The statistics of WordPress vulnerabilities show that plugins account for the vast majority of all vulnerabilities. That’s why you need to be careful when choosing what to install. Let’s discuss what particular steps you need to take to make sure the plugins for your WordPress website are trustworthy and won’t do your data any harm.
Check the number and rating of users
This is one of those cases in life when the popular opinion does mean a lot. The first thing to do is check the plugin’s wordpress.org page and click on the Reviews section.
If the majority of users rate the plugin 4 or 5 stars and leave glowing reviews, there’s a good chance you’re good to go. Also make sure to scroll through the 1-star reviews: those who encountered malware or whose website crashed after installation are very likely to voice their experience to warn off potential users like you.
Another criterion to look out for is the number of active installations. Unless you’re testing out an entirely new plugin from a really reputable company, the number needs to be at least a few thousand. Speaking of reputability, if you have the time to dive deeper google the plugin creator, ensure it has a well-written and designed website, open about its location and terms and policies.
Take a look at some user reviews
Sometimes user ratings alone aren’t enough to make a fair judgement whether or not a plugin is trustworthy or not. Some of the best WordPress plugins are usually good to go, but in cases where the 5-star rating just isn’t enough it would do you well if you read some of the reviews left by the plugin’s users.
To get an overall sense of these reviews, try to go over some of the highest rated ones, and some of the lowest rated ones. These two alone generally aren’t an accurate representation though.
As you go about reading the reviews, try to find some common points of concern shared between all the reviews. These recurring concerns usually depict a better picture of what’s actually wrong with the plugin, which should help you figure out whether the plugin’s trustworthy or not.
Make sure it’s up to date
Plugins are always a work in progress; there’s always a bug to fix, an incompatibility to sort out, a new WP version to work with, etc. That’s why it’s crucial for all your plugins to be up to date. Check the “Last updated” field of the plugin on its wordpress.org page.
If it’s recent – within a month will do – that means the developers are working to keep it up to date. Another thing to check is the “Tested up to” field. If it is tested up to the version of WordPress you’re running, it’s another indication that things will go right upon installation.
Avoid nulled plugins
Nulled plugins are pirated versions of premium plugins and, no matter how tempting it may be to run them, you probably shouldn’t. A lot of nulled plugins contain malicious code that can give hackers access to your admin account or steal your website data. Further, they can embed spam links in your website pages, damaging your SEO rankings.
Besides, nulled plugins don’t get updated, don’t offer any customer care in case you have an issue, and often lack documentation.
If these arguments are not convincing enough, you should consider the ethical implications of endorsing pirating and thus stalling innovation. Moralities aside, just think about how if you want a functional tool without risks nor a super short shelf life for your website, it’s best to avoid nulled plugins entirely.
Skim through WP-related forums/websites
WordPress as a platform owes a lot to its substantial and flourishing community. Before settling on a plugin, it pays to check its wordpress.org Support section, as well as any independent lists of the best options for the functions you are looking for.
Most of the time a simple Google search of the plugin name will result in a number of analyses by different reviewers and discussion forum threads that you can take into account when making your final decision.
A good tip from Chloe Brittain of Opal Transcription Services is that plugin developers often have websites with an About Us page that you can trace them back to. From there, you can often get a good sense of whether the developer is trustworthy by how long their website has been around, what kind of an online and social presence they have, those who endorse them (brands, bloggers, etc.), and how authoritative their site content is.
Really you can’t go wrong with a little bit of background check, looking at the company and developers behind the plugin and any products that they have developed in the past, as well as their reputation in the WordPress community as a whole goes a long way.
In some cases you can even read comparison articles if you’re deciding between a few options. Just make sure it’s not sponsored content or a particular company’s bias.
Test it out with a trusted tool
There are quite a few websites – “sandboxes” – where you can try and test any WP plugin no strings attached. For example, with Addendio or Poopy.life you can try them all online. When it comes to seeing how the plugin works by itself, its interface and functionality, these tools can definitely give you an enlightening look from the inside.
However, a big disadvantage of these is you test the plugin out on a default website, instead of your own so incompatibilities with your particular website will become clear only after actual installation.
Another important point to keep in mind is that since plugin security issues are quite common, a lot of the best security services are already wired to reveal plugin vulnerabilities. With 10Web security service, for example, you can scan your website any number of times and immediately find out if a plugin is causing trouble or undesirable file changes. In the premium version you can easily recover your original files.
Try it out on a staging site
A staging website is an exact copy of your website, except it’s not live. It’s like your personal sandbox where you can test out anything without consequences. There are plenty of lengthy articles on how to create a staging website, but if you already have a 10Web account, your staging site is up and ready and a click away.
Feel free to install your plugins on it and, if you check with the security service and everything seems to be running fine when you test manually, just push it back live with another click.
Make sure it has awesome support
The customer care service that a plugin’s provider offers is an important indicator of how trustworthy they are and, by extension, the plugin itself. Ideally, you should shoot a question to the developer and see how quick and thorough the response is.
After all, if something happens to your website at a later stage, this is the team that is supposed to understand and help you out, accept or refuse a refund request, work to solve any larger underlying issues. Short response time and resolution time are signs of a reputable company and a good plugin choice.
Just go with a unified service
As you can see, making sure your plugins are trustworthy takes a lot of time and effort. Not to mention the plethora of other significant factors you need to take into account, from pricing to bugginess to proper documentation and interface. Given that your website will require 25 plugins on average, the work can be overwhelming.
You should consider making one big choice to trust just one company with all your WordPress website needs. This article goes into more detail and provides data to make the case for a single unified solution.
If you do decide to go with an all-in-one service instead, definitely consider 10Web, the only WP website building, hosting and management platform out there.
We have pretty much everything – SEO, backup, security, image optimization, website builder, hosting, themes, over 50 premium plugins and more – under one umbrella and with one dedicated and prompt customer care team.
Got burning questions regarding all things WordPress? Throw them our way in our WordPress Family Facebook Community and we’ll answer them for you.
Wondering what’s the difference between WordPress.org and WordPress.com? Here are the top 10 reasons why WordPress.org is better than WordPress.com.
This is a step-by-step tutorial for beginners on installing a WordPress plugin. Soon after you install WordPress, you’ll find out that for a lot of functions your website needs plugins. Wanna display your photos in neat galleries, sell directly from your site or integrate social media sites? Forget “There’s an app for that.” In the WP universe, it’s “There’s a plugin for that.” But before you can use the exact right plugin for the task, you have to install it. You can go about it a couple of ways. Here goes: 1. Install a Plugin Using WordPress Plugin Search This method only works for free plugins, the only ones that show up in the WP repository. To install a plugin using WordPress plugin search, click on the “Plugins” to the left of your WP dashboard and click “Add New:” Then search for whatever it was you were looking for in…