How To Know For Sure You Can Trust A Plugin

Remkus de Vries – Manager of Partnerships at Yoast

Thank you so much Val. We’re going to talk about a little thing called, how do I know for sure that I can trust a plugin. It’s a simple question, but not necessarily simple answer. My name is Remkus de Vries. As Val said, manager partnership at Yoast, but before that I had a lot of experience as a small agency handling clients from relatively small websites to really big ones. A lot of experience in the years and I would say I started using WordPress very actively as of 2006. So, basically I’m coming up with 13 years of experience.

Why am I qualified to talk about this topic? Well, I kind of shared that a little bit. There’s a whole bunch of experience on the building websites side of things, but there’s also a few other things that made me quite aware of the consequence of a plugin doing what it’s supposed to do, being secure working as it’s supposed to be working as opposed to the versions that are not working.

You may be wondering what that exactly was. Well, I’ve been pretty active in the WordPress community as of 2006. I’ve been the Dutch forum lead and admin for the Dutch WordPress site since 2008, which means I’ve seen a lot of forum posts, a lot of questions with regards to plugins doing or not doing what they’re supposed to be doing or what they’re advertising. I’ve co-founded WordCamp Netherlands and I’ve co-founded WordCamp Europe and as such been in contact with a lot of plugin writers, a lot of agencies that are building stuff, asking questions what is the good way to go about if I want to add this particular feature set to my site. What do I look at?

So, that’s the background of how I started accumulating information, knowledge about what the possibilities are and what to pay attention to because we’ve all been there. Either you come up with an idea or your own client comes up with an idea like, “Hey, I’ve seen this really cool feature on this particular website. I’d like to have that too. What plugin should I use?” Or maybe you’ve taken over the support of a particular website and you’ll find yourself using three different plugins for forums for instance. So, which ones should you stick with? Which ones should you use?

Now, apart from any particular favorite things that you may or may not have, as in how does it work or how does it look, there’s a few more things that we need to be looking at when we start introducing a plugin into our already existing website because that’s the focus of this webinar. I’ve seen and worked with a lot of plugins over the year and when I say a lot, I mean a lot, lot. I’m a curious person, meaning if I see a plugin that I like, at least as in how it’s advertising itself, I tend to just install it, see what happens. Look at the database, look at the options in there, play around with it.

I don’t care if it breaks because I have a few test sites that I can play with, but are pretty much … Totally okay to be ruined and start from scratch. That’s a luxury I’ve given myself and I’m quite aware that not everybody has that luxury. But like I said, I’ve been playing with plugins for a very, very long time. So, really, how to know for sure you can trust a plugin? Well, simple question, not a simple answer. There is no guarantee.

Let’s start with that because that really is what it is. There is no guarantee. So, the steps that we’re going to show you are steps that you can reproduce. They are steps that are pretty much covering the whole garment of let’s check this before you actually start installing it on your website. Having said that, this is code. Code will always have bugs. Code will always have small things, maybe even big things that you really want to be sure that are not in there, but they’re going to be there.

So, there will be security updates, there will be feature updates, there will be bug updates. All of those are part of plugins. So, that’s not a thing that we can mitigate. That is something that’s going to happen, that is something that we need to take as a truth. We can pretend it’s not there and we can pretend maybe we’ll do due diligence, but there are certain plugins out there that have thousands and thousands of lines of code.

There’s no way you can be as thorough as you would like to be. As in, there’s no way you’re going to make sure that nothing will be introduced that will cause any trouble. Having said that, there’s a whole bunch of things that we could look at to make sure that that risk of introducing a bad apple is minimized. So, the first question has to be this one. Do you really need that plugin? If you’re building websites for clients, I’m pretty sure you’ve had the question like. I’d like to introduce this particular plugin because I’ve seen what it does.

Now, the first question you should be asking your client and make sure they verify it is, do you really need it? Of course the client is going to say, “I just told you that I needed it. So please just install it.” Or whatever, but it saves a little bit of … The effort of asking are you sure you need it, do you really need it, it also helps you being a little bit more critical about what you introduce in your system. When I say system, I mean your entire stack of what you have like WordPress installation, your theme, your plugins, the whole system you have installed.

So, before you say yes to your client, make sure you absolutely are certain that that is something that you need, as in need, as in they cannot do without. One of the reasons you need to be slightly leaning against let’s not introduce something new is because if you end up giving a yes to every single time you have that question, you end up with a lot of plugins that are sometimes overlapping, sometimes really not that needed. It doesn’t matter how well they are programmed, they bring in any other security risk, maybe a speed risk. There’s a whole bunch of things that you may want to avoid as much as possible. So, this is the first question.

