Yep.
I’m gonna make a lot of people sad today. (Well, maybe I’ll sugarcoat this).
The fact is, I see way too many “top 100” “top 250” “top 1,000” wordpress plugin lists.
The unfortunate truth is, that less is more.
Here’s why.
No Quality Control
Risks of Executing Dirty “Rogue Code”
I used to have a professor who went off about “dirty code” (in a Danish accent btw); he knew what he was talking about. (Dude built the railroads bro), the fact is, how much potentially dirty code do you intend on executing on your blog?
Dirty code can refer to a lot of things; but consider the risk of negligent developers, lack of security patches, potential for vulnerabilities or even worse code that’s improperly optimized for speed.
Excess dirty code creates a bigger surface area for hackers to find vulnerabilities on your website.
Let’s face it. The risks of executing exorbitant quantities of potentially dirty code is worrisome for all of us.
There’s a saying my tinfoil hat wearing IT security nerds have; and that’s if you don’t use it lose it.
The reason for that with more redundant code comes more chances for exploits and vulnerabilities.
The Risks of Slow Website Optimization
People have such tiny attention spans now adays that you can’t give them an excuse to leave your website before it loads.
A slow webpage is like “interaction repellent”.
Have you checked your website with gtmetrix lately?
If your site is taking more than 4 seconds to load, then it sucks.
Your website sucks that is.
Risks of Cross Functionality
What are the odds of 40 different plugins programmed by seemingly random people with a questionable history of programming excellence all functioning adequately?
Setup a test blog, install 40 plugins, and see how it functions for yourself.
I bet you’ll encounter some problems.
Lack of Updates
I used to have a “hoarding” complex regarding plugins. Years later, the plugins I relied upon were old, cobwebbed, abandoned, and non-functioning (or otherwise vulnerable).
In other words, old plugins can potentially junk up an existing blog or introduce threat vectors that have since been patched. (Or should have been).
One of the greatest threat vectors in the development world is lack of updates.
In order for software to be secure it has to be continually monitored for future vulnerabilities.
In the world of wordpress plugins I’m afraid there aren’t any security protocols in place that can adequately organize the updating procedures for plugins, and in my opinion, it’s putting people at risk.
Executive Summary
The irony of all of this is that people install excessive quantities of plugins in order to solve all of their nonexistent problems, then install more wordpress plugins for the “security” of their blog. (rawful).
Guess what? – The best thing you can do for your wordpress security is keep everything up to date. Kind of difficult when you’re running dirty code from 40 different vendors with questionable cognizance of wordpress security.
Now I hate to be the plugin playa hate’a.
I love plugins; they are essential for a cool site, have great functionality, and are a blessing to people who run the wordpress content management system.
The problem becomes with the “hoarding” mentality upon which I see people asking for “the 100 best plugins for my blog”.
Plugins totally kickass.
Just don’t install them until you encounter a need.
That’s all I’m saying here.
Otherwise, you could end up like these guys.