The dangers of Plugins

dangers of plugins

Before you install any that promise automation, beware of the dangers of plugins.

I’ve been following a conversation online that would make the heart of any website owner skip a beat. If the old adage of “if it sounds to good to be true, it usually is” ever held water in the world of website development, this story supports it. It serves as a brilliant example of the dangers of plugins and how they can destroy years of hard work.

What is a website plugin

What is a website plugin?

If you’re unsure what a plugin is, there is an easy way of explaining it.

It is nothing more than a small piece of software that extends the functionality of your existing website platform. It could be something as simple as letting people leave reviews on your products or a complex appointment booking system.

They can be tiny pieces of software or extremely powerful tools.

Typically, plugins are written by external providers or development companies. Some of these providers can be fully fledged software companies that make multi-millions in revenue. Others can be written by a single person, and supported by them too.

Before plugins become available for use on a platform, they usually have to go through some form of approval process.

Plugins on WordPress

Plugins helped grow WordPress

WordPress, the system that powers 40% of the world’s websites, became the platform it is today because of plugins.

It is a very powerful platform to begin with, but it has such a vast array of plugin providers that it can offer virtually every feature you can imagine possible.

There are over 60,000 plugins available for WordPress and that number is increasing on a daily basis. WordPress publish guidelines for developers but you might be surprised at how relaxed the review process is. If you read the guidelines, you’ll probably come away thinking that the intervention of WordPress themselves is minimal.

WordPress make it very clear that:

“Developers are responsible for the content and actions of their plugins.”

That should probably make you wary to begin with. WordPress clearly disclaims itself from legal action that could come through the use of plugins.

Perhaps that is to be expected, as most platforms do the same, but you might expect plugin developers to be safe bets and you’d be unlikely to have anything too bad happen from using one. And you’d be wrong.

Plugins on website systems

Shopify and others use plugins too

The success of plugins on WordPress became the model for almost every other web platform. Shopify has enjoyed mammoth success with its plugins, although theirs are known as “Shopify Apps”.

Some plugins are free, some plugins are paid-for. They range from one-off fees to annual or monthly subscription models. The fact that some are chargeable doesn’t change the way you should approach their use.

There are over 7,000 plugins for Shopify. Microsoft’s Dynamics 365 platform uses plugins too, as does Adobe Commerce.

SAP, often seen as the giant of platforms also uses plugins (Add-ons).

Ultimately, 99% of plugins are what allows a platform to perform functions that the website owner wants it to. You’d be hard pushed to find anything but the most basic of site operating without the use of a plugin. The chances are that, if you’re a website owner, your site is using plugins you weren’t even aware of – because some are installed by default, usually by your hosting provider if they’ve given you a ‘package’ deal.

This is key to the subject you’re reading about – plugins aren’t usually a bad thing, far from it. I have installed thousands of them over the course of my career and many of the sites I have worked on wouldn’t have functioned properly without them.

However, as with many things in life, there is always someone, or something, out there to ruin your day.

Advantages of website plugins

What are the benefits to you and developers?

Whilst I’ve already covered this briefly, you might be surprised at just how beneficial plugins are to you as the owner of a website.

There are plugins that speed your site up, potentially assisting with your rankings on search engines.

There are other plugins particular to SEO, with two of the most popular being Yoast and AIOSEO on WordPress. They offer basic guidance that some DIY site owners are fond of, but they’re also of use to professional SEO consultants such as myself. Those ‘in the trade’ don’t rely on them, but they offer an at-a-glance insight at times.

Woocommerce is a plug-in. Yes, the vast and complex ecommerce system that is powered by the WordPress eco-system is a plugin.

That hints at one of the biggest benefits you get from plugins – cost. They save website owners a fortune that they’d otherwise have to spend on getting website developers to custom-code your site to do everything you want it to.

Similarly, web developers benefit from not having code every single feature you want on your site. They can rely on plugins to provide everything from page duplication to cool little widgets that show animated countdowns in sales-driven events on e-commerce sites. There really is a plugin for everything!

Disadvantages of website plugins

Disadvantages of website plugins

Unfortunately, plugins don’t always come without disadvantages. Some are minor, some only come to light after time, and others are downright disasterous.

One of the most common problems is the effect they can have on website performance and, subsequently, the user experience.

Some plugins aren’t written as efficiently as they could be, and the downside of that can be seen in the speed at which your webpages load. This, in turn, can have a negative impact on the user experience which, again in turn, can ultimately impact your website rankings.

It is also common to find that a website has too many plugins installed, and that culminates in problems with speed again.

However, you’ll also find that ‘clashes’ between plugins is common. The installation of a single plugin can occasionally stop an entire website working, because the functions it performs might cause it to clash with another plugin. The end result is usually that one or both plugins stop working correctly but, as already mentioned, they can have far wider reaching consequences.

Fortunately, the process of eliminating faults such as the above is as simple as uninstalling plugins – one by one (and you should always begin by uninstalling the most recently installed plugin).

There can be other disadvantages and they’re usually the most unnoticed.

Plugins might require access to your customer data, and that means you should be declaring to customers who you’re sharing their information with (particularly under GDPR legislation in the EU and UK). They might make unexpected changes to your website layout or cause other problems in formatting and display, but these issues can usually be rectified relatively easily.

Then we come to the big one. They can, on rare occasions, destroy entire websites and businesses. That outcome might not be intentional, but it is why I’ve been monitoring the conversation I mentioned online.

Plugin disaster

How a plugin can destroy a business

The site I have referred to has been a business for 6 years. In that time it had built a flow of visitors that most website owners would be delighted with.

