web analytics

WordPress Plugins should be Regulated


As someone who maintains hundreds of WordPress blogs for myself, friends, and clients, the number 1 problem that I’ve always encountered and have given me tons of headaches and sleepless nights are WP Plugins.

Wp PluginsHundreds of plugins, dozens of WP versions and varying webhost/server environment can give you thousands of possible ways to screw up your blog and your web host. Add to the fact that these WP plugins are always in development with newer bug fixes or compatibilities being released constantly, one can only imagine how much of a headache this is.

Here are a few of the weird things and problems I’ve encountered:

  • Poor coding and half-baked plugins can strain the server especially if it makes multiple instances of mySQL requests for every page load.
  • Plugins requiring you to make files/folders writable — prone to hacks!
  • Plugins that modify or extend default WP tables — you’re likely to screw a new WP upgrade that modifies these tables.
  • Plugins that eat a ton of database space — I’ve seen the WP-Shortstats plugin raking in 500MB of DB space.
  • Plugins that are not compatible or doesn’t work well with other plugins.
  • Plugins will similar names but are actually developed by different developers.
  • Plugins that have not been updated for a long time and no longer worked well with newer versions of WP.
  • Plugins that are created by malicious people trying to get backdoor access to your account/blog.
  • The installed plugins just grows and grows in the blog that running all of them could be like running a 100 plugin-free blogs.
See also  WordPress 2.3 Dexter: Major Update, Major Headache?

Just look at the official WP forums and all you’ll read about are problems related to plugins. It’s nice though that the recent version of WP has that nice “plugin update alert” for latest versions.

Realme Philippines

Because installing a plugin on a WordPress blog is so easy that everybody who knows FTP can just install anything they liked. However, that also opens it to a lot of wide-open doors to tragedy.

First, most bloggers don’t really know the inner workings of WP, much more PHP or mySQL. They’re not familiar with phpMyAdmin which comes with their control panel. Half the time, problems are caused by bloated DB tables.

See also  Shuttle Project: WP Admin Panel Redesign

Second, there’s an activate/de-active option inside WP Admin but the deactivate option does not actually un-install the plugin. Deactivating a plugin does not really excuse it from being the culprit. Plugins should have un-install options. Some are really hard to un-install manually, like that WP Cache and its variance.

Lastly, there’s no quality control. If Matt was kind enough to weed out sponsored themes from their Themes DB, I guess he can do the same with plugins.

See also  Are bloggers allowed to remove free WP Theme links?

What I meant by regulating the plugins is adding a stamp of approval for “quality-coded* plugins. At least, bloggers will know what they’re getting into when they install their next plugin.

P.S. You can Digg this post to get more attention from the WP development community and Automattic.

Avatar for Abe Olandres

Abe is the founder and Editor-in-Chief of YugaTech. You Can follow him on Twitter @abeolandres.

5 1 vote
Article Rating
Notify of
Inline Feedbacks
View all comments
Blogoloco - Win $250
14 years ago

excellent post Abe. Pag libre, you don’t get it all in one package.

Blogoloco - Win $250
14 years ago

That’s what we get for free.

14 years ago

Isn’t being hosted in wordpress.org/extend already a form of imprimatur that, yes, WordPress recommends this plugin?

Looking at the conditions for being hosted there — it has to be GPL, it must not do anything “naughty” — WordPress core developers could probably raise the bar (yes, something akin to Mozilla QA sounds nice).

But in the end, since it’s open source, why not let the community decide (you know, lots of eyeballs on the code)?

14 years ago

This is a good start of something definitely positive in the WP community. Perhaps we should all blog about this as well. Like a campaign or something similar to the call for adhering to web standards.

Oh wait, there goes an idea for niche blog! :P

Shutter Box Philippines
14 years ago

I’m not familiar with expression engine but I guess they should check out what the drupal community is doing. even the codes of submitted drupal plugins are audited to mae sure that it follow secure coding guidelines and it wont’t break drupal.

14 years ago

I was also thinking of writing something like this but I’m glad you did it. You’re right about this. WP should do something like Firefox does to it’s extensions or addons. When you install a Firefox extension you get that message telling if the extension is certifed by Mozilla or not. I really think this should be done to eliminate plugis with malicious code and to prevent further or future problems. Good post Abe! :)

14 years ago

Exactly, I once build a site based on a plugin that eventually became obsolete once a new WP version came out. Lesson learned, don’t build a site based on a plugin unless it’s “big” & supported like PodPress.

14 years ago

Yeah and before Automattic certifies the plugin, it should be a must that it should indicate at which WP version it is compatible, or better yet provide different plugin versions for different WP versions. :D

14 years ago

some of them are not even protecting their plugins folder

14 years ago

Hmmnnn…. WP should be the QA for these plugins, review bugs, check for vulnerabilities and have them fixed. Once tested and certified OK, then that is only the time users like us should download the plugins and use it for our blogs.


14 years ago

Hmm.. adapting Expression Engine’s attitude on addons/plugins would be nice.

Would love your thoughts, please comment.x