Why I advise against these WordPress plugins
With around 60,000 free plugins currently in the WordPress plugin repository and countless paid premium plugins, nobody can keep track of everything.
But there are some criteria that, in my experience, speak for or against a particular WordPress plugin:
- High server load: Some plugins and functions put too much load on the web server, which affects the speed of your and other websites.
- Performance issues: Poorly programmed plugins reload assets (CSS, JS, images…) and slow down your website – which has a negative impact on your SEO ranking and causes visitors to bounce.
- Compatibility problems: If plugins are not properly programmed and continuously adapted, they are incompatible with WordPress or other “standard plugins” and cause errors or crashes on your website.
- Data protection problems: Hobby programmers outside the EU are not aware that the GDPR applies and do not observe it or deliberately ignore it. However, you as the website operator are always liable.
- Security vulnerabilities in plugins put your website, your customers’ data and the internet in general at risk.
- Outdated plugins: If plugins are not updated regularly, this says nothing about the code quality, but it puts the motivation of the programmers in a bad light.
Do not use these WordPress plugins!
This list is of course not exhaustive, but it lists the plugins that I come across again and again during website checks for companies. If I replace these plugins or remove them completely, the website runs faster and more securely.
The list is sorted alphabetically and is constantly being expanded. Don’t want to miss an update? Sign up for the newsletter.
Please do not use: Backup plugins (which are configured incorrectly)
Most backup plugins for WordPress, such as UpdraftPlus, BackWPup, Duplicator, etc. won’t do you any good.
This is because the backups are usually stored in a folder in WordPress itself. This only consumes huge amounts of storage space without providing more security.
Because:
- If your WordPress is hacked, the backups are also worthless.
- If your host has a technical problem, the backups are also lost.
You can leave it at that and hope that nothing happens.
The solution
Configure the backup plugins so that the backups end up on an external server (via FTP, Dropbox, Google Drive…) or use an external backup and management service with added value, for example WP Umbrella*.
Please do not use: Broken Link Checker
Constantly checking your website for broken links sounds useful, doesn’t it? Unfortunately, most of these plugins require a lot of server resources. Your website will therefore slow down and may even be blocked by your host.
The solution
To check whether your website has broken links, use an external service such as Oh Dear*. This won’t slow down your website and will check for much more than just broken links.
Please do not use: Classic Editor Plugin
Retro and hopelessly outdated.
There’s no other way to describe the WordPress Classic Editor.
This plugin in WordPress shows me that the website is hopelessly outdated. The Gutenberg block editor has been on the market for a long time and is much better than the TinyMCE input field.
When I discover this plugin on new websites, it shows that the people involved are willing to make changes.
Please do not use this plugin – especially not for new websites. It is not the future, the future is (good) page builders and the block editor.
The solution
Use the Gutenberg editor or high-performance, good page builders such as Elementor* or Bricks Builder.
Please do not use: Contact Form 7
Like the Classic Editor, Contact Form 7 had its day. But this is over, because you don’t want to create forms in this way:
Nowadays you don’t necessarily have to deal with HTML and enter shortcodes in a long text field…. that’s far too error-prone. And do you really know which tags you need to assign for perfect accessibility in your form?
The solution
If your page builder comes with a form solution: use it. In my experience, these form widgets are completely sufficient for 90% of requirements.
This saves you an extra plugin and you can put together your form using drag’n’drop.
For more complex forms (multi-steps, conditions, calculations) use one of the large form plugins such as Gravity Forms or Fluent Forms.
Kennst du schon das Business-Membership für alle WordPress-Professionals?
Workshops, Live-Q&A’s, Austausch mit anderen Webdesigner:innen, Co-Working und natürlich professioneller Support für dich. Das sind die Website Heroes.
Please do not use: Divi 4
I’ ve written it before: Divi 4 is unfortunately no longer state of the art. It still does not use modern functions (e.g. Flexbox, CSS variables, CSS Grid), which makes customization tedious and is not future-proof.
Divi 4 also lacks expandable widgets and it is practically impossible to set up a clean online store with WooCommerce. Even the flexible display of blog posts will fail with Divi 4.
Solution
Use modern page builders such as Elementor* or Bricks Builder* for new website projects.