They were averaging 2 million page views per month according to the owner. As recently as just 4 months ago, they hit 3.3 million page views in a single month.

They’d amassed over 4,000 results in SERPs (Search Engine Results Pages), were visible for tens of thousands of keywords and phrases, and were showing in positions 1 to 3 for over 1,000 keywords on Google. They held positions 4 to 10 for a further 2,500 keywords.

Across their website, they had published approximately 20,000 articles.

If you stop to think for a moment, you’ll immediately recognise that this means they’d been substantial publishers of content and were pushing news content out at a huge rate. That isn’t necessarily unusual for publishers and they are a content-orientated site (i.e. the content is what visitors go to them for).

Then, they decided they wanted to appeal to readers in other countries. To do this, they opted to go multi-lingual.

There are several ways in which they could have done this, but they wanted to do so on a retrospective basis. Hence, they went looking for a plugin that would offer automatic translation of their existing content.

The moment of change

They found one plugin that appeared to suit their needs and installed it. The owner of the site is honest enough to have said they “did not do much research“.

The language translation plugin went off and did what they’d asked of it. It translated all their existing content. In doing so, it generated a staggering 7 million page links. Yes, 7 million. All of these were picked up by Google.

According to the owner, the almost immediate impact of this was that Google identified the site as spam generating.

The plugin then kept generating more links on a bi-weekly basis. These amounted to a further million links every fortnight.

The owner says that the translations of articles were then found to be mis-tagged in some cases. For example, English articles would be tagged as being Chinese, Spanish as English, and so on. The result of this was that the websites bounce rate (people that land on the site and leave immediately) went through the roof.

They then discovered that they were being flagged for unfathomable amounts of duplicated content, due to how the plugin was generating the translated pages.

Google Search Console was showing so many problems that the position became unmanageable. The conversation I’ve been watching includes responses from people telling the owner to go through all “the garbage” and remove it. However, the owner replied that the task of doing that with millions of issues is simply unachievable. I think people forget how large a number “7 million” is!

The end result

The site in question has gone from 2 million visitors per month to fewer than 100,000 per month. That has massively impacted their revenue and their inability to cover salaries. This has the knock-on impact of being unable to put resources into recovering from the situation.

They have decided to pull the plug and either file for dissolution (they’ve actually cited the word ‘bankruptcy’) or try to pass the site off to another owner that has the resources to attempt to resolve the issues.

Reaction

The responses from the wider world of SEO and the web range from “You mean you didn’t test it?” to people attempting to help them.

However, another user popped up and said they’d experienced the same issues with the very same plugin.

Their site was far smaller in terms of content, but had generated millions of spurious links as the other site owner referenced, and had gone from 10,000 views a day to just a handful of visitors. It became apparent that the plugin publishers might not have made it clear how it worked and what it would do in terms of SEO implications.

There were several less charitable responses as you’d expect. I’ve never understood people that say very unpleasant things to people suffering misfortune, especially when they’ve already admitted they didn’t do sufficient research.

How to avoid plugin dangers

What mistakes did the site owner make?

I’m not going to dwell on this part for long, as I’ve given enough hints as to the obvious errors by now. Owners have to take responsibility for the installation of plugins, and this one did. However, they also have a right to criticise plugin providers, and I believe they had more than enough reasons to do so.

Testing a plugin

The first point that many people raised was why they didn’t test the plugin away from the ‘production environment’. This is a method that allows a site owner to try a plugin in a way that will not impact their live website.

It is a valid response. Equally appropriate are the comments that ask why they didn’t limit the exposure of the plugin to just a few pieces of content. In other words, not let it run riot on their entire website.

Monitoring the plugin

They should have kept a closer eye on what the plugin was doing. This would have given them the ability to stop it, uninstall it and ‘roll back’ the site to an earlier point in time (i.e. a restoration point, presuming they had back ups). The site owner was quick to say that they realise they should have done this.

Reading plugin reviews – thoroughly

Reading reviews is something plugin users should always do, but this incident reveals how thorough you need to be. The plugin had received thousands of 5 star reviews. The problem here is that you’ve no idea how large the websites it was deployed on are. Once you dig deeper into the reviews, you’d find some quite appalling stories of what it had done to website indexing and, consequently, their SEO.

Never, ever, rely on a headline star count. Always read at least some of the poor reviews. Had the owner done that, they’d have seen that almost all referred to the plugin killing their website SEO and rankings.

Lessons from plugin mistakes

Plugins and SEO strategy

It occurs to me that this was a major change of business strategy. Going from a single language to multi-lingual approach, appealing to a far wider audience, is not something I would be taking lightly.

Once you’d identified this was commercially appropriate, you’d surely put a far more formal process in place for choosing and watching the results of a plugin?

I appreciate that it is something others suggested more broadly, but it all falls under SEO strategy. What were they expecting to achieve from their SEO with this plugin?

Had they known what they wanted, they’d then look at how the plugin performed in this respect. That takes me back to looking at the plugin reviews. If they’d looked at any mention of SEO in the reviews, which a strategic approach would have done, they’d have spotted the flaws before installing it.

Furthermore, if you have any doubts, contact the plugin provider and ask them pointed questions. Most will respond and those that don’t shouldn’t be trusted. If you have any doubts, look elsewhere.

Experience and feedback

Have you encountered similarly disastrous issues with a plugin? Whether it is on WordPress or not, I’d be interested to hear of your own experiences.

Chris Shaw, leading independent SEO consultant in UK

Leave a Reply

Your email address will not be published. Required fields are marked *