacts efficiently with the database. While auditing the code, take note of any
WP_Query calls. Anytime something gets read from the database, there should be limits on it. Grabbing all the posts on the site and looping through them will be fine on a brand-new site with little content, but as your site grows, that query’s performance will suffer dramatically.
There are some arguments that can be passed to
WP_Query in WordPress to improve query performance. If you see any of them in use, the plugin developer is probably trying to query the database efficiently:
fields: By specifying only the fields you need, you can reduce the amount of data retrieved from the database, leading to improved performance. For example,
fields => idsretrieves only post IDs,
fields => [id, post_title]retrieves post IDs and the post title, and
fields => allretrieves all fields (default behavior).
posts_per_page: This argument allows you to limit the number of posts retrieved. By specifying an appropriate value based on your requirements, you can reduce the database load and improve query performance.
no_found_rows: By default, WordPress performs an additional query to calculate the total number of found posts. If you don’t need the total count, setting
no_found_rows => truecan avoid this extra query and improve performance.
Sometimes large or inefficient database reads are unavoidable. In those cases, the results should be cached so that the slow query doesn’t have to be run as often.
Any plugin that writes to the database often (especially from the front end of the site) will quickly cause a strain. Database writes from the front end can cause the page to take longer to display. These delays will compound with more traffic. On high-traffic sites, database writes could also happen multiple times because another session thinks the update has not happened yet. Database writes should happen in the admin dashboard where there is less traffic, or via the WP-CLI command line utility. Database writes from the WP-Cron scheduling system may be okay if your hosting platform has implemented a server-side solution for running these scheduled tasks. If not, the previous issues with delays and multiple writes could apply.
Making sure your plugins can scale
Scalability goes hand-in-hand with performance. As your site grows in size and traffic, small issues will multiply, so building a highly performant and efficient site from the beginning is key. In addition to examining front-end assets, ask yourself the following:
- Will the plugin continue to work well as your site grows in size and traffic?
- What are the potential bottlenecks and limitations?
- Can the plugin be easily scaled across multiple sites or installations?
Another component of scalability is how many plugins you must keep updated and stay familiar with. If you use the same plugins on multiple sites, then you can gain more experience and expertise with those particular plugins — versus having to figure out a different set of plugins for every site you work with.
Similar to performance and scalability, assessing customization functionality is a key part of ensuring your plugin can continue to meet your needs as your site evolves.
- Does the plugin offer enough options to customize its functionality to your specific needs?
- Can you easily style the plugin to match your site’s design and branding?
- Is the plugin developer-friendly? (Can you easily extend its functionality through custom code?)
Good plugins will provide WordPress hooks, which allow you to customize how certain data is processed or add custom code when certain actions occur in the plugin. A good example of this are the Action and Filter Hooks available on our Publish to Apple News plugin. These filters allow you to customize all aspects of the article before it’s sent to Apple News, to perform additional actions when certain conditions are met, or to display additional content in the admin interface.
Like any good software, plugins need to be maintained. Look for plugins that are updated and supported regularly with well-written, highly-transferable code. Making sure your site is equipped with well-maintained code will allow you to make modifications and improvements over time more seamlessly.
When evaluating plugins to meet a specific need, prioritize smaller, focused plugins over ones that seem to do everything. A complex plugin with many features will have many potential attack surfaces. If 90% of a plugin contains features you don’t need, you’re better off extracting that 10% you do need and using it as a base to build a new one.
If you find an issue with a plugin, check the plugin documentation to see if the plugin authors are open to pull requests to fix issues or add enhancements. If they are, you can make your changes available to all users of the plugin. This is one of the great things about open-source software.
If the authors aren’t open to pull requests, but the software is open-source, don’t be afraid to fork the plugin! Using an existing plugin as a starting point for customizations and modifications gives you a great head start compared to writing one from scratch. If you do plan to write it from scratch, you can still use the codebase for reference and inspiration.
When it comes to website security, ensuring that all installed plugins are secure should be a top priority. Given the popularity of WordPress and its widespread use, it’s important to recognize that the more high-profile the site, the greater the likelihood of being targeted. Therefore, utilizing tools such as PHPCS, WordPress VIP coding standards, PHPStan, and linting can be helpful in identifying any potential vulnerabilities in a plugin. Additionally, it’s crucial to evaluate how often the plugin is updated and how responsive the developers are to security concerns. Even if a plugin has had past security issues, timely and thorough patching can indicate a responsible approach to security. In general, it’s best to opt for plugins that are frequently updated and prioritize security concerns rather than those that don’t.
Plug in to what works for you
Creating a website is not a one-time task; it requires continuous updates and improvements. In assessing the specific needs of your site, you can compare and contrast a variety of plugins (or potentially fork plugins to suit your particular objectives) — all without causing waste or compromising site performance or security. Plugins play a crucial role in the long-term (and short-term!) efficacy of your site, so evaluating them carefully at the forefront will help ensure a successful implementation that will serve your site for years to come.