WordPress Plugin dilemma

When selecting plugins for your WordPress site, several support risks can arise, particularly regarding long-term maintenance, security, and scalability

We compiled a list of the usual suspects or risks, with potential long-term issues for consideration. 

To begin when selecting WordPress plugins for global enterprises or any business, it's important to consider more than just meeting immediate needs. The long-term support risks, such as security, compatibility, and sustainability of the plugin's development, should be carefully evaluated. Our goal is to choose plugins that are well-supported, secure, and compatible. While it might be tempting to opt for a 'cool' plugin, the long-term risks can be significant. 

 

Poorly coded plugins


Risk - Plugins developed without adhering to best practices or WordPress coding standards.

Potential Issues

  • These plugins can degrade site performance, causing slow load times and impacting everyone’s experience.
  • Security vulnerabilities might be introduced, increasing various risks.
  • Maintenance challenges may arise, requiring significant time on fixes or, worst case, redeveloping the functionality.


Security vulnerabilities


Risk - Plugins that do not implement proper security measures, such as input sanitisation.

Potential Issues

  • Hackers exploit vulnerabilities – think data breaches and reputational damage.
  • Legal and financial repercussions if sensitive data is exposed.
  • Frequent security patches are required – this is essential and should be incorporated into your managed SLA. 

 

Compatibility Issues


Risk - Plugins that do not integrate with WordPress updates or other key systems.

Potential Issues

  • Business-critical functions may be disrupted due to conflicts with other plugins or core updates.
  • Compatibility issues always require extensive testing and troubleshooting.
  • You may need bespoke development to resolve the issues – an unplanned expense.

 

Dependency on external services


Risk - Plugins that rely on third-party APIs or external cloud services.

Potential Issues

  • Service disruptions or changes in third-party providers can lead to functionality loss, impacting your services.
  • Dependence on external services may introduce additional costs and complexities – we monitor these as part of our SLA. 
  • Long-term strategic shifts by the third party are unpredictable and can lead to costly replacement projects. 

 

Free with limited support


Risk - Plugins offer free functionality but charge for premium support and features.

Potential Issues
  • Limited support could delay critical issue resolution – we advise against these.
  • The support model doesn’t meet your enterprise-level SLA requirements, which could result in service interruptions.
  • Unplanned expenditure - If the plugin is required, remove the risk and pay for the plugin.

 

Limited or No Documentation


Risk - Plugins with outdated or insufficient documentation.

Potential Issues
  • Inadequate documentation makes troubleshooting or customising the plugin difficult.
  • This lack of clarity may increase reliance on external support – increasing the argument to pay for the plugin.
  • Long-term maintenance is more cumbersome and is a red flag you should look for at the outset.

 

Overuse of Plugins


Risk - An enterprise website relying on multiple plugins for various functionalities.

Potential Issues
  • Possibility for performance degradation
  • The more plugins, the more support.
  • Updating many plugins is resource-intensive and requires more testing. 

 

Lack of Regular Updates


Risk - Your plugins are not regularly updated.

Potential Issues
  • The plugin falls behind on new WordPress features or updates.
  • Risks escalate if vulnerabilities are not addressed.
  • Over time, outdated plugins will require replacement.

 

Abandoned by Developer


Risk - The plugin hasn't been updated for a long time.

Potential Issues:
  • The plugin may become incompatible with newer versions of WordPress or your other systems.
  • Security vulnerabilities might not be patched, exposing the business.
  • No updates will result in features failing without any quick fix.


Our team helps our clients evaluate the plugin strategy as part of the project engagement, and we plan ahead to ensure there are no surprises.

 

Migrating to Arekibo


Where we are asked to take over the support and development of your WordPress site, our experts and support team audit your site and its plugins as part of the migration process.  
 

Additional reading - more intel on plugins
  • WordPress.org Plugin Handbook - Official guidelines and best practices for developing and maintaining WordPress plugins 
  • Sucuri Security Blog - In-depth analyses and reports on WordPress security vulnerabilities.
  • Smashing Magazine - A trusted resource for web development best practices, including WordPress plugin management for large-scale sites.
  • WP Tavern - WordPress news, including updates on plugin security and developer support trends.
  • WP White Security - Focuses on WordPress security, offering tips and insights into maintaining secure plugin environments for enterprise sites.
 
Get in touch to discuss how we can help you support and enhance your WordPress websites.

 

More from us