Third-party plugins
VIP recommends searching the WordPress plugin repository for a plugin with the desired feature set. After identifying plugin candidates that are potentially suitable, they should be reviewed by following the below methods. Evaluate, scan, and test a plugin before using it on a production environment.
VIP does not maintain a list of pre-approved third-party plugins.
Evaluating plugins
Before installing a plugin candidate, evaluate a variety of the plugin’s qualities, including how completely the plugin candidate addresses requirements and/or the problem needing to be solved.
Simplicity and usability
Some plugins are more complex and have a large number of built-in features to provide a wide variety of options. Increased complexity can lead to bloated code if not done well, and can potentially cause performance issues (e.g., several classes and data structures being loaded upon every page request).
If a plugin’s code seems bloated, an inspection of the (open) source code may reveal the few purely functional lines of code that can solve your problem. The rest of the plugin’s code may not be needed.
Performance and security
Older plugins and plugins that are not actively maintained can have uncorrected issues that affect security (such as poor output escaping), or performance (such as queries that do not scale). Scanning a plugin’s code with PHPCS can help to reveal some of these issues, but manually reviewing the plugin’s code may also be needed and beneficial.
PHPCS scanning
Code quality can be verified by downloading the plugin candidate and running a PHPCS scan that will provide feedback on existing warnings and errors within the plugin’s code.
Feedback from the PHPCS scan should be reviewed, and decide how to act on it including the possibility of seeking out a similar plugin with higher code quality. A guide to working with feedback from the VIP Code Analysis Bot or PHPCS is available for reference.
Note
The VIP Code Analysis Bot performs the same PHPCS scan in a Pull Request that is available at any time by installing PHPCS and using the WordPress-VIP-Go
standard.
Testing on the VIP Platform
Plugins may use functions or perform actions that are incompatible with the VIP platform. The only way to accurately test for this is to test all or a plugin’s features on a non-production VIP environments.
Many plugins make assumptions about the environment they run in. Unless a plugin has been built for an enterprise-level platform, it may expect to make local filesystem changes, or expect the user to modify .htaccess rules to make it work. Some plugins make remote requests to download a pro version. Many of these actions will not work as expected on the VIP Platform.
To get a complete assessment of a plugin’s performance and suitability, install it on a VIP non-production environment, sync production data to the selected non-production environment, and test a variety of the plugin’s features, functions, and options. While testing, try to reproduce the production environment and conditions as closely as possible, including the same theme and collection of activated plugins.
Monitor the plugin over a reasonable amount of the time and confirm that the plugin’s features continue to perform as expected.
Query Monitor and New Relic are available on VIP Platform environments and can be very useful during the testing process.
Last updated: April 03, 2023