“It’s brilliant is WordPress you can make it do anything just by adding plugins”
Except this really isn’t good practice. By adding endless plugins it’s quite easy to create a monster that becomes too big to control.
The core WordPress platform is tightly curated by WordPress.org whilst plugins can be written by anyone, to do any job or function. It’s easy to extend the functionality this way but you dramatically increase the risk of problems, clashes, security violations and server malfunctions.
Many plugins play nice and interoperate with each other but with millions of combinations available you need to stay sharp when adding, updating, removing and modifying these little beasties. Support is usually scant, and often not provided by professional companies as many plugins are written by single authors.
Getting your Plugin Policy right
If you start off with a “just say no policy” then you massively reduce the risk of problems – except that’s not very useful and misses out of one of the great WordPress features. So how about:
- Compatibility. Create a development, or staging, server that is an exact copy of your live environment. Here you can safely test new plugins – not forgetting updates to plugins. As often as not, it’s a plugin updates that becomes the root cause of an issue elsewhere
- Security. Document the potential security risks of every plugin and understand which ones are at the highest risk of causing issues. Maybe use a service to watch and check your site, Securi is quite good.
- Why? Check the validity of why the plugin is needed, if the rationale is at all flaky then just say no. If you’re a WordPress Agency like ourselves we don’t directly say no, we advise against it and/or make it clear we won’t support the plugin.
- Monitoring. Buy a proper site monitoring service such as Pingdom (we use this) so an external service can keep a close eye on the performance and availability of your site.
- Stay up to date. Make sure your plugins are kept up to date, one by one. If you find you’re doing big lumps of 50 updates then you’re not really on top of your WordPress plugin world
- Consolidate. Keep an eye on the WordPress Plugin world, from time to time new plugins come along that supersede a number that came before. Jetpack is one that comes to mind. In the Plugin world fewer is better.
- Performance. Watch out for hogs, some plugins will suck the life out of your site and a slow site is a poor swap for adding random functionality. Speed is king, especially for mobile, conversion and SEO.Stick with the majors. Using the widest adopted plugins gives some safety in numbers and (usually) a better/quicker/easier update and support path.
- Settings. Each plugin can be configured, keep the setting under control. You want the plugins to have the smallest footprint and present the least risk. Switching on all the bells and whistles just because they are there is silly.
If this sounds too hard, or to resource-hungry then you should consider outsourcing this to another organisation.
Don’t just dump a contract on your web agency, make sure whoever you use has experience maintaining and managing WordPress installations and has a focus on doing that. Just because your digital agency has a bloke called Dave who looks after “the WordPress stuff” doesn’t make them a safe pair of hands.
Ideally, your support partner would be proactive and do a lot of the work in the background to prevent issues. Maybe they have a monthly maintenance schedule to keep everything in tip-top condition. Prevention, as the adage goes, is better than cure.