Introduction
WordPress is by far the most used web builder on our hosting platform. The majority of our support work is concerned with performance or incompatibility issues relating to plugins. This guide explains when to use and not use a plugin, and provides you with a link to plugins with known security vulnerabilities.
When Should I not use a Plugin?
Plugins provide extra functionality for your website. However, the more plugins you add the more you reduce the performance of your website, and you are also more likely to leave it open to vulnerabilities, either now or in the future. More often or not, many of the features provided by plugins, are already provided by your web host. If this is the case, you may as well let your web host do the work, rather than your website. Certain groups of plugins seriously degrade the performance of your website – backup plugins for example. Where possible , if you need to use these, you should schedule them to run at off-peak times.
Left Over Plugins
These are plugins that may have been installed by a previous web host and in many cases are proprietary to their platform. You should always remove these, if you transfer your website from one web host to another. As part of our free website transfer service, we check these for you and remove any plugins that are not required. Other plugins are those that you have used to help you migrate your website – such as a migration tool. Once you have used them, remove them. You can always add them again in the future if required.
One Off Plugins
These are plugins that you use to perform a specific task and then never use again. Many modern themes, for example, include “installer” plugins, that after their first use, do nothing and just take up valuable performance. You might also have installed a migrator plugin or an import plugin that you only use once or very rarely. It is always best to remove them.
Caching Plugins
Caching plugins can improve the performance of your website, by pre-building the pages, so the web server has to do less work when the site is busy. However, ironically, caching plugins are quite resource heavy too. If you are on a basic hosting package and your website is small and simple with small images, you may find that having a caching plugin actually slows your site down! As your website grows, and becomes more complicated, you will most likely get the benefit of a caching plugin. The point is, you don't always need one.
Multiple Caching Plugins
Many people believe that if they increase the number of caching plugins, they can increase the performance of their website. This is an absolute no no. Multiple caching plugins will conflict with each other. At best your site will slow down and at worst it will not work at all. You will also find that pages won't update correctly and navigating your site becomes terribly confusing. Stick to one tried and tested caching plugin if you need to use one.
Pixel / Google Tag Plugins
These plugins basically take up a lot of space to do a very simple task. If you need to add a Google Analytics Tag, Facebook Pixel or something similar to your website, this can usually be achieved using your theme. Without impacting on your website performance and security at all. In order to help you along the way, at Hipposerve we can help you add any tags you require to your website too, to avoid strenuous plugins.
When to Use Plugins
You should use a plugin when you can not get the functionality required elsewhere, or if it is not included in the core WordPress Build, or your Theme. However, you should always do your research and not just choose the first plugin you come across. The things to check when choosing a plugin are:
- The last time it was updated – if it was last updated 5 years ago, it probably is no longer maintained. It may not be fully compatible with the current version of WordPress, or it could be full of security vulnerabilities.
- The reviews Read these carefully, did people face any problems? What was the support like?
- The plugin website – check the support area forum and read through some comments
- Check the features – How does Free differ from the paid version—There is nothing more frustrating than installing and configuring a plugin only to find you have to pay to get it to do what you need it to do.
- Check alternatives—The one with the prettiest icon, may not be the best one!
- Check The WordPress Plugin Vulnerabilities Database – This lists all plugins that have any current security issues.
Keep Them Updated
It is very important to keep your WordPress installation, themes, and plugins up to date. Vendors will patch and improve plugins regularly to fix security issues and make them perform better. If you don't have the time or inclination to update your website, Hipposerve Offers a Managed WordPress service, which not only keeps your website up to date, but also includes a nightly off-site backup with 30 day retention.
Backup Plugins
Website backups are essential and many of our customers like to keep a backup of their website; which we encourage. However, WordPress Backup plugins need to be used with caution. These plugins are very resource intensive, both in the amount of disk space they use and the amount of server resources they require to produce the backup. If you set them to back up your website every 5 minutes, you will find that your website grinds to a halt. We have found that it is best you have your website backed up once a day, during off-peak hours (for example, 3am in the morning). This gives the backup the best chance of succeeding and doesn't affect visitors to your website. At Hipposerve, in common with most hosts, we specifically disallow backup files from being saved onto your web hosting space. The reason for this is twofold.
- Backup files are huge and by storing them on your website you breach our fair use policy as it will have an adverse impact on other users of our service.
- Incestuous backups (backups stored where the live website is) is very bad practice. You need the backup if your website goes down or if the server fails. If the server fails, you will not be able to access your backup!
Backup files stored on any of our shared services are automatically removed periodically without notification. If you really do need to store backups on your server space, you should purchase a Hippo Business Pro or Hippo VPS option, where you can manage your own performance and space. You should therefore store your backup on an external service. If you are unsure how to do this, we offer an excellent nightly backup service which has a 30-day retention and is stored externally in an encrypted form. Details for this can be found here.
Does Hipposerve Ban Certain Plugins?
No, we have made the decision to allow all plugins on our services, as some customers may have legitimate reasons to be using older, or high resource usage plugins. However, this is always done at the website owner's risk, and we strongly recommend that they check The WordPress Plugin Vulnerabilities Database to ensure that it is safe to use. We also reserve the right to request that users, purchase our Hippo Business Pro or Hippo VPS plan, if any website plugin they use adversely affects the other customers on the shared hosting service. This is part of our "Fair Usage" policy.