Alternatively, you can also wait for Divi 5 – it’s already in the alpha phase, but for quite a long time…
Please do not use: Essential Addons for Elementor, Premium Addons for Elementor, Crocoblocks etc.
These widget collections for Elementor should only be used with caution. They usually slow down your website and often only one function from the entire collection is used.
Elementor Pro has developed very well in the last few months, usually no extra extensions are necessary anymore (e.g. Elementor MegaMenu, Elementor Nested Widgets etc.)
Solution
Check whether Elementor now offers its own solution and whether you really need a slow add-on collection.
In my projects, it was largely possible to implement the function differently and do without an extra plugin.
Please do not use: File Manager and similar FTP plugins
Often used by inexperienced web designers: the File Manager plugin. However, the same plugin is also often installed by hackers and used to take over your WordPress website.
It is absolutely not necessary to install one of these plugins.
Your hoster has everything you need to edit files. And it’s safer, more convenient and faster than with the File Manager plugins.
Solution
Use the WebFTP solution offered by your hoster or (even better!) connect to your server via FTP or SSH.
This saves you a plugin that is potentially a huge security problem and has no place in WordPress.
Please do not use: Hello Dolly
The Hello Dolly plugin is supplied as standard with WordPress and has no function. None. Zero. Nada.
Unfortunately, it is installed anyway.
Solution
Delete the plugin.
Please do not use: Local Google Fonts
The Local Google Fonts plugin (and similar plugins with the same function) allows you to load the “evil” Google fonts locally from your server.
This is good from a GDPR perspective, but has some disadvantages.
This is because you are installing an extra plugin for a function that your theme or page builder already has to provide.
With the Local Google Fonts plugin, you’re just sticking a band-aid on a wound, and it doesn’t even work very well…..
Solution
Get to the root of the problem and adjust your page builder, WordPress plugins and theme so that no Google fonts (or other assets) are loaded.
The GDPR has been in force long enough, if a plugin manufacturer has not yet adapted to it, you should switch to another provider as soon as possible.
Please do not use: Ninja Forms
Ninja Forms* was my form plugin of choice for a long time. Until I had to extend it for a project…
The situation here is similar to Divi 4 – the code base is hopelessly outdated and the plugin is not designed for extensions.
Apart from that, the user interface is not based on the WordPress standards, which confuses my customers and they have to learn a new user interface. Not exactly ideal.
The solution
Use the form widget that comes with your page builder or a modern form solution such as Gravity Forms or Fluent Forms.
Please do not use: Security plugins with dubious benefits
Yes, your WordPress website needs a security plugin. But please use one that is really secure and provides a benefit.
This is because many security plugins mainly work with fear in order to sell you a paid upgrade. They then display irrelevant attacks and inform you that your WordPress website is under attack.
Unfortunately, this is part of the “background noise of the Internet” and cannot be avoided.
But there’s also no point in constantly dealing with it and letting WordPress send you emails.
Solution
Use strong, long passwords, 2-factor authentication and a firewall that starts outside WordPress. Only install selected plugins. This will make your website very secure.
Please do not use: SSL Redirection Plugins
Plugins that redirect your website visitors to the HTTPS version of your website such as WP Force SSL, Really Simple SSL or Easy HTTPS Redirection are not necessary, make your website slower and less secure.
It’s better to set up the website so that you don’t need any of these plugins.
Solution
Activate SSL with your hoster and – if possible – also redirect from http to https. If this is not possible, a simple rule in the .htaccess file will save you having to use one of the plugins mentioned above.
And finally, use a plugin like Better Search Replace to adjust all URLs in the WordPress database. You can then delete the BSR plugin again.
Empty the cache and your website will run encrypted, without any extra plugin.
The list is sorted alphabetically and is constantly being expanded. Don’t want to miss an update? Sign up for the newsletter.
Use these plugins for WordPress
That was my list of plugins that you should not use under any circumstances.
I’ll tell you which plugins I recommend instead of the ones mentioned above in my article on Clean WordPress – the perfect WordPress setup.
Do you have a plugin that you also can’t recommend or do you want to know what I think of a plugin? Then please leave me a comment.
