January 24 2019

Best practices for choosing and managing plugins on WordPress

How to choose suitable plugins for WordPress without worries and nasty surprises.

Plugins are the backbone of WordPress sites. If you want to add a contact form or an eCommerce store like WooCommerce for example, the plugins are always there to help.

But despite the essential role they play, plug-ins are also the WordPress components that are most likely to become "wrong" and highly problematic.

Since the plug-ins are made by independent third parties, they can open the door to all kinds of security and compatibility issues.

That's why there are some best practice for the plugins you need to follow when running a WordPress site.

These best practices include tips on choosing plugins, how to analyze their performance, and how to properly manage them once they are part of your site.

Regardless of the type of site you're working on, here are the best practices to follow when working with WordPress plugins ...

Please note:, because choosing the right plugins makes the difference between a site that works and a site that does not work, a site that needs a dedicated server for 500 euros per month, and one for 10 euros per month to run. In short, we understood each other.

How to choose the right plugins for installation

The WordPress core team has made it incredibly easy to install plugins nowadays. This is a double-edged sword though because it means you can install new plugins without thinking twice.

Don't - put some effort into using quality plugins on your site.

Some of the tips in this section might seem a little basic, but I think they're still important to cover.

1. Consult the wisdom of the crowds

Popularity doesn't always mean quality, but it's still a good place to start when looking for a plugin.

That is, if you are staring at a plugin that has been downloaded 500.000 times and another that has only been downloaded 3.000 times, the previous plugin will probably be the best option most of the time. Probably, definitely not.

WordPress.org shows this information in the right sidebar:

Envato instead also publishes sales numbers in its sidebar:

2. Check the date of the last update

This is another tip that is always valid in a good general guideline, but it is not an absolute rule.

Most of the time, you want to see that a plugin keeps getting regular updates to make sure it's compatible with the latest version of WordPress.

This doesn't mean that a plug-in that hasn't been updated is always bad - sometimes a plugin "works" and doesn't need updates.

But unless you are aware of looking at the code yourself, it's hard to know if this applies to your chosen plugin.

So if in doubt, it's important to see a recent update date.

Again, both WordPress.org and Envato show this information in the sidebar (shown above).

3. See what the reviews say

For any experienced copywriter who creates perfect sales copy that makes you want to buy and install the plugin right away, there will be a review where those who bought and used it will be willing to tell you all the potential flaws of this plugin.

Check with reviewers and reviews before choosing a plugin.

Again, both WordPress.org and Envato make it easy to access third-party reviews.

4. How responsible is the developer?

Beyond reviews, another good way to gauge the quality of a plugin (at least on WordPress.org) is to look at the support forum.

It's a good sign to see that the developer is actively resolving support requests:

Note, however, that some developers only handle support requests on their website via tickets. So check if this is the case before saying that the support is unresponsive or inefficient.

5. NEVER use Nulled plugins. I said NEVER.

If you've ever searched for a premium plugin in Google, you may have noticed that Google's automatic search feature almost always suggests "plugin_name nulled" as a query:

This means that there are many people looking for nulled (ie cracked, pirated) themes and plugins ...

In case you are in doubt, know that canceled plugins are a horrible idea. Unlike their legal (but ethically questionable) cousins, GPL Clubs, nulled plugins are full of malware and other vulnerabilities.

This means that what you think is a way to save money will cost you a lot more at the end of the games. Just don't - there are plenty of free, quality alternatives to choose from in place of a nulled plugin anyway.

6. Use a sandbox tool such as Addendum to test plugins

Found a plugin that meets all of the above points? Before installing on your production or staging site, you can do a quick test in a sandbox thanks to tools like Addendum or Poopy.life.

Addendum allows you to start a sandbox with the plugin already installed (if it's listed on WordPress.org), while Poopy.life allows you to create a sandbox empty where you will have to manually install the plug-in:


How to choose the correct number of plugins (or why there isn't one)?

Once you know how to choose quality plugins, let's move on to the next question:

How many plugins should you use?

Contrary to often repeated advice, too many plugins won't slow down your site.

But too many plugins slowing down your site… will VERY slow down your site.

What I mean is that there is no direct relationship between the number of plugins you have installed and the speed of your site.

Some plugins will essentially have zero effect on the speed of your site, while others may cause a noticeable slowdown. You could have a hundred of the first ones without problems, but only one of them is bad and devastating to the site and to the performance.

