So you’ve finally decided what the focus of your website should be and are ready to set up your WordPress install. You now need to select your theme and a series of plugins to build upon the core functionality you get from WordPress out of the box. With thousands of options to choose from, getting a plugin or theme that will not blow up and bring your site down is a challenge.
There are a few steps you can follow to ensure you have good quality WordPress Plugins for your site. Even if you aren’t a developer and can’t understand a single line of code, using these guidelines as a rule of thumb will give you some level of security.
These are the steps I take when helping my clients decide whether to adopt a plugin or not.
1. Check What Others Have To Say
With close to 40,000 plugins at the time of this writing, WordPress.org offers the ability for users to rate plugins. In the early days, it was possible to select the number of stars for a plugin without commenting on it. To make things fair for authors, people now have to state why they are casting their votes and the authors have the chance to defend themselves, if needed. Plugins with too many low-star ratings should raise a red flag, as long as the comments actually make sense. Be careful of detractors that are only out to troll authors without actually trying to provide constructive criticism.
2. Authors Should Provide (Fast) Support
WordPress.org also offers support forums where users can ask authors for help. Some authors choose to provide support on their own sites. Personally, I think this is valid for paid plugins, but free plugins support should be kept where the free plugins are downloaded. Look for how many resolved topics there are in the recent past, and the time it takes for authors to reply. Authors get notified of new topics immediately, and should have a good reason to not reply within a reasonable time frame.
3. Plugins/Themes Should Be Updated Frequently
Let me take a poetic license here… Code is a Living Entity. There’s seldom such a thing as writing a plugin and never touching it again. It is virtually impossible for any piece of code to not need updates from time to time. With the wide variety of environments out there, there’s bound to be a scenario where a bug patch is needed. Also, WordPress.org is always releasing new updates to the core, and plugins and themes need to keep up. The plugin page will tell you when it was last updated, and up to which version of WordPress it has been tested with.
4. Check For Coding Best Practices
Granted, this part is a bit harder to do if you are not a developer. There are, however, a few things you can look for to identify a well written piece of software. You can find the source code in the “Developers” section of the plugin page in WordPress.org.
Code is like a house – Keep it clean or it’ll become full of bugs. Proper spacing and indentation helps developers to easily understand what each part of the code does, as well as the intention of the previous developer when writing that piece. Another thing that helps understand code is commenting. If you look at the core WordPress files, you’ll see that they went to great lengths to properly document what each piece should do. No author remembers EVERYTHING they had in mind when writing code. If they say they do, run away – they’re either lying or they’re dangerously smart and might try to take over the world.
Object Oriented code is a Good Thing – Gone are the days when people could write code without structure. If you see words like class, static, public, private, protected, or extends, it is quite likely that the developer knew what s/he was doing. For the simpler plugins, this might be overkill as it usually comes hand-in-hand with more files and folders and it might be like killing a fly with a shotgun, but the danger of PHP is that it is so easy to use that it becomes easy to write BAD code.
Closing PHP tags are tricky – PHP comes with open and close tags, respectively. Any white space after a close tag will be rendered by the web server, many times prematurely. If you see errors such as ‘headers already sent’, the culprit is likely to be white space after a closing PHP tag. Using closing tags at the end of a PHP file is not only unnecessary, but frowned upon. It’s better to see a comment indicating the end of file, than an actual closing tag.
Code should be tested – There are several techniques to test software. WordPress comes with a suite of test files that run via phpunit, a robust PHP testing tool. Plugins and themes should be tested, too. Look for a directory called ‘test’, or simply ‘t’ containing at least one PHP file.
Even if you follow all of these steps to the letter, you might still come across a bug. However, it is much less likely to happen and, if it does, you should be able to get fast support from the author. After all, you did follow step 2, right?