Kicking the Tires: A Look at Selecting Plugins Wisely

KICKING THE TIRESA LOOK AT SELECTING PLUGINS WISELY

Susan WalkerMarch 17, 2016

“I LOOK AT THE RATING AND THE NUMBER OF DOWNLOADS. ISN’T THAT ENOUGH?”

Some Random Dude

KICKING THE TIRES

KICKING THE TIRES

WELL, IT’S A START.

Accessibility PHP ErrorsHTML Validation

Mobile Friendliness

Download TimeSEO

Friendliness

Browser Support

Minified Files

Memory Usage

WordPress APIsSecurity PracticesCSS

RulesJavaScript Errors

Plugin Conflicts

QueriesUX

Caching Translation

s

KICKING THE TIRES

There are a LOT of best practices to aim for.

WELL, IT’S A START.

“THIS IS OVERWHELMING. WHERE DO I EVEN START?”

Dazed and Confused

KICKING THE TIRES

KICKING THE TIRES

DEFINE WHAT YOU NEEDFirst, clarify what you need in a plugin — the necessary features, the optional ones and those that are undesirable.

KICKING THE TIRES

DEFINE WHAT YOU NEEDBe realistic. We all hope to find that one perfect plugin …

KICKING THE TIRES

DEFINE WHAT YOU NEED… but what we end up with will invariably be more modest.

KICKING THE TIRES

DEFINE WHAT YOU NEEDOften the goal is to recognize and avoid the worst clunkers.

KICKING THE TIRES

AUDITED PLUGINS

Here are a couple of sites with lists of plugins that have been tested thoroughly by others.▸ Tidy Repo

tidyrepo.com▸ Sites

sites.usa.gov/plugins/

“THESE SITES ARE AWESOME, BUT I DIDN’T FIND WHAT I NEED. WHAT DO I DO?”

Perplexed in Philly

KICKING THE TIRES

KICKING THE TIRES

START SEARCHING

▸ Search the repository using different terms

▸ Do a Google search▸ Read “best of” lists and

plugin comparisons▸ Check professional forums▸ Ask colleagues

KICKING THE TIRES

START SEARCHING

Production web sites are like fingerprints; no two are exactly alike. The ideal solution for someone else’s web site may not be what’s best for you.

Assuming you’ve found a few possible candidates, it’s time to look at them more closely.▸ Search the plugin name + the words “error”, “bug”,

“issue” and “plugin conflict”▸ Search the plugin name + the word “security”▸ Read the tickets on the plugin support forum▸ Get an idea of how often the plugin is updated

KICKING THE TIRES

DIG DEEPER

KICKING THE TIRES

NOW TRY IT OUTInstall and activate the plugin on a test site before you try it on your production web site. Make notes (a sample worksheet is available from susanwrotethis.com):▸ What interface elements does it add to admin?▸ What does it output on the front end?▸ How well does it perform?▸ Are there any other considerations?

KICKING THE TIRES

NOW TRY IT OUTTake the time to add lots of content and work through your best guess for settings.

KICKING THE TIRES

NOW TRY IT OUTSolicit the help of the site’s users if you can. If you do, assign them specific tasks to perform, with a minimum number of repetitions. When you simply ask them to log in and look at a new feature, looking is all they’re likely to do.

KICKING THE TIRES

NOW TRY IT OUTTest the plugin with different user roles. An Administrator account may see something entirely different from an Author account.Plugins with custom capabilities may default to very strict access or very broad access. If you don’t check you can create user access problems or open up a feature to anyone.

KICKING THE TIRES

NOW TRY IT OUTDoes the plugin have too many settings to manage easily?

KICKING THE TIRES

NOW TRY IT OUTDoes the admin interface confuse your users during testing?

KICKING THE TIRES

TEST PLUGINS WITH PLUGINS▸ Plugin Performance Profiler

Reports on how plugins impact page performance▸ Plugin Profiler

Reports on plugin performance times▸ Query Monitor

Identifies queries, HTTP requests, PHP warnings▸ Plugin Inspector

Looks for vulnerabilities and deprecated code

KICKING THE TIRES

TEST PLUGINS WITH PLUGINS▸ Plugin Security Scanner

Checks plugins against the WPScan Vulnerability Database

▸ WP HookerReports on which hooks are firing, with time from start

▸ What’s RunningLists require() calls made in a page

▸ Get OptionsRetrieves and lists all the options for a site

“THAT’S A LOT OF TESTING. ARE WE DONE YET?”

Some Other Guy

KICKING THE TIRES

KICKING THE TIRES

TEST WITH EXTERNAL TOOLS▸ WebPagetest, www.webpagetest.org

Tests web site performance ▸ W3C Validator, validator.w3.org

Checks your web page for valid HTML code▸ CSS Lint, csslint.net

Analyzes CSS code quality▸ JS Lint, www.jslint.com

Reports on JavaScript code quality

KICKING THE TIRES

TEST WITH EXTERNAL TOOLS▸ WAVE Web Accessibility Tool, wave.webaim.org

Tests pages for accessibility compliance ▸ Mobile Emulator, mobiletest.me

Lets you see how pages look on different devices▸ SEO SiteCheckup, seositecheckup.com

Analyzes pages for search engine optimization▸ PHP Code Checker, phpcodechecker.com

Examines PHP code

KICKING THE TIRES

DON’T FORGET THE BASICS▸ Chrome console

Especially helpful detecting JavaScript errors▸ Link checkers

Look for 404 errors generated by the plugin▸ Google Webmaster Tools

On production it’s useful identifying subtle issues▸ WP_DEBUG

Enable this in wp_config.php to display PHP errors

KICKING THE TIRES

UNDERSTAND THE LIMITSThere’s only one way to be sure what a plugin really does.

