Plugins, are they really necessary?
Recently, Didgeroo was asked to audit a website built by another WordPress agency.
After a comprehensive review, we decided that we could not support this website for a variety of reasons including the reliance on these plugins:
- Custom Content Type Manager contains the following malicious code:
- providing a backdoor to the site
- stealing credentials of the site users.
- Slider Revolution plugin is not required for this site. A simpler more efficient responsive slider is recommended. Additionally the Revolution Slider provided the backdoor for significant WordPress attack in 2014.
This raises the question, are plugins necessary?
For readers who are not familiar with web design terminology, a plugin is something that is used to include specific abilities and extend the functionality of a website. This in turn enhances the performance of the website. These work similar apps where one can literally plug these into one’s WordPress website. They can be free, paid or custom. In the market today, there are thousands of plugins offering all sorts of different functionalities and users are often spoilt for choice.
In addition to the benefits of plugins listed above, off-the-shelf plugins offer many more including:
- Plug-ins makes our work easy and helps us to add additional functionality.
- Free plug-ins are available which reduces one’s expenditure.
- Constant updates make sure most, if not all, exiting bugs are fixed.
- They are guaranteed to be free of viruses.
Among these advantages, there are a few disadvantages. These are:
- As demonstrated above, over time the plugin may be sold to an unscrupulous developer who injects malware into the plugin.
- Plugins that are not updated, may be be subject to known exploits thus providing the means for a hacker or bonnet to attack your site
- Some plugins provide more functionally that required and therefore bloat the size/performance of the website
To conclude, off-the-shelf plugins are a great feature to have on your WordPress because they can save significant developer time and therefore cost. However updating these plugins must be carefully controlled.
Didgeroo recommends, where possible to build custom plugins and integrate them with your source code. A custom plugins does exactly what you make them do, nothing more and nothing less. Secondly, updates and support are not as much of a concern for custom plugins.
Finally and probably most importantly, security. This is a pretty simple one. If you develop your own plugin, you know how it works better than anyone else and if you develop your plugins for a few sites, hackers won’t be looking to break it since it’s not worth breaking into something used only by a few viewers because, the amount of damage they can cause is minimal.