A Word of Warning about Plugins

The SmallBiz Theme works with every WordPress plugin…

…. but did you know:

1) The second most common way for WordPress sites to get hacked is via plugins. (The most common is by keeping Username and Password on default settings in case you wonder)

2) Most plugins are developed by individuals like you and me in their spare time. If they work with your current version of WordPress that does not mean they will work with the next WordPress version. Because the plugin creator may have lost interest or does not have the time or resources to upgrade the plugin.

3) Many plugins use very common javascript libraries. The plugin may work by itself but adding a second one may cause a resource conflict – which may result in both of them failing to perform

4) Even though the plugins are listed on the WordPress website does not mean they have been tested or approved. Anyone can upload to their plugin for free and without approval.

5) Usually plugins that cost money are a safer bet – because those are associated with a company or individual committed to make money and their reputation will be ruined if they don’t support their product.

…By the way all of the above is also true for free vs commercial WordPress themes…

6) Pro Tip for those paranoid about security: rather than permanently using a plugin you can look at the plugin code and copy/paste only the code you really need directly into your theme php files. After you copied the code delete the plugin.


Plugins Best Practices:

1) Create a databse and file backup before adding a new plugin – this allows you to restore your site in case the plugin takes it down.

2) If you “try” a plugin and decide not to use it make sure to remove (delete) the plugin. “Deactivating” the plugin is often times not enough, because some plugins simply leave all their code on your theme and just hypernate until activated again. Always “Delete” all plugin files.

3) Last but not least: Every function that a plugin does or add can be achieved by a little bit of code added directly into your theme files. Learning some html and css may seem overwhelming at first, but is very rewarding and allows you to build better, nicer and more secure websites for yourself and your customer.


Everything a Plugin can do – can be done directly with your WordPress code.

Now that you know … here are a few plugins that we use sometimes :-)

Google XML Sitemap Plugin (Tell Google about your pages/posts)

WordPress combined File and Database Backup Plugin (Backups are always a good idea)

WP-Captcha Free (Anti Spam Plugin)

Gravity Forms (If you need more options for your contact form)