Trusting Your Plugins

Let’s make it four plugin posts in a row to close out Plug-vember!

Last week, I talked about the fairly lengthy process I use to evaluate and prune the plugins used on my site and for other projects. However, should I really trust any plugins? It’s a question more worth asking than you might think.

The License

The GNU head logo
Don’t Fear the GNU.

Here’s the first restriction listed for a plugin in the WordPress plugin repository:

Your plugin must be compatible with the GNU General Public License v2, or any later version. We strongly recommend using the same license as WordPress — “GPLv2 or later.”

Whether you’ve heard of the GPL or not, if you have a WordPress site, you’ve implicitly agreed to it. And here’s an interesting part of that license (the emphasis is mine):

Because the program is licensed free of charge, there is no warranty for the program, to the extent permitted by applicable law. Except when otherwise stated in writing the copyright holders and/or other parties provide the program “as is” without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The entire risk as to the quality and performance of the program is with you. Should the program prove defective, you assume the cost of all necessary servicing, repair or correction.

So important is that clause, (it’s #11) that it’s written in ALL CAPS. I converted it sentence case so you’d be able to keep reading this post.

In Plugin Authors We Trust

Few people treat WordPress as if it might fall apart at anytime, and that’s with good reason. WordPress is supported by a large group of committed volunteers and the company that runs WordPress.com, Automattic. Because their business depends on WordPress, they won’t let it fail anytime soon.

But the same can’t be said for WordPress.org plugin authors. Roughly 1/3 of the 21,000+ plugins in the repository haven’t been updated in two years. WordPress flags these plugins with a warning message, but there are plenty of other unmaintained plugins that have yet to meet the two-year milestone for official abandonment. There are also plenty of actively-maintained plugins with known bugs or other limitations.

For all of us who use plugins, we’re at the mercy of the plugin authors to fix, improve, and maintain the plugins on which—let’s face it—we rely.

Be Picky

But let’s not get too worked up. There are lots of great plugin authors out there who put in hundreds of hours for free. I support two plugins myself. (Another friend of mine, Ben Lobaugh, maintains or contributes to over 40 plugins. He’s crazy, but in the good way.) I haven’t directly earned a dime from mine, but I’ve released them because:

  • I think they’re useful,
  • I like helping other people,
  • I like giving back to the WordPress community that’s given so much to me, and,
  • I’ll admit, it’s fun to see people downloading something that I made.

So instead of being permanently paranoid about the state of our websites—or going completely “off-the-grid” and avoiding anything licensed under GPL—I recommend you follow my lead and thoroughly evaluate the plugins you use. Like I said last week:

  • Does [a] plugin have positive reviews in the plugin repository or on outside blogs?
  • Does it have lots of downloads?
  • Does it have lots of problems reported in the Support forms? Are they resolved or unresolved?
  • Has it been updated frequently and recently?
  • Is it by from an author with multiple plugins? Do I know and trust that author based on other plugins?

We’re All In This Together

There is no fool-proof metric that guarantees that a free plugin will work forever. You have to do due diligence and then go the rest of the way on faith. There are lots of good people out there who make great plugins. But at the extreme, no one who makes plugins has the permanent capacity to maintain them forever (see, “death”).

If you’re a programmer, some plugins allow you to easily submit fixes or improvements. There are also people working to make it easier to “adopt” abandoned plugins. Those efforts are needed and may become quite successful, but they will only increase the number of functional plugins. They won’t reduce the importance of carefully vetting every plugin you use.

So remember that, like the GPL says, plugins—and WordPress!—come “as is” and “without warranty.” That doesn’t mean people won’t help you and continue to make amazing free plugins, it just means that you have to carry the risk of plugins not working now or sometime in the future.

Join the Discussion

This site uses Akismet to reduce spam. Learn how your comment data is processed.