During my plugin triage work I group plugins into different classes before digging deeper into the pros and cons of each. Whether a plugin is good or bad for a particular site depends on how necessary it is, how deeply it’s being utilized, whether there’s any preferred alternative, and how difficult it would be to change. Categorizing plugins into the below classifications is a simple and useful start to your plugin cleanup project.
Plugin management is vendor management. When you install a plugin you’re introducing its features and functions to your website as well as its source into your collection of valued vendor relationships. You’re taking on maintenance and responsibility for the plugin. You must report bugs, test compatibilities, and install both minor and significant updates over time. You’re adding data and processing into your website to operate the plugin, often times loading its browser assets upon your website visitors. You may be taking on new licensing, which may create unnecessary bloat and not play well with staging environments.
Let’s begin to group plugins into a few classes that I find helpful for early analysis.
Class A plugins
The official source for WooCommerce plugins is WooCommerce.com. This contains the most reliable group of plugins and is usually the first place to shop for WooCommerce functionality. These follow more of a single-service model where the plugin is designed with a minimalistic interface, only the necessary features to achieve their promise, and standardized documentation.
These are premium products from approved third party vendors, which are evaluated by WooCommerce core developers and support staff. They range from hugely popular add-ons such as payment gateways to smaller or newer ones being introduced in partnership.
These are definitely GPL compliant products. They will function on staging environments without giving any licensing grief.
It’s important to keep in mind though that these still utilize resources on your website. Only activate one of these plugins if you are planning to use it deeply. Bear in mind that these plugins still introduce bugs and management overhead, though compatibility risks are significantly lower.
Plus, among all categories of plugins, many will use a remote service that isn’t within your website. Beware what all you connect with your valuable business and customer data and where it’s going. Have a look at your REST API keys and Webhooks pages within WooCommerce to get an eye on some of the activity.
Class B plugins
These are the usual community plugins you download from WordPress.org plugins repository. While the developers aren’t always vetted by WooCommerce core team members (some are!), these products are themselves fully GPL compliant and are scanned for maintenance and security matters. They are regularly scrubbed of abandons.
Most importantly the community provides transparency via usage metrics, ratings and reviews, easy to find technical change-logs, and support forums where you can preview what’s outstanding and how the developers treat their users.
Many of these are freemium, meaning they may be “upgraded” (see below) to something more feature rich.
Overall these plugins can be a good group to select from. Just be sure to do your homework on them first and keep on eye on them over time.
Class C plugins
Welcome to the Wild Wild West! These come neither from WooCommerce.com nor WordPress.org official repositories. They are downloaded from third party websites, possibly from one of the popular private repositories out there, from another open-source repository like GitHub, or from specific company websites.
Be careful of these plugins! While there are many excellent Class C plugins out there, these have a tendency to do things differently. They tend to build silos. They can add top level admin menus with colorful icons and alerts that serve marketing purposes but don’t fit into the core system all that well.
They aren’t necessarily GPL compliant as they may contain code that is licensed separately, eschewing WordPress licensing that forbids such behavior. They can bundle in licensing modules that waste resources validating your URL and account. They may not function on staging environments (copies of your site).
Bigger ones have feature packs where they may have a half dozen or so child plugins. Those can be a maintenance hog!
Worthy mention – integrations without a plugin
WooCommerce offers web hooks (outbound triggers) and a REST API (inbound interface) that remote services can use to communicate with your website. You don’t always need a plugin to integrate with an external service provider 🙂