A Word About Plugins

So you want to install a plugin on your blog

Plugins can be a great way to add functionality to your WordPress blog. They are also the number one way that malicious actors can gain access to your blog. The consequences of this range from having your site defaced, having your data compromised, or losing your data altogether. In our shared environment here at ECU, this can also potentially affect all of the other blogs that your blog shares space with.

Troubleshooting broken blogs often leads back to a malfunctioning plugin. The more plugins that are enabled, obviously the longer this troubleshooting process will take. So before you decide to activate a plugin on your blog, take some time to consider the implications of this decision.

Plugins can be poorly programmed

Who wrote that plugin?

Anyone can write a plugin and put it on http://wordpress.org. This can lead to issues in many regards.

  • Did the plugin author write the plugin to be used in a multisite environment?
  • Did the author ensure that the plugin doesn’t have a security compromising bug in it?
  • Does the author regularly update the plugin to ensure compatibility with the newest and most secure version of WordPress?
  • Does the author answer help requests/bug reports?

All of these questions need to be answered to ensure compatibility, both today and moving forward.

Plugins are often abandoned

This can lead to security/compatibility issues

I am a web developer. I have worked with many different technologies throughout my career. Had I written a “plugin” (essentially a group of programming files that do some specific function) in one of the technologies that I no longer use in my capacity here at ECU, there is a good chance I would have abandoned that plugin, having moved on to other technologies.

Had someone used this hypothetical plugin that I programmed 6 years ago, and abandoned 3 years ago, there is a good chance that there would be security vulnerabilities in it by now. If it was a module/plugin for a framework (like WordPress), there is a good chance that some of the built in functionalities that the framework offered would have changed by now, and my plugin might not work at all, or even worse, expose vulnerabilities in the framework.

Plugins often conflict with each other

Plugins are created in a vacuum

So, I created this plugin, that adds a carousel to the top of the page. Everyone loves carousels, right? I used some CSS styling to make it look just like I want it to. There are buttons that make the carousel move on to the next item. I put a class on the button called “next-button”, so I can style it. Anyone see where this is going?

You install my carousel plugin. You also have 12 other plugins doing various things activated on your site. One of those other plugins is a light-box. It also has a class called “next-button”. The styles for these 2 plugins are both loaded. Now things are acting strange on your blog.


Each plugin you add to your blog is another potential point of failure. They should be used with extreme prejudice. You should ask yourself the following questions before you decide to activate/request a plugin on your blog:

  • Is this requirement absolutely necessary?
  • Is there no other way to accomplish the desired outcome?
  • Is this plugin something that will be useful for all blogs here at the university, or is my use case very niche?
  • Is the plugin well maintained?
  • Is the plugin reputable?

Considering these factors before using a plugin will not only help you get a better sense of what it is you are trying to accomplish, but also what the best way to accomplish it might be.