KICKING THE TIRES

LOOK IN THE CODEDownload and unzip a copy of the plugin. Check out the readme.txt file and any other text files with plugin info.Running a series of text searches for common keywords in the code files can tell you a lot, even if you don’t know code.

KICKING THE TIRES

LOOK IN THE CODEnew WP_Query is used in custom queries of the posts table and is normally related to the display of content.$wpdb-> shows up when a custom query of the database is in the code.CREATE TABLE (case insensitive) indicates that one or more tables is being added to the database.

KICKING THE TIRES

LOOK IN THE CODEwp_enqueue_ indicates script or CSS files are being added.wp_schedule_ functions are called to add cron jobs.register_ creates something that will be used elsewhere; examples include register_sidebar, register_post_type and register_taxonomy.

KICKING THE TIRES

LOOK IN THE CODEadd_ comes up in many different contexts:add_option adds a new entry to the options table.add_meta adds a new entry to the postmeta table.add_menu_page adds a page to the admin menu.add_cap adds a capability to a role or a specific user.add_shortcode creates a new shortcode.

KICKING THE TIRES

LOOK IN THE CODEMost of the common keywords in WordPress function names have corresponding functions to undo something:wp_dequeue_wp_unschedule_unregister_ or deregiser_delete_ or remove_

KICKING THE TIRES

LOOK IN THE CODESix of the most powerful functions in WordPress involve actions and filters. These can be used to modify not only WordPress core behaviors but modify other plugins as well.

KICKING THE TIRES

LOOK IN THE CODEadd_action lets you add functionality to a code sequence.remove_action allows you to remove functionality.do_action is the point when that functionality executes.add_filter allows you to add functions to modify output.remove_filter allows you to remove modification functions.apply_filters is when the modifications are applied.

“PLEASE PLEASE PLEASE DON’T MAKE ME LOOK AT ANY MORE CODE THINGIES.”

Gnosiophobe

KICKING THE TIRES

KICKING THE TIRES

DON’T PANICIt’s OK, the code went away. Pause and catch your breath.

KICKING THE TIRES

FINALLY, UNINSTALLDid it leave a lot of garbage behind? Things to look for:‣ Orphaned tables‣ Custom roles and capabilities‣ Custom post types and postmeta‣ Options‣ Files‣ Cron jobs

KICKING THE TIRES

POSSIBLE OUTCOMES1. You found at least one suitable plugin.2. You didn’t find a suitable plugin, in which case you

have to build your own or hire a developer.3. You found a plugin with minor issues that its

developer may be able to resolve.4. You found a plugin that will partially suit your needs

and that you can extend with action and filter hooks.

5. You realize you had a bad idea, and you drop it.

KICKING THE TIRES



developer may be able to resolve.4. You found a plugin that will partially suit your needs



KICKING THE TIRES



developer may be able to resolve. 4. You found a plugin that will partially suit your needs



KICKING THE TIRES

HELP DEVELOPERS HELP YOU

When you find bugs or coding errors, report them on the plugin’s support forum. Include as much data as possible, including the plugin version and WP core version, whether you’re on multisite and whether WP_DEBUG is enabled.Try to rule out the theme or another plugin as a possible source of a problem.If there are specific code errors, the exact error, including the file and line number if provided, can speed up resolution of a support ticket.

KICKING THE TIRES

HELP DEVELOPERS HELP YOU

Taking the time to provide courteous, factual information about your problem can gradually build a positive working relationship that benefits you, the developer and other users of the plugin.

“NOW ARE WE DONE?”

It’s Thursday and I Missed My Nap

KICKING THE TIRES

YES, WE ARE. THANK YOU!

Susan Walkersusanwrotethis.com@susanwrotethis

KICKING THE TIRES

IMAGE CREDITS‣ Cover Slide: tire by Grimm Pics

https://flic.kr/p8PybuA, CC BY 2.0

‣ Slide 7: Neuschwanstein by Paula Funnellhttps://flic.kr/p/dbjzny, CC BY-NC-ND 2.0

‣ Slide 8: Craftsman House, Wallingford by brewbookshttps://flic.kr/p/njQ5f, CC BY-SA 2.0

‣ Slide 9: Fixer-upper (Abandoned Homestead) by J.N. Stuarthttps://flic.kr/p/4KsDZh, CC BY-NC-ND 2.0

‣ Slide 10: Ruby red pens by Marcin Bajerhttps://flic.kr/p/87dMAs, CC BY-NC 2.0

KICKING THE TIRES

IMAGE CREDITS‣ Slide 12: 51 by Sergey Norin

https://flic.kr/p/7EA74a, CC BY 2.0

‣ Slide 13: Fingerprint by Angelo Pereirahttps://flic.kr/p/3KjRyr, CC BY-NC-ND 2.0

‣ Slide 19: Switches by Jol Itohttps://flic.kr/p/KG5Te, CC BY 2.0

‣ Slide 20: Confused by Sarahhttps://flic.kr/p/6eBt8y, CC BY 2.0

‣ Slide 27: Rube Goldberg Machine by Jeff Kubinahttps://flic.kr/p/qCoDG, CC BY-SA 2.0

KICKING THE TIRES

IMAGE CREDITS‣ Slide 36: Chiaroscuro Guinea Pig by TRONOSKI Photography

https://flic.kr/p/bkQ2f3, CC BY-NC-ND 2.0

Creative Commons image licenses at creativecommons.org/licenses/.

Technology

Kicking the Tires: A Look at Selecting Plugins Wisely