WordPress Plugins should be Regulated
As someone who maintains hundreds of WordPress blogs for myself, friends, and clients, the number 1 problem that I’ve always encountered and have given me tons of headaches and sleepless nights are WP Plugins.
Hundreds of plugins, dozens of WP versions and varying webhost/server environment can give you thousands of possible ways to screw up your blog and your web host. Add to the fact that these WP plugins are always in development with newer bug fixes or compatibilities being released constantly, one can only imagine how much of a headache this is.
Here are a few of the weird things and problems I’ve encountered:
- Poor coding and half-baked plugins can strain the server especially if it makes multiple instances of mySQL requests for every page load.
- Plugins requiring you to make files/folders writable — prone to hacks!
- Plugins that modify or extend default WP tables — you’re likely to screw a new WP upgrade that modifies these tables.
- Plugins that eat a ton of database space — I’ve seen the WP-Shortstats plugin raking in 500MB of DB space.
- Plugins that are not compatible or doesn’t work well with other plugins.
- Plugins will similar names but are actually developed by different developers.
- Plugins that have not been updated for a long time and no longer worked well with newer versions of WP.
- Plugins that are created by malicious people trying to get backdoor access to your account/blog.
- The installed plugins just grows and grows in the blog that running all of them could be like running a 100 plugin-free blogs.
Just look at the official WP forums and all you’ll read about are problems related to plugins. It’s nice though that the recent version of WP has that nice “plugin update alert” for latest versions.
Because installing a plugin on a WordPress blog is so easy that everybody who knows FTP can just install anything they liked. However, that also opens it to a lot of wide-open doors to tragedy.
First, most bloggers don’t really know the inner workings of WP, much more PHP or mySQL. They’re not familiar with phpMyAdmin which comes with their control panel. Half the time, problems are caused by bloated DB tables.
Second, there’s an activate/de-active option inside WP Admin but the deactivate option does not actually un-install the plugin. Deactivating a plugin does not really excuse it from being the culprit. Plugins should have un-install options. Some are really hard to un-install manually, like that WP Cache and its variance.
Lastly, there’s no quality control. If Matt was kind enough to weed out sponsored themes from their Themes DB, I guess he can do the same with plugins.
What I meant by regulating the plugins is adding a stamp of approval for “quality-coded* plugins. At least, bloggers will know what they’re getting into when they install their next plugin.
P.S. You can Digg this post to get more attention from the WP development community and Automattic.