Skip to Main Content

The Dangers of Over Reliance on Plugins in Website Builds

This article will discuss the dangers of relying on too many plugins for your website. I will talk about when and when not to use a plugin and the pros and cons of using plugins.

All Content Management Systems (CMS), Craft CMS, ExpressionEngine, or WordPress for example, have plugins available. The plugins may be created by the developers of the CMS in which case they are first party plugins. More common however are third party plugins created by other developers who use the CMS. These plugins can be free or commercial and often fill a gap in the feature set of the CMS.

The Dangers

Danger Things

Plugin use on a website can be beneficial, however there are risks with using plugins. The more plugins in use on your website the greater the risk of hacking, break downs and the ability to update your website.

  • Using plugins introduces another vector of attack on your website. Not only your website but your plugins for your website can be targets of hackers. It's important to not only keep your website CMS updated but the plugins as well. Additionally when choosing plugins be sure to select those by well known reputable developers. This will help to ensure that the code is well maintained and any bugs are fixed in new releases.
  • Too many moving parts: More plugins means more opportunities for plugins to have conflicts with one another and possibly introduce breaking changes. These breaking changes may not be there when the site is first built, however as you update the cms, and plugins over time - a website needs maintenance just like your car, this may happen.
  • Plugins for your plugin: If the plugin you are using requires a plugin you are heading down inception level difficulties and risk. In particular if the plugin for your plugin is not developed by the plugin developer. An example of this is the Freebie and Republic Structure Tweaks for the Structure addon in ExpressionEngine. These plugins are not written by the same developer nor are they written by the Structure developer. I have worked on sites where the original developer used both of these and now the site cannot be updated because they are both abandoned.
    An example of where this may be necessary is with ecommerce. Ecommerce is a large beast to begin with and not every ecommerce site needs all the features so the ecommerce addon may be have additional plugins for increased shipping options or payment gateway connections. As long as these are by the ecommerce plugin developer then this is acceptable.
  • Future Maintainability: I have worked on many websites where the previous developer used countless plugins on the original build and these plugins are now abandoned. This can happen because the plugin developer went out of business, no longer uses the CMS the plugin was developed for, or other reasons. The result is that there is no support available and a website that can no longer be updated. In some cases, the original plugin can be replaced with another plugin. Depending on the situation this can be a complex undertaking requiring several hours of work. In other cases there may be no solution available other than to rebuild the entire site.

Recently I was asked to upgrade a website CMS that had over 70 plugins. Over 10 of these plugins are now abandonware. Furthermore there are three plugins that were custom coded by the previous developer. There is no documentation available as to what the plugins do or how to update them. The end result here is that this site can no longer be updated due to the cost of replacing addons that have been abandoned or have no documentation available.

Good Plugin Use

Not all plugin use is risky. First party plugins are generally safe as they are maintained by the creators of the CMS. Examples of first party plugins for Craft 3 include Amazon S3 and MailGun by Pixel and Tonic.

Plugins that make development easier but do not directly impact how the website works on the front end are also safe to use. If these become abandoned the site will continue to operate and be upgradable. Examples include Field Manager for Craft and Field Editor for ExpressionEngine.

Plugins that provide functionality that are essential for the site but unavailable in the core CMS. These plugins could include ecommerce, mapping & geolocating, advanced search and more. With this type of functionality it is rare to find a CMS that includes it out of the box since the function is complex and not necessary for most sites.

Addons that save significant development time and cost are also a good candidate for use on a site. An example of this is SEOmatic for Craft. To use SEOmatic all I need to do is add one line of code to my templates and a single field to the publish page. SEOmatic then takes care of all things meta including description, open graph, twitter cards and more. I could code this natively but it would take significant time increasing the cost to end clients. Using SEOmatic is simpler and saves time. See my review of SEOmatic for more details.

As a comparison with ExpressionEngine I needed 4 addons and complex templating for good SEO. This is not an approach that I would use or recommend at this point.

Light Bulb


Sometimes plugin use is unavoidable, however there are a number of things you can do to reduce the risk when adding plugins to a website.

  • Use as few addons as possible. Where possible use native functionality. Many developers turn to addons for features that can easily be built using native functionality or public apis. See my tutorials on Client Controlled Navigation and Simple Google Maps, both of which do not require plugins.
  • Sometimes addons are required for complex functionality such as a store locator. In these cases be careful and choose addons by well known developers with a solid reputation. Additionally I recommend choosing a commercial addon over a free one because a developer who makes money from the addon is more likely to continue development and provide good support.
  • If you find that your website requires plugins for what should be basic functionality, then I recommend investigating other CMS options. A couple of years ago I moved from a CMS I had been using for years to Craft CMS because of the added functionality out of the box that required addons to use in the previous CMS. You can read about my First Impressions or Why Clients Love Craft.

Judicious planning and careful selection of plugins while building a website will help ensure that updating and continued maintanence run smoothly as far as possible into the future.

Did you find this article useful? Then we should Work Together

Other Articles You May Like