Dear WordPressers: Plugins are NOT Pokemon. You do not need to collect them all. Sure, I could just leave this there, but honestly, there are a lot of people, of beginner and intermediate levels that have made this mistake. How do I know? Well, part of my job is working with people to clean their hacked website or speed up their site. I’ve fixed all types of websites from all user levels, and over a decade and a half of seeing patterns.
So, I’m going to list common plugins that people collect, why you shouldn’t collect and run some of these plugins together, and then talk about how to give your site a plugin diet (a.k.a. plugin audit.) Hopefully this will help you understand why it’s important to not have a lot of plugins running.
Reasons why you shouldn’t have a lot of plugins:
- Site Speed Issues
- Plugin conflict
- Unexpected, unwanted site performance issues
- Security
Site Speed Issues
Some plugins versus others add an extra bit of overhead to your website. Some of the plugins are design to load globally, which means, even if you’re not using the plugin on a specific page, the script will still load. A plugin like Asset Cleanup can stop that plugin from loading on pages that they aren’t being used.
Plugin conflict
A lot of people accidentally double up on plugins that are doing basically the same things, and this can result in the plugin not executing the functions that they are designed to do. Sometimes they can cancel out each other or cause errors.
Unexpected, unwanted site performance issues
Sometimes adding plugins and activating them, or accidentally forgetting to remove them, may cause extra load time overhead.
Security
Even if you keep your plugins up-to-date, it is possible to accidentally forget to remove plugins that you’re no longer using, and they somehow acquire security vulnerabilities, that leave your site open to being hacked. It’s important to keep only plugins active, that you’re actually using. In some cases, there are plugins that are “use and lose”, which mean that you ONLY use them when you need to do something.
A couple strong examples of this are the WP File Manager plugin, that often is vulnerable. This plugin allows you to upload and remove files. Honestly, this plugin isn’t secure at all, and opens a hole directly to your web hosting files. Another example is changing your username. This can usually be done directly in your wp_user table, via phpmyadmin, but with a plugin called Change Username, you can change your username in your WordPress admin user profile. (Note: I didn’t link either of the plugins, as I don’t want people to install them forget to remove them.)
Most common plugins that get duplicated:
- Social sharing plugins
- Security plugins
- Pagebuilder plugins
- Contact form plugins
- SEO plugins
Social sharing plugins
There are a LOT of social sharing plugins available in the WordPress plugin repository. However, you really only need one. Having more than one can cause plugin conflicts that can hurt your search results, and even distort how your posts are shared to social media. I recommend using Sassy Social Share, if you’re looking for a faster loading social sharing plugin, that not only allows you to customize how your social share buttons look, but also does a great job in tying into your desired SEO plugin without conflict.
Security plugins
For years, I’ve been cleaning hacked websites, and installing some type of security plugin to help people have something that offers some hardening, as well as regular scanner. Some of my Internet marketing friends would always suggest installing at least 2 security plugins. That’s not necessary.
If you need something Wordfence OR Shield Security are solid WordPress plugins (again, don’t install both.) And if you think you’ve been hacked, temporarily installing and running GOTMLS (aka Anti-Malware and Brute-Force Security) is a plugin I highly recommend.
Pagebuilder plugins
Sure, they can help you design pages to look different from a normal page, but you don’t need all of them. When I have to go and optimize a site (to make the site faster) and see someone using Divi (a page builder theme), and Elementor (page builder plugin – even with Pro version), it’s one extra thing you don’t need. If you’re using Divi, use Divi and it’s page builder that goes with it. If you truly want to use Elementor, use a different theme, that’s NOT a page builder theme.
I’ve encountered people who had 4 page builders activated, and all of them in use. I had to tell them to sort it all out, choose 1, and then come back (or charge a custom project, to manually set up the page, in the page builder they finally chose to work with.)
Contact form plugins
The purpose of a contact form plugin, is to eliminate the need to expose your email address to scrapers who will collect your email address and spam you, as well as offer a convenient method for people to reach out to you. Some contact form plugins add extra load time to websites. Contact Form 7, even though it’s one of the oldest contact form plugins in WordPress, adds a lot of overhead. I don’t recommend it, and this is why.
If you’re using more than one contact form plugin, they can not only add extra unnecessarily load time to your website, but they could conflict with each other. This could result in not receiving any submitted emails from your website. If you’re using a pagebuilder that has a built in form, you will need to decide what form will offer you better options. If the stand-alone contact form plugin offers more, than do not user the pagebuilder’s option.
SEO plugins
A lot of people are focused on getting their site’s content listed as high as possible in the search engine results. I’ve seen a lot of people double and triple up on SEO related plugins. Unfortunately, this can result in conflicts.
Many SEO plugins offer Open Graph code, to allow your articles to look and list nicely on social media websites. They also have content analysis and even simple but necessary sitemaps. Doubling up on SEO plugin can sometimes result in strange and unexpected social media posts and search engine results. Additionally, it can contribute to both WordPress admin area, and frontend load time. So choose one.
Now that you know about not doubling up on specific plugins…
Make sure to go through your own plugin list, under Plugins > Installed Plugins, in your WordPress admin, and carefully look at what plugins you are using. You may need to give your site a plugin diet, in order to make sure that not only are you just using one type of plugin, but not storing any deactivate plugins, that you’ve stopped using in the past, but forgot to remove.
Hopefully this article has made you more aware of how you can make sure your WordPress site is performing efficiently and faster, and not doubling or tripling or more, in plugins that you don’t need.
Have you given your WordPress site a plugin audit or plugin diet lately?
(Image Disclaimer: Featured Image uses Cosplay Wapuu, by Michelle Schulp of Marktime Media)
Installing large number of plugins is very bad practice. The number of HTTP requests jumps dramatically and this slow down the website and database so much. Though the biggest concern is the security. Every plugin have some kind of vulnerability and JS conflicts are also highly probable.
I have been struggling with plug-ins and speed since I started my site. I found WordFence a little top heavy, although I know its the industry standard. I finally shelled for Sucurri, and its great but it, you know, 200 dollars a year. May go back to WordFence. because of this. Thank you for the informative article. Really helpful.
I recommend Shield Security and for deep malware scans from time to time, GOTMLS.
Hi Nile.
Kudos on posting an amazing article pertaining to the pokemon aspect of WP plugins.
You definitely dont need to them all.
That being said, if you are running elementor pro on your site, would the free version of elementor be redundant and can it be safely removed.
I read a lot of blog posts and i never heard a topic like this I love this topic.Very ingenious..
Hello Nile Flores,
Thanks for posting this article. I had no idea of how to keep websites safe from hacking. Now that you have shared about Wordfence and Shield Security WordPress plugins, it has really helped me in many ways.
if you are running elementor pro on your site, would the free version of elementor be redundant and can it be safely removed.
Thanks for this article Nile. I found it so useful and it gave me quite the awakening. I think that I might need to a do a little of that plugin dieting that you talked about ? Please keep it going, I’m a fan ?
Hi Nile,
It was a great article! I think you highlighted a big problem with your article! I have seen many site owners collect all plugins they are recommended and then slow their website due to them. Thanks a lot for sharing your thoughts about such an important topic. It was a great read, and I am sure will help many website owners. I will definitely hare this within my network to enlighten everyone around me.
LOL, I love the Pokemon reference. I remember when I first started using WordPress, I downloaded every plugin under the sun on my first site!!
That was quite a few years ago. I now know only to download plugins I trust and that are totally necessary. RankMath for SEO, and GenerateBlocks (site builder) are my only 2 essential plugins nowadays.