How Many Plugins Are ‘Too Many’
Updated November 18, 2020
Why Not Install Loads of Plugins?
It really doesn’t matter if you’re talking about blogs or ecommerce packages, plugins, also known as extensions or add-ons, are how most users expand the functionality and features of their respective platform. Questions inevitably arise about why site owners shouldn’t install loads of plugins.
Here’s an explanation of why plugin use needs to be limited:
Website servers are rented via monthly fees. Those fees determine how much storage, memory, CPU cores, I/O operations and network bandwidth is assigned to a hosting account.
A basic virtual private server plan, such as at KnownHost, might include:
– 2 Core CPU Processor
– 2 GB Guaranteed RAM
– 50 GB RAID-10 SSD Storage
– 2 TB Premium Bandwidth
A straight out of the box install of a software package, like WordPress or Magento is designed to consume a certain amount of resources while answering a given number of requests by website visitors. Magento can serve up 2-4 simultaneous requests per CPU core.
Plugins are small software applications that need resources of their own. Some are very light and efficient while others are extremely complex and demanding.
Servers which run low on RAM will start using drive swapping as a way of getting things in and out of memory, much like we’ll make a todo list on a piece of paper, so that we remember what to do next after we finish the current tasks. Ask someone the answer to 2+2=___ and it can be one without pencil and paper. Give them a list of 20 math problems and they’ll have to be written down and then figured one at a time. Swapping out of memory is slow.
When servers run low on storage, memory, bandwidth or CPU cycles, user requests get slowed significantly or ignored completely.
Because plugins require server resources in order to perform their functions, each one subtracts from the resources available for the primary platform to use in answering visitor requests.
What Happens If You Install Too Many Plugins?
Too many plugins can lead to server resource shortages. Your hosting account limits can be reached and this can lead to several painful scenarios.
Server software is usually designed to be relentless. It will work long and hard to get every request answered, even if that means creating a queue of backlogged requests a mile long.
When the server gets low, it gets slow.
When a website visitor is coming to your online store, that means clicks on links to look at additional products can go from taking 1 second to load to taking 3, 5, 15 or more seconds.
Take more than 3 seconds to load and 40% of users will leave the site. For those that remain, every 1 second delay causes a 7% decrease in conversions. If your site is earning $100,000 a day, that 1 second delay can cost a company over $2.5mil a year. Speed stats from neilpatel.com.
Networks are configured to either queue, rerequest or drop requests, depending on load and how they’re configured. Applications on the server can also be configured to drop requests because developers have realized that overloading servers is a typical way hackers compromise systems.
For server systems, the difference between too many legitimate customer requests and a denial of service attack are non-existent. Either scenario means too many requests are coming in to be handled given available resources.
After reaching the breaking point, server systems will just stop answering requests until such a time that resources get freed up and they can resume trying to handle the demand.
For website visitors, this means they’ll be clicking links, seeing nothing happening, or getting an hourglass wait timer, then click again and again, further exacerbating the problem. The problem, by its very nature, makes the problem worsen rapidly.
It only takes a few seconds for unhappy users to be convinced that the site is broken, give up, go elsewhere, file away a memory of this site being foobar and spend their money with a competing site.
Not all hosting companies are created equal. While some will have hard coded limits that can’t be exceeded (such as in the two scenarios above), others will allow your use to exceed the limits of your account.
Being able to exceed account limits sounds awesome, right? Um, no!
A quick little overage on resource use can be handled via “burst”, such as when companies advertise “burstable” RAM. It simply means that you can get X amount normally, but for a very short period you can get more. That ability to “flex” or “burst” is handy, if you’ve only got a very short period of overage.
When people learn that you’re selling a full autonomous robot dog, like SPOT at Boston Dynamics, inevitably some huge site will link to that page and suddenly their social mentions will get shared and spread, with more linking and a massive influx of traffic hitting the page. This is known as the Digg Effect, Slashdot Effect or just talked about as going viral.
When this happens, you don’t need a short burst of more – you need a massive upgrade in resources. However, your hosting configuration doesn’t automatically do this.
Overwhelmed hosting will often lead to “Account Suspended” messages appearing instead of your usual robot dog shop ecommerce page. No one can buy from an account suspended page. No one trusts a suspended account.
Eventually a site owner will figure out what’s happened, get their hosting upgraded to handle it (at a cost), pay a penalty for the excess usage (sometimes required) and eventually get quite a few visitors to return and buy their very cool ‘bot.
But by then, they will have lost thousands of potential sales and millions in revenue.
Account suspension is expensive and painful for everyone.
Why Do Plugins Impact Server Resources?
In order to extend functionality, plugins ADD to what a server can do. Some plugins tie into social networks or email service providers to make content easier to share and discuss. Other plugins examine words used, grammar, spelling, SEO targeting, search rankings and even check for broken links or wrongly sized images.
Plugins can do great things.
For many plugins, every time a page is loaded, the plugin code is executed. That can mean 1 or 100 HTTP requests, internally and externally, every single time the page loads. All that is in addition to what would normally happen.
