One of the great things about WordPress is the plugin ecosystem. At the time of writing, over 40,000 plugins exist in the WordPress Plugin Repository, adding loads of additional functionality. However, using plugins is not as simple as installing them and forgetting them. While many WordPress plugins are easy to setup and use, there are some general best practices that should be observed when working with the plugins on your WordPress site.
1. Only use the plugins you need
While it’s tempting to install a bunch of plugins, you should carefully consider if a plugin is in fact necessary before using it. You may find that another plugin you have already does the thing that another plugin does, or realize that perhaps it’s best to implement that new functionality in your theme. Using only plugins that are necessary helps keep your site clear of cruft and prevent potential conflicts with other plugins or a bad plugin update.
2. Keep your plugins up to date
The vast majority of security threats that affect plugins apply to older plugin versions. For instance, a plugin might have a vulnerability reported that affects version 2.x, while the latest plugin version is 3.1. If you hadn’t been updating the plugin and were still running the 2.x version, you would be potentially affected by that vulnerability. At TitanHost, we handle updating plugins, themes, and WordPress core for our customers, so it’s a no brainer! The trick is making sure that any premium plugins (i.e. plugins you pay for in some way) have a valid license to receive updates. Free plugins can always be updated from the WordPress Plugin Repository, but premium plugins will require a license to receive updates (and usually support) for the plugin.
3. Remove plugins you aren’t using
Whenever you have a plugin that you aren’t using, be sure to Deactivate and Delete it from your site. Just because a plugin isn’t active doesn’t mean it can’t be exploited as a security risk on your site. You can always reinstall the plugin later if you intend to use it, so if you’re not going to be using it, remove it!
That said, if you need to deactivate a plugin for a short while but absolutely plan to keep using it, keeping that plugin up to date is your best recourse. However, you should regularly review your deactivated plugins and make sure you’re not keeping anything around that doesn’t need to be there.
Do you have any best practices you apply with plugins? Let us know!
If you’d like to not worry about handling plugin, theme, and WordPress core updates for your sites, check out our Managed WordPress Hosting plans!