The second question is, where do I start? I took an example that is very near and dear to my heart. This is the Yoast SEO plugin that introduces a whole bunch of SEO features for your website and I’d like to show you by looking at what the actual information is about that you have in front of you. Basically, this is the plugin overview on the WordPress plugin repository over at WordPress.org/ plugins in this particular case, /WordPress-SEO. You can see a lot of information here already that we’re going to start working with.

One of the first things that should stand out a little bit is the stuff that you see on the right hand side, in the bottom where it says version, last updated, active installations, WordPress version, tested up to, and PHP version. Now, on the left you have the description and it basically describes what the plugin does. So, I’d like you to enter your bit of conscious mind when you start reading things. People advertise all types of things and there’s all types of marketing language you’ll see in the descriptions. So, be slightly cautious when you start reading what a particular plugin does.

So, let’s just take this one. You need SEO for your website because not only you want to have it easy to be publishing, because that’s why you’re WordPress, but you also want to be found. So, you’ve decided on Yoast SEO as a plugin or at least as a potential candidate. Let’s see what type of information we have that you can use. When researching a plugin, the first thing you do is look at the feature descriptions. As you saw here, it starts at the left bottom and it starts describing what the plugin does. I can’t scroll down, but if you start looking up the plugin you’ll see there’s a whole bunch of features being explained what they do.

You look at the last time the plugin was updated. Now, this is a very important indication because not only does it mean … If it’s a recent dates, then not only does it mean it’s being actively developed. It also is an indication of how active it is. So, for instance the Yoast SEO plugin has a release schedule of at least once every two weeks, which is a good sign of very active development. Now, that doesn’t mean that a plugin that hasn’t been touched for two months is one to stay away from, but it does mean that if we’re… Anything past 18 months, you should be a little bit weary, why is this plugin not updated? What’s going on here? Especially of you’re aware what does 5.0 introduces the Gutenberg core editor. Now, with that came a lot of changes and those changes mean they need to be reflected at any plugin that works with the editor. SEO plugin, absolutely works with an editor. So, for instance if you were to find an SEO plugin that hasn’t been updated in the last six months, I’m pretty certain you’re going to come across a limited plugin When it comes to actually being able to use it inside the current block editor.

So, that is something to look at. It’s not a black and white type of thing, but the more recent it is, the more of an indication of a actively being developed plugin it is and that is a good sign. I’ll explain a little bit more about this later, but this is actually a very important metric. So, the number of active installations. Let’s just say you’re looking for a particular plugin to solve your problem X. Now, let’s just say there’s five plugins that are actually solving X.

One of the things you could look at is the number of active installations which means, if one of the five plugins has 20000 installations and the rest have hovering around maybe 1000, 1500. It’s a clear indication that the one having 20000 installations is either on the market for a longer time or much more actively being developed, maintained, expanded, taken care of. So, it’s a thing to look at. These are all very straight forward things. The one that is a little bit less straightforward because it’s very subjective is the reviews, but I do encourage you to start reading the reviews.

Let’s go over there. This is the description. This is where you see a, what the plugin does and when you look down a little bit you see taking care of your WordPress SEO. It actually explains and features what our plugin actually does. So, it’s not just it optimizes your SEO, no. It explains to you exactly what it does. You get the advanced XML Sitemaps, you get full control over site breadcrumbs, set canonicals, etcetera, etcetera. So, that’s information that’s helpful for you to actually make a valid decision on do I need this, is this for me?

Active installations, you will find that here. In this particular case we have five plus million installations. That’s pretty good sign that whatever the plugin does is at least very popular. A lot of people agree with this being the number one SEO plugin. You see ratings at the bottom right of the plugin overview screen and ratings is another very interesting metric as it tells you a little bit about what other people.

Will think of this particular project os, in general, I would say you know there’s always one stars. There’s always two starts, and depending on the popularity of the plug in or how well it’s built, to three stars and to four stars will be there as well. But the five stars are actually the interesting ones. So the one I would check is if I have five stars, and I have a lot, how does that balance out the four, three, two, and one stars? I would even go as far as … If we’re checking reviews, I would actually check both the five stars and the one and two, cause I would be curious about what they’re actually saying. Now sometimes that somebody who doesn’t actually fully understand what type of plug in their getting into, so they may not understand everything about the plug in which will make me give a bad review, but those particular types of bad reviews should be easy to figure out which one you should discard or which one are the valid ones.

Same goes or the five stars. There’s the quick ones that go “Perfect plug in. Wonderful.” And they’re done, but there’s also people who actually write out two to three paragraphs explaining why this particular plug in is actually working for them. So, again you need to be a little bit skeptical when you read everything, but you really should read everything because it’ll tell you a little bit more about how that plug in works.