The way most plugins add information to a platform like WordPress or Magento is by storing data in the database, querying information in the database, then when pages load the plugins look-up information and use it. It can be simple, like storing your preferred breakfast cereal, then whenever you visit the site and login to comment or shop, it asks how your Cheerios were this morning. It can also be complex, checking where every visitor is arriving from and displaying local news, weather and sports in the sidebar, so that users get a personalized experience tailored to their geographic location.
Every HTTP request takes time and resources. Every database read and write takes time and resources.
Adding functionality doesn’t come without a cost!
What are the Risks of Having Too Many Plugins?
Risk #1 – Performance
Covered above, the number one risk of having too many plugins is that your server goes slow, stops working or your account gets suspended, alienating users and costing you money.
Risk #2 – Security
Plugins aren’t all coded by a team of expert programmers who have regular code reviews, highly scrutinized testing and updated regularly to ensure they are fast and secure.
There are thousands of plugins just on wordpress.org alone. Many, many other sites host plugins as well. Some weren’t secure from day 1. Others haven’t been updated and are now vulnerable to compromise.
This isn’t meant to frighten you into never using a plugin – it’s merely to point out that every plugin installed is another potential security concern.
How Do You Know If You’ve Got Too Many Plugins?
Diagnosing WordPress, or other platform, performance issues can be challenging, even for those with technical expertise. However, there are a few checks that can be done by regular site owners who aren’t web developers by trade.
Check your WordPress performance with these techniques:
Test #1 – Check Your Site Speed Regularly – Compare Then and Now
Before you install a boatload of plugins, see how fast your website loads. Know the baseline performance so that after you install plugins (or change themes), you can then see how fast your website loads and compare the results. Measure it to better it.
Site Speed Checkers
Be sure to always test the same page and from the same locations, for checkers that let you specify the test server location, so that you’re comparing apples to apples.
Google PageSpeed Insights
Look at FCP and LCP timings.
Look at page loaded time.
Check the page loaded time.
Login to Google Analytics and view the report.
Behavior -> Site Speed -> Overview [average page load time]
Test #2 – Check Analytics – Bounce, Exit, Conversion Rates
We know that slow sites will have more bounces, more exits and less conversions. Even without knowing exactly how many seconds it takes a page to load, when people run away, or fall asleep when using it, there’s a great chance that page speed is the smoking gun.
Bounce happens when people view a single page then leave. Exit happens when people view multiple pages then leave. We expect people to exit after they’ve made a purchase, read a key article, downloaded a brochure or signed up for a newsletter – it’s inevitable.
Worsening bounce and exit rates are symptoms of an issue – like a slow site.
How to Check Bounce Rates
Login to Google Analytics and view the report.
Behavior -> Site Content -> Landing Pages
Sort the report by sessions, so that you’re viewing the most popular pages first and glance over at the Bounce Rate column.
Compare your top pages bounce rate over the past week with a similar week prior to installing one or more plugins.
When bounce rate goes down that -X% the bigger the X the better. A negative bounce rate now vs then means that your site is doing better. If the number is positive, it means your bounce rate now is worse – it’s not a good thing!
In an ideal world, your bounce rate on key pages would be 0%. You want people to stick around and view more pages.
How to Check Exit Rates
Do the same steps as above only looking at:
Behavior -> Site Content -> Exit Pages
Compare now vs then and look for exit pages that shouldn’t have people exiting, like site homepage (/) or cart checkout pages (checkout/cart).
Worsening exit rates are bad. We want less exits on those pages.
What’s the Most Important Thing Can You Do to Limit the Risks of Plugins?
The #1 thing you can do to prevent plugins from wrecking your site… don’t install them!
More than half of the plugin functionality people want on their site can be accomplished by simply adding a snippet of code to the child theme functions.php.
Many plugins are just not necessary – they’re installed as whims because they sound “cool” or maybe they will be handy some day.
Sites vary in their guesstimation about how many plugins are too many. You’ll hear 20, 30 or 50 bandied about. However, it only takes one resource hog, poorly coded or unmaintained / compromised plugin to turn a great site into a disaster.
What Else Can You Do to Limit the Risks of Plugins?
Check Before You Install
Before you install a plugin, check the rating, reviews and number of installs on wordpress.org. Some paid plugins won’t appear here and some new plugins won’t have tons of stars, reviews and installs, yet. However, if you’re betting your website success on what plugins you install, it only makes sense to limit those installs to proven successes.
Measure Before and After You Install
Check page loading times before and after installation to make sure that you’re not slowing down the site with an installation of a plugin. Regularly recheck site performance and keep track of what you’ve done recently so you can undo anything that causes your site performance, and revenue, to go into the toilet.
Consider Alternatives to Heavy or Problematic Plugins
As wpmudev.org points out, there are some great plugins that just suck up too many resources.
There’s no reason to leave a broken link checker plugin running on your site all the time, especially if you don’t publish all that frequently. Instead, use a crawling service or desktop application (like Xenu Link Sleuth). Xenu has been around forever because it just works. Nothing fancy, just link checking (and a few stats of interest).
There is no magical number of plugins that are “okay”, with 1 more plugin being “bad”.
Think long and hard before you install a plugin. Look for frequently updated, highly rated, well-reviewed, low in resource demands plugins, if you really must install something.
Monitor performance before and after installing something. Know the impact of your actions.
If your site is secure and performing well, you’re doing something right.