The Problem With WordPress Plugins

Hey there! This article pairs well with our newer post, 9 Best WordPress Plugins for Business Websites

We’re a WordPress web design and development agency, so we know a thing or two about WordPress plugins. We love them — plugins make all of our roles easier, from content strategy and writing blog posts to design and development. The problem with WordPress plugins is that they can be both wonderful and harmful.

They can simplify almost any coding process, and are extremely customizable, especially if you know how to manipulate them. But they can also really mess up your website if you don’t exercise caution when installing and maintaining them.

There are tens of thousands of WordPress plugins available. With the majority of them being free, the temptation to install and try out as many as plugins as possible can be irresistible. That’s one itch you should scratch carefully, to protect your company website.

What are WordPress plugins?

Plugins increase functionality. Like an app for your phone, plugins enhance the the things your site can do, making it stronger for those who use it. Your website is built on large pieces of code (CSS and HTML), and plugins are extra bits of code added to the base code to easily add new capabilities.

Why are WordPress plugins harmful?

Plugins are harmful because they tend to be unregulated, especially the freebies. Creators build plugins with the best intentions (in most cases), but many plugins are forgotten and left without updates to address changes to WordPress, security, and other big issues. As the plugins become stale, they also become more vulnerable to harmful to things like spambots, crashes, and brute force attacks.

What to check:

Negative points aside, WordPress plugins are wonderful tools that can do amazing things. Our team recommends using trusted plugins to give your site the best custom capabilities possible. There are things you can check to make sure your chosen plugin is safe.

  1. Last update date: Be wary if the last update for a plugin was over 6 months ago. Think about the number of times you get asked to install updates on your phone, laptop, or browser. The more technology grows, the more frequently it needs to be updated, right down to the plugins.
  2. Ratings: A 5-star rating is obviously your best bet. If you’re considering a plugin with a lower rating, read the reviews and look for warnings. As with any review, sometimes a negative rating resulted from someone misusing the product or misunderstanding directions — but sometimes it’s a serious red flag.
  3. Number of downloads: There is safety in numbers, especially if it’s free.
  4. Creator: Is it a reputable creator that has built some of your other favourites, or does the username look suspicious?
  5. Free vs. licensed: Most of the time, paid plugins stay on top of updates. Payments incentivize the developer to maintain their awesome product.

How to install a WordPress plugin

Step 1: Click “Plugins” from the left menu bar in your WordPress dashboard

Step 2: Click “Add New”

Step 3: Search for your desired plugin by title or topic

Step 4: Click “Install”

Step 5: Click “Activate”

Step 6: Find your new plugin on the sidebar, and edit away!

Which WordPress plugins should I use for my site?

Here some of Forge and Smith’s favourite trusted WordPress plugins, or you can visit our 2019 list of the best plugins for business websites.

  1. Yoast SEO – This plugin helps you improve and optimize almost everything for your SEO. It also solves problems you didn’t anticipate, such as allowing you to set social sharing images specific to each network so that your content always appears correctly when shared on social media. Check out our other post: How to Use WordPress SEO by Yoast
  2. Askimet – This plugin scans your comments for spam, and if you have pages that where users can comment, its likely you will get spam. Askimet should come automatically installed with your WordPress site, but if it isn’t, we definitely recommend adding it. You’ll need to activate it with an API code.
  3. Advanced Custom Fields – ACF makes the process of building a custom site easier. This plugin is targeted toward more advanced WordPress users. You can easily set up the custom fields, but in order to manipulate them you will need to know a bit of PHP. See how our team improved ACF with a new Component Field Add-On.
  4. Gravity Forms – This plugin allows you to quickly create a basic contact form using the editor. It makes it a snap to design custom forms to capture leads and drive conversions.
  5. Social Warfare – This is a wondrous tool that lets you create custom social sharing buttons that fit your site’s aesthetic. From organizing your most popular social blog posts to analytics integration, it’s a safe tool that can have great benefits for your social referral traffic.
  6. VaultPress – This plugin backs up your site and all of its precious data for you, in addition to doing daily security scans and offering one-click fixes. This plugin is a must.


Hopefully this helps you navigate your way through the sea of WordPress plugins. Exercise the same caution with plugins as you would with opening emails with strange subject lines. Don’t let low-quality or malicious plugins undo all of your hard work.