So how do you know which plugins are slowing down your site? Here are two suggestions:

7. Use the P3 plugin (Plugin Performance Profiler)

This is a good example of how a plugin that hasn't been updated in a while can still work great. P3 (Plugin Performance Profiler) hasn't been updated in three years, but the plug-in still works fine (at least in my experience - some reviewers point to problems with plugin detection).

All you do is run the test. Then, P3 (Plugin Performance Profiler) will give you a beginner's look at how your plugins affect your site's performance, as well as how individual plugins perform:

8. Go to the Waterfall (use GTmetrix)

Another way to capture slow-loading plugins is to look at the Waterfall tab in tools like GTmetrix or Pingdom.

While the information isn't as detailed and requires a higher level of technical knowledge to interpret, you can spot plugins that slow down your site with slow requests.

Just run the performance test as usual. So, look at the Waterfall analysis chart and hover over long prompts to see if any plugins are slowing things down.

I've pointed out a couple of the more obvious WooCommerce requests below so you can see how it works in general:

How to securely update plugins to keep things working?

If you want to keep your WordPress site secure, keeping your plugins up-to-date is an absolute necessity.

In a Wordfence survey, plug-ins accounted for 55,9% of compromised sites where the respondent knew how the hacker was gaining access . Similarly, Sucuri found that three outdated plugins accounted for a huge percentage of hacks.

Suffice it to say that you need to keep your plugins up to date. Here's how to do it safely:

9. Read the change log to check for any problems

Many people are unaware that this feature exists, but it is a great help in uncovering potential problems with a new plugin update.

Whenever the update request appears in your WordPress dashboard, you can click the View Version X details link to view a change log for the latest update:

While the depth of this change log depends on the developer, it can help you pinpoint specific areas to test after updating the plugin.

10. Use a staging site to check for compatibility issues

A staging site is a fantastic tool for testing plugin updates before sending them to your live site.

Combined with the change log information, you can quickly run relevant functionality on the staging site to make sure there are no issues.

Then, once you run a test, you can safely update the plugin on your live site.

The easiest way to access a staging site is to choose a managed WordPress host that offers that functionality. But if that's not an option, the WP Staging provides a smooth, host-independent implementation.

What to do with the plugins you no longer want?

Just like ~ 50% of marriages end in divorce, there will come a time when they decide to break up with one of your plugins. To take a break, here are two more best practices to complete this post.

11. Don't leave unused plugins on your server

This is simple:

If you are not actively using a plugin (and have no plans to use it in the future), delete it.

Here because:

Even when a plugin is disabled, all that code is still on your server.

Many malicious attacks target specific PHP files that are included in a plugin. So even if you disabled the plugin, those attacks could still access PHP files.

So if it is not used, get rid of it .

All you have to do is press the button Delete in the WordPress dashboard and this should delete all plugin files. But…

12. Also remove the database tables.

Sometimes the Delete button doesn't delete all traces of a plug-in from the server.

Often, plug-ins will leave behind records and data that clutters the database.

While you can manually remove these tables if you are familiar with phpMyAdmin, a more user-friendly approach is to use the premium version of the plugin Advanced Database Cleaner . Specifically, you are looking at the categories related to orphan options or orphan tables.

Final thoughts on WordPress plugin best practices

By following these best practices for WordPress plugins it's not particularly difficult or technical, but it can have a major effect on the stability and functioning of your site in the future.

Just remember to:

  1. Please check plug-ins and test properly before installing them
  2. Analyze how plug-ins affect page load times after installing them
  3. Securely (and quickly) update your plugins
  4. Properly delete unused plugins

If you do these steps well and carefully choose the plugins you will install, you may not even need us as the site will be beautiful and snappy on its own. In case you have problems, remember that we are there to solve them.

ok man


Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.


Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.


Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds holds the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV Hetzner Online GmbH owns the rights to Hetzner®; OVHcloud is a registered trademark of OVH Groupe SAS; cPanel®, LLC owns the rights to cPanel®; Plesk® is a registered trademark of Plesk International GmbH; Facebook, Inc. owns the rights to Facebook®. This site is not affiliated, sponsored or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a trademark registered at European level by MANAGED SERVER SRL, Via Enzo Ferrari, 9, 62012 Civitanova Marche (MC), Italy.


Would you like to see how your WooCommerce runs on our systems without having to migrate anything? 

Enter the address of your WooCommerce site and you will get a navigable demonstration, without having to do absolutely anything and completely free.

No thanks, my customers prefer the slow site.
Back to top