On WordPress plugins
What is a plugin?
WordPress plugins are collections of code developed by 3rd parties. Free and paid versions are available, often offering similar features.
Paid plugins try to appeal to the broadest possible audience by adding more and more features as the primary method to increase revenue. Free alternatives are often not sustainable in the long run since developers do not receive compensation and eventually move on.
Plugins are purely bundles of code created and managed by others, with priorities that may not align with your own.
Once installed, plugins integrate with many parts of your website and your website can easily become reliant om them. Removing a plugin can often result in website functionality being compromised.
Value
Every WordPress plugin has a dual value.
First and foremost it is as valuable as the feature it provides. For instance, a plugin facilitating translations is as valuable to your business as those translations are.
The second value is less tangible. Plugin developers accumulate years of experience in their subject field. They have an in-depth understanding of the issues they address, often creating solutions that suit most users in most cases.
Building everything custom doesn’t only require creating the functionality itself but also acquiring this expert knowledge.
Past experience
We have been running and maintaining a substantial WordPress infrastructure for almost a decade now, encountering a fair share of challenges with plugin developers.
We have always been careful and chosen best-in-class solutions at each turn, yet virtually every plugin we’ve integrated has backfired.
- Plugins have had serious security vulnerabilities without providing patches
- Plugins have transitioned from one-time purchase to expensive subscription models
- Plugins with local content editing switched to data exfiltration and off-site editing
- Plugins ceased support for critical sub-features we relied upon
- Plugins have ceased compatibility with our hosting environment
These events are always massively disruptive because they force us to rebuild and repopulate entire websites to rid ourselves of problematic plugins.
Forced updates
Any WordPress site is build around 4 components:
- PHP, the primary programming language
- WordPress itself, the core software
- A collections of plugins
- Your theme (site appearance and layout)
To have a fully working site all these parts must to be in sync and need to work together harmoniously.
Given that security patches are mostly exclusive to latest versions, there’s significant pressure to always keep everything up to date.
A plugin that is abandoned or becomes too pricey, poses a security risk. Keeping it stagnant implies freezing the entire ecosystem, leaving other components vulnerable, missing out on needed security patches.
Risk management
The decision to install a plugin, essentially boils down to risk management.
- What is the worst outcome of choosing A over B?
- What is the best outcome?
- How do these weigh up against one another.
Potential negative outcomes of installing a plugin:
- A security breach
- A privacy breach
- Needing to rebuild your site code
- Needing to repopulate all content
The cost of handling these often demands time and resources, with costs running into hundreds of hours.
Benefits of installing a plugin:
- A core feature is developed and maintained by experts at a minimal cost
- A manual action is automated for content editors
In a hypothetical scenario:
- Plugin cost: free
- Value of feature: €1000
- Cost of custom solution: €2000
- Potential costs:
– Privacy related breach: up to 4% of global turnover
– Site rebuild: ±50% of initial development cost
– Editorial work: €50 per action
| Best case | Worst case | |
|---|---|---|
| Plugin install | free | 50% development cost and 4% of turnover |
| Custom development | €2000 | €2000 |
| Editorial work | €50 / action | €50 / action |
The extremely low upfront cost of a free plugin must be weighted against these other factors. A free plugin is often the most expensive route.
Custom development
In contrast to plugin installation, custom development always implies a higher initial investment.
This higher upfront cost needs to be weighed against significantly lower maintenance expenses and negligible risk.
Every feature we create is built to withstand the test of time, drawing upon years of experience in creating and hosting sustainable WordPress websites.
In conclusion
We acknowledge that some plugins are needed and useful, but we are extremely cautious when considering adding additional ones.
We will almost never install plugins purely for editor convenience, given that these never provide sufficient value for their potential associated risks.
We will however happily aid and advise you on achieving your goals. This might be through training and guidance or custom development, depending on your specific needs.