So when you click on rating, the link I just showed you, this is what you get you get an overview of … and technically this is a form. This is why it says “search this forum” that’s because basically, that’s how the at workers dot org architecture works. But, you’ll see there’s a five star, a five star, and then puzzling to say the least. Somebody did not get it. It’d be interesting to read why, but then again, the one below it says used for a beginner, and that one gave a five star review. So, really it’s a very subjective thing, and you need to double check and make sure that whatever type of plug in, and again this is the example of the SEO plug in, but whatever plugin you need, it may not be in SEO plugin you need currently, but it may be a different type of plug in. But the type of things to look at are still the same thing to look at. That doesn’t change so here I would still check.

So when you see the 24 thousand sites, 666 reviews, all those are links you can actually click on just to see the two stars or the four stars, or the five stars, and basically, if you see the overview underneath the topic, you click on very good, you actually get to see what type of review it is. And again, some come with maybe one sentence. Some actually put in some time and effort. All of these are ways to gage what you’re actually looking at. Why is this particular plug in worth your time to install on your sight?

So, next on things to check out is the plug in support. Now, it’s good to remember that plug in support is for the most part a free non-reinforceable type of thing. Everything you find on the plug in repository for workers dot org is open source. And open source basically means you get to use it any which way you like but you don’t get to demand. You need that particular support. Obviously, if there’s a huge bug, you get to be disgruntled, you get to be angry, you get tot be sad, all of those emotions, but you actually have no legal way of making somebody respond. Having said that, if and when a plug in is actively developed, you’ll see that they are actually taken care of their plug in support.

So, what does that mean? Well, it means that they are responding in a correct and prompt fashion. They are usually fast in responding. They also are thinking about what if your coming here for the first time. So they have like a “read this first.” Which explains how their support works and in some cases, in ours for instance, if you really want or need support the easiest way would be to get a premium prescription. That means you get the premium version of the plugin. But with that, you get support. So anything you come across or that you might need would be covered by our premium support, and there you can demand to be helped in whatever and with whatever issue you have. So, that would be explained in the “read this first”.

Now, the fourth thing to look at is how long do topics stay unresolved? So this is pretty much the same idea by when’s the last time the plugin was updated. Here we look at how do certain questions get answered. Do they get answered at all? And the forum actually allows you to see that. So here you see a good example of read this before you post. So Yoast wrote out a bunch of frequently asked questions, a bunch of ideas, and also if you really do need premium support, this is where you need to go. All of these are an indication of a company in this particular case Yoast, taking their support issues seriously.

It basically says “Hey look. We understand that we’re not technically obligated to answer your support questions here, however having said that, we do take them serious and we do answer them, because in term, that will make you a happy customer. And if you’re a happy customer, we have a premium version that will en make you a more happy customer.” So that particular mindset when you see that on the prescription, when you see that on the reviews, and when you also see that in the actual forum, the support threads, you get a sense of what the company is about a and that’s basically really what this is about.

So, any company being serious in this particular market of ours, the workers market, they understand that if they want to gain our trust, the first thing they have to do is make sure that they come across trust worthy, and explaining what your product does eloquently, helping out any, even if it’s free, any questions in the support threads, taking care of your reviews and making sure that they are on the higher level and not on the lower level, all of these are clear indication of the company making sure that they understand, they matter, and the importance of producing quality. And that is really what you’re looking for. You’re looking for signs of quality.

Now, this is all on the surface still. You can do this without even actively having to install the plug in. This is just looking at the information. And depending on he size of the plug or how, you can do this is two or three minutes, or maybe you need a little bit more time and you need some proper investigation, and you’ll be here. You’ll be losing that 15 minutes. Either way, it is something that you shouldn’t skip. It is not something you should be “It’ll be fine. I just want to go download it, install it, be done with it.” As tempting as it sounds, that’s not the way to go.

So, frequently asked questions. That’s an interesting one because it’ll tell you a little bit more about what is the mindset of people starting this and what type of question do they have. The active topics, that’s an interesting view to look at, and the last one is the unresolved topics. So unresolved basically says all for these questions that have been asked, which ones have not been answered? And just click on through, and see what they’re actually about. Sometimes it’s very straight forward stuff, sometimes it’s more complex stuff. To understand it takes time to properly respond. Either way, it gives you an overview of the mindset of the company. And again. They’re showing you their trust.

So, satisfied so far? Right? You’ve looked at it, you’ve read it, you’re convinced the plug in does what you want it to do, you actually decided you needed it, you’ve double checked every single thing you have available for you, you’ve looked at the reviews, you looked at the open support threads, all of that. You looked at that and you went like “Okay. This looks like a plug in that would actually do what I want it to do.” So what’s up next? Testing.

