Beware WordPress developers that rely on third-party plugins

wordpress-logoWhen engaging a WordPress developer there’s one very simple but important question you must ask – do they develop or implement.

With hundreds of thousands of free plugins and many more premium plugins there’s an alarming trend of people claiming to be ‘WordPress developers’ but when it comes to the development they rely on these third-party plugins, earning themselves the title of ‘WordPress implementer’ and putting your project in a very dangerous territory.

What’s the difference?

Both a decent developer or implementer will listen to your requirements and work through them with you – however when it comes to the actual development, the developer will build a solution to your exact requirements and the implementer will start looking for solutions to each of your requirements, usually patching together several third-party solutions.

Why does it matter?

Both a developer and implement may be able to get the same results for your project, but what matters is how they achieve the results – as it affects the quality of the product, securitylicencing and the ongoing maintenance.

Quality

Plugin bloat is a well known fact in the WordPress community – the more plugins installed, the slower the site runs.

This is exactly what the implementer is doing to your site. They’re more than likely going to install multiple plugins with little regard to how the plugin affects your sites performance. Furthermore since the plugin is developed by a third-party developer for a the WordPress community it’s likely to be feature rich – features you most likely don’t need but contribute to the bloat.

On the other side the developer will use their expertise to code to your requirements – they will know 100% what code is running and when with no bloat.

Security

It’s highly unlikely the implementer is going to read through the plugins code, if they even could understand the code they would be much more likely to develop.

The third-party plugin is a point of weakness in your websites security – without knowing exactly what the code does your website could be open to any number of vulnerabilities.

Engaging a developer involves trust – if you’ve ended up with an implementer you need ask yourself – do I trust all these third-party plugin developers with my website?

Licencing

Licencing is something that’s easy to overlook, especially when you’re employing someone else to build the website.

With the developer you can simply stipulate no licence on the development, however when an implementer installs all those third-party plugins what they’re doing is making your agree to the terms of the third-party plugins. They may even be locking you into ongoing licence fees to the third-party plugin developer.

Maintenance

When you patch together several solutions you create a delicate balance that keeps things working.

When one plugin updates, that balance may break leaving your website broken.

When it comes to support instead of having the one developer that knows your code, you have several developers that may or may not be interested in supporting you.

tl;dr

I’m not advocating bespoke solutions for every project, I’m saying that people need to be aware of how their project will be achieved and what the implications are.

You need to ask – do I want a developed solution or an implemented Frankenstein patch work solution?

If you’re comfortable with an implemented solution, for each plugin you need to ask:

  1. Who developed it? Are they well established and trustworthy.
  2. When was it last updated? Is the plugin being maintained, does it work on the latest version of WordPress.
  3. Is it well supported? Is the third-party developer providing ongoing support.

And finally, remember that your site is only as secure and efficient as the code runs it.