Woman typing on laptop with notepad and pencil on desk

There are tens of thousands of different plugins available for WordPress. Some are amazing, well supported, and secure. Others are not supported at all and should not be used on your site. How do you determine if a plugin is good? Read on to learn a few things you can look at to help you tell if a plugin is good.

Finding Plugins

Your search should almost always begin by searching the WordPress plugin directory. The plugin directory is a moderated collection of plugins that developers can submit their plugins into. WordPress has a team of volunteers that review the plugins for security and best practices before allowing the plugin to be in the directory.

There are two main ways for you to search within the directory. The main way is the way you probably are already finding plugins. In your admin dashboard, there is a “Plugins” menu with an “Add New” page. This page searches the directory.

Screenshot of the "Add New" page inside the "Plugins" menu showing a search field and 4 recommended plugins

Alternatively, you can go to the WordPress.org plugins page and search there.

Screenshot of the WordPress.org plugins page showing a header that says "Plugins" and a search box for searching for plugins

Either way, the search process is the same. You can enter what you are looking for and get a list of plugins to choose from to install. All of the plugins in the directory are free and many have paid premium versions.

Sometimes, you will want to go outside the directory to find the plugin you need. This is not recommended unless there is no good option in the directory. If you do go outside the directory, search reputable marketplaces, such as CodeCanyon, or get referrals to reliable developers. You can also find beginner-friendly WordPress tutorials and plugin reviews on the WP Glob blog.

Never go to a search engine, search for a plugin, and install from a random site you find. A plugin has code that runs on your site. So, a malicious developer could add code that opens your site to hacks or steals data. Plugins in the directory and reputable marketplaces are reviewed and scanned to ensure they are good. Plugins you find from a search engine almost never can be trusted on their own. If you find a plugin outside of the repository and marketplaces, always do your research and ask reliable WordPress users before installing the plugin.

Evaluating a Plugin

Once you find a plugin that you are considering installing on your site, there are many things for you to consider. You want to make sure the plugin is secure, supported, and high-quality.

Ensuring a plugin is still supported, secure, and high-quality before you install it on your WordPress site is something you should do for every plugin you install! Click To Tweet

There are a few things we can look at to determine if the plugin you found is a good choice. All of these will be present for the plugins you find in the plugin directory. If you find a plugin elsewhere, such as in a marketplace, you may have to do a little more research.

Screenshot of the add new plugin page after searching for survey showing two plugins

To get to most of this information, click on the plugin’s name or the “More Details” link when searching in the directory as shown in the image above. This will open a screen that gives a description of the plugin and a lot of the information we will go over as shown in the image below.

Screenshot of the popup that appears when clicking the more details link. Shows plugin name, description, information, and links to other relevant details


Is it compatible with your version of WordPress?

The very first thing you want to check is if the plugin’s developer says the plugin is compatible with the version of WordPress your site is using. If the plugin is not compatible with your site’s version, it could lead to errors or even crash your site! Luckily, if you are searching in the plugin directory, this is easily determined.

Since WordPress is updated regularly, it is possible that the developer has not had a chance to update the listing to include the most recent version. So, a good rule of thumb is to make sure that the “Tested with” value is within the last few WordPress versions.

For example, if you are running WordPress 4.9, it is very likely that a plugin tested to WordPress 4.8 will work fine. However, if a plugin is only tested to WordPress 4.5, I would advise not installing it on your live site.

When was it last updated?

The next thing to look at is when the plugin was last updated. Depending on the type of plugin, there are a few timeframes that you can consider as good. If a plugin is updated regularly, this indicates the developer is still working on the plugin. So, if a security vulnerability is found, there is a better chance the developer will quickly fix it.

If the plugin is something simple, such as a highlighting shortcode, it is okay if the plugin is not updated regularly. If the plugin states that it is compatible with your version of WordPress, I would be okay if it hasn’t been updated in a few years.

However, if it is a more feature-full plugin, such as an eCommerce or Form plugin, you want to see it updated more regularly. Normally, I refrain from installing plugins that have not been updated within the last 6 to 12 months.

How many sites use it?

If you come across a site that is used on a very small number of sites, it is possible that it has problems that no one has discovered yet. In contrast, a plugin that is used on millions of sites has been tested on enough sites to know that it is probably secure and reliable. Of course, some plugins you find may be newer or not as widely needed so it is okay if the plugin is not used on as many sites as another plugin you use.

If the plugin you find is used on less than 500 sites, make sure to review the other items in this article before installing it.

Are questions in the support forums being answered?

When reviewing the plugin, you want to determine if it is still supported and if there is decent support. If the plugin is still supported, it is more likely a security vulnerability will be fixed in a timely manner. Additionally, in the event you need support, you want to know that the developer will be there for you.

To determine this, we can look at the support forums. For plugins in the repository, each plugin has its own support forums. In marketplaces, the plugins, normally, also have their own support forums. From the popup on the add new plugin page, you can click the “WordPress.org Plugin Page” and then the “Support” link on the plugin page to get to the forums. Browse through the forums to see if there are any questions within the last few months. Were these questions answered? If so, how fast were they responded to?

If the plugin you are evaluating has several questions within the last few months that have not been answered, it may not be regularly supported.

What do the reviews say?

Lastly, we want to look at the reviews for the plugin. Reviews are a great way to see what other users thought of the plugin after they installed it on their site.

Screenshot of the reviews tab in the plugin details popup

Look at some of the recent 4 or 5-star reviews. Then, look at some of the recent 1 or 2-star reviews. See what the common positive feedback was and what the common negative criticisms are. If you see negative reviews referring to security or performance, this would be a bad indicator.

Next Steps

When looking at the plugin, it is okay if not all of the points above meet the standard. For example, if the plugin is a basic tweet shortcode plugin, it is okay if it hasn’t been updated in a while. Or, if it is a newer plugin, it is okay if it is not used on a lot of sites. The goal is that the plugin meets your standard for most of the areas above.

Once you find a plugin you feel is good quality, the next step will be to install it and see if it meets your needs. If it does, great! If not, continue your search or ask another WordPress user. With over 50,000 plugins in the plugin directory and many more in marketplaces, there is a plugin out there that fits your needs!

This quiz is no longer available.

2 Comment

  1. InfoSeeker

    How does your plugin determine if there are vulnerabilities with any installed plugins?
    How does it determine if the plugin is still being supported?

    Those are the TWO main features I am considering your Premium offer.

    thanks in advance.

    1. Frank Corso

      Hey InfoSeeker!

      The vulnerability check looks up the version of the plugin you are using in several databases that include all reported vulnerabilities.

      The plugin being supported check reviews when the last time the plugin was updated and what version it has been tested with to make an assumption if the plugin appears to be supported or not. We are adding in responses to the support forums of the plugin in the near future to add more indicators as some plugins do not require regular updates.

      Let me know if I can answer any other questions! Also, we have a live chat widget where you can chat with us if you have any questions. Normally, it is located in the bottom-right corner. You may need to turn of Adblocker to see it if you use one as the chat widget sometimes gets caught in those.


Leave a Reply

Your email address will not be published. Required fields are marked *