What is a WordPress Plugin?
WordPress is a robust and highly customizable platform that began as a simple way to start a blog on the internet, which eventually turned into one of the most powerful blogging and content management systems in existence.
So how did it get here? Plugins!
What is a WordPress plugin? Plugins are essentially extensions to the core of WordPress. They allow you to add specific features or customization that isn’t normally included in the default installation. Plugins range from as small as allowing you to add your Google Analytics code, to very robust plugins like Advanced Custom Fields that allow you to change the way your posts work and filter.
How do plugins work?
WordPress is built in a way that allows developers to “hook” into the core of WordPress in order to create either actions or filters, to change/modify the way certain events are handled.
What do I mean when I say hook into the core? Essentially, it means that WordPress allows developers to write their own custom code and insert it either using one of WordPress’ two hooks. First, there is an action, which allows you to execute code when a WordPress code function executes, such as when a user logs in. Secondly, there is a filter, which allows you to modify text before it gets displayed to the user or before it gets entered into the database.
Why is this useful?
With over 50,000 plugins available, there had to be a way in which plugins could be compatible with each other when you needed to edit the same core function such as the login function. Hooks allow you to essentially add your own code into the function, while not overwriting the core functions itself, or conflicting with other plugins that are accessing the same function.
Should I use plugins?
Plugins sound great, but are they the best option for you? It really depends. We’ll go into a little bit more detail on the pros and cons of both depending on your situation.
First of all, plugins can be super useful for smaller development budgets, or for users that like to build their own sites with little to no programming experience. Most plugins cost only a few bucks and usually come with 6 months of support.
Two things that the user has to be concerned about when using plugins are (1) security and (2) the fact that some plugins have far too many features that you really don’t need, making them too complicated for the average user.
On the security front, whenever you download a plugin or 3rd party source you always run into the possibility of opening a backdoor. Take for example the Zero-day bug in the WP GDPR Compliance plugin. It was a bug that started 3 weeks ago and has allowed people to essentially install a backdoor to your site allowing anyone to change the default role for new accounts to an administrator. Once the hacker has an administrator account, your site is now open a multitude of other problems.
See: Zero Day In Popular WordPress Plugin Exploited in Wild Take Over of Sites
However, there are things that you can do to protect yourself. My first recommendation would be to only install plugins that are continually updated and have dedicated support. These plugins tend to be the most secure and well-tested before being launched to the public. These plugins are usually the most compatible when WordPress gets updated which reduces security/compatibility issues.
Secondly, for someone with little to no programming experience, complex plugins can sometimes be quite confusing if you don’t understand the basics of what’s going on in the backend and may require you to pay extra money to help get it set-up and working properly. Then if you need to add extra customizations to the plugin you may be required to pay more money, which at this point, you may have been better off developing a custom solution from the beginning.
At the end of the day, if it makes sense in your budget and you are not as technically skilled, you may save yourself the headache of trying to do it yourself and get a custom solution to your website. Otherwise, play around and download some plugins! There are over 50,000 to choose from that all do something different.
My final recommendation to you is if you are going to download plugins then your best bet is to make sure that you have things in place that allow you to recover if an attack ever does take place, such as keeping backups, making sure plugins/WordPress is up to date, and by only installing plugins that you or the community trusts.