Plugins

WordPress Plugins offer a way to quickly extend the functionality of your site, and there are a number of them that our team uses and relies on regularly. But installing plugins also represents a new layer of considerations for the longer-term security, performance and maintenance of your site. These guidelines will help ensure that you have a great plugin experience:

• Consider if the need can be met with an existing WordPress feature. The functionality you’re looking for may already be a part of core WordPress, or there may be a fairly straightforward way to achieve a similar result without introducing a new plugin. Searching online can help uncover this.
• Consider doing a minor theme update. Even though theme updates usually require some coding knowledge, bringing functionality into a theme means it can be more easily considered and maintained as a part of your overall site development efforts over time. Once you’re depending on a plugin, future updates and functionality changes could complicate things.
• Make sure you’re looking for a plugin with the narrowest scope to meet your needs. There are many “swiss army knife” plugins out there that try to do so many things to the point where they introduce significant bloat. If you need to use a plugin, find one that does exactly what you’re looking for and little more.
• Make sure the plugin is well maintained (e.g. an update that confirms testing against recent WordPress versions), well supported (support forum threads get responses relatively quickly, the plugin author seems to care about its users), is widely used (lots of installs) and gets reasonably good reviews (4-5 star average, reviews are positive). All of this information is usually available on the plugin details page in the WordPress plugin directory.
• Check for dependencies on third-party services and APIs, especially ones requiring a license or paid plan. Make sure that the plugin isn’t just a gateway to a product or service you’ll need to pay extra for, unless that’s what you’re looking for. Beware of plugins that are essentially a sales mechanism for paid services.
• Test out the plugin before you install it on the live site. Use a testing/staging/development site to install and configure the plugin, play around with its functionality and ensure that it will meet your needs. Once you’re confident that it’s a great fit, then install it in production.
• When in doubt, ask us! If you’re not sure how to find the plugin you need, aren’t sure about a particular plugin choice, or want help reviewing and testing a plugin, just let us know and we’ll be happy to help.

Adding theme-specific, custom plugins

If you plan to write custom plugins for a site, it’s safer to add them to a mu-plugins (“must-use plugins”) directory so that we can manage them through Github, as well as prevent clients from manipulating them in wp-admin. This means your repository structure will need to reflect a wp-content root. When a plugin is in the mu-plugins directory, it’ll be activated automatically and the client won’t be able to remove them. In step-by-step form:

1. In your repository, remove the plugins directory if not needed (this is for traditional plugins that will be accessible to clients in the plugins list).
2. Add an mu-plugins directory to house your custom plugins. Follow the directions in the example-project README for configuring the mu-plugins directory.
3. Check to ensure that your plugins are activated in wp-admin when you enable the theme.

Note: Jetpack backups load in all plugins from the /mu-plugins/ directory, but leave plugins in the /plugins/ directory inactive. If your new mu-plugin has a dependency from another, regular plugin, please ensure dependency checks and error handling are in place (test with the dependent plugin disabled), otherwise Jetpack backups will fail.