So, testing is not necessarily one of the most complex things to do. But, before you actually do the physical testing, you kind of go, ” let me just double check in good if I can find a little bit more information about who’s the author of the plug in. What do people say about them, or him, or her? ” Have they published more plug ins? If so, that’s a clear indication of people being more inclined to stick around longer. Is there a premium version? Now you might wonder, why is that an interesting … Why do I google that? Why do I search for that? For the simple reason that a premium version means whoever published a plug in is in it to make sure that they are providing a good solution. And a premium version says we’d like to be paid for it as well, and the more you pay for it, the better the actual version becomes.

So it’s an indication of a company or a person having invested interest in staying there, being there, and in two years time, three years time, still be available to you with updates for the plug in. All of that.

Over the years that I’ve played with plug ins and stuff, there’s numerous numerous plug ins that at one time were created because maybe the author had time, maybe they were a student and felt like this is an itch I need to scratch. They wrote the plug I, they released the plug in, they published the plug in, and maybe they were active and updating it for a couple of years, but maybe they went on to do different jobs. Maybe no time anymore, whatever. Having a premium version basically says “I am interested in maintaining this plug in, and please do come and install my plug in.” So, is there a premium version in one of the things you need to be looking for in search for a plug I name, and reviews.

So, on the workers dot org site you will find reviews, but obviously, those are not the only reviews out there. There are plenty of reviews written my people with blogs and you’ll find those interesting as well.

So the adventures mode is the next one. That basically means we get a little bit more technical. It requires you to set up a local development site. Now, if that’s not something you would normally do, I would, say google that, because there are plenty of really relatively easy solutions out there to set up a local development site. One of my favorites is local by flywheel, and what it basically does, it allows you to create a local site, and it’s only available on your computer, and it allows you to play with it. It allows out to make mistakes. You can easily create a new site. You can easily delete it. You can easily start from scratch. So, get yourself a local development site, and make sure that you install the plug in, test it, play around with it, and a very important metric to do is speed. Quickness. So the clearing monitor plug in, is a plug in that actually allows you to test everything you do … Oh sorry. Everything the plug in does on your sight. So you have to see what the response is.

Some plugins, they look good, they are so good, they look trustworthy and everything, but when it turns out you actually install it, they slow down your sight significantly. Now, a query monitor is a plugin that will actually show you the before and the after, so you can deactivate the plugin. You an double check again, experiment more, and if indeed we went form four seconds loading to 15 seconds loading, you know for sure you have a plugin you don’t want on your live site. Adventure’s mode basically says play around. The adventures detective mode goes one step further, and it basically says export your site, import it into your local development site that you just created, and there’s plenty of tutorials with whatever tool you’d like to use.

Again, my favorite is local by flywheel, but desktop server’s also a very good one. And it allows you to relatively easy, turn any export of your live site into a local dev. And with that, you get to test not just on the simple workers sight that you just installed and maybe import a few pages and stuff like that. No. You actually get a full copy of your life sight and it works locally. So again, install the plugin. See if it breaks anything. See if all the screens are … Can you still navigate to the entire dashboard/ does everything work as it did? If you want to go real adventurous, maybe test with an older version of the plug in out would like to introduce, and do an update. See what happens. Does it do what it’s supposed to do? Does it break anything?

Again, test with query monitor plugin because it will tell you how well you’re doing it, and the whole idea is that you do a little do diligence on the code side of things. So you install that plug in, and you make sure you click through the site, you click through the plug in, the settings and whatever it does, and make sure that the output is exactly what you expect it to be. So, when all of this is satisfactory, you basically have an all systems go. You’ve made sure that the plug in is actually well maintained, it’s up to date, it’s used by more people. Questions get answered quickly. There’s even a premium version which makes you … You’re more secure about the future of the company or the person behind the plug in, and that makes it a safer route to go with that particular plug in. So, if that all checks your green boxes, then we have an all systems go. So, congratulations. You are now in a committed … relationship with a new Plugin. I kid you not, this is exactly what it is. You are in a committed relationship because from that moment on you have introduced something into your website that you are going to rely on. You’re going to rely on it to work perfectly in workers 5.0 when you introduced it. You also are going to expect it to work perfectly in workers 5.1, 5.2, maybe even 6.7. It’s not just, “That was it. Done. Next one.” It means up-keeping. It means you need to still make sure that Plugin is actually updated as it was.

It doesn’t end there. It is introducing into your site now, but it doesn’t necessarily mean you have the luxury of not looking at whatever the next version of the Plugin introduces. You still need to be reading the changes, see what’s up, and see if you need to change or make sure that whatever you have as a total site is still working perfectly.

That’s basically the path that I use whenever I introduce a new Plugin. I doublecheck all these things and, again, sometimes it takes two to three minutes, sometimes it takes 15-20 minutes. If it’s a large Plugin, I don’t mind to actually start spending more than an hour for the simple reason: the better I test it, the more I make sure of what I actually see here is what it’s supposed to be doing, the happiest it’s gonna make me, and the more headaches I get to prevent.

This is me asking you if you have any questions.