I keep copies of every site I work on in a source control repository. It’s a best practice everyone should do but sadly many don’t. It is incredibly easy to do, takes just a few minutes to setup and has paid me back many times over.
The very first thing I do is checkout a working copy of the site this plugin will run on. Then I install the plugin but do not activate it. Next, I fire up my editor and look at the code comprising the plugin. I like PhpStorm but any modern editor will do. The very first thing I want to know is whether the plugin author is a Level One, Level Two or Level Three plugin author.
If they are a Level One author, I will only use the plugin if there is no other reasonable alternative or it is a fairly simple plugin. I would never consider using anything from a Level One plugin author having anything to do with payments, memberships or content access behind a paywall. It is just not worth the risk. I also never use a plugin from a Level One author without disabling the plugin from updating itself. If or when the plugin is updated by the author, I will pull it and go through this process again.
Assuming everything looks okay I will then activate the plugin and take it for a spin before loading it onto the live site for activation and use there. I only add plugins I’ve never used before to production sites early in the morning and if possible, early in the week. This way if there is a problem, I can deal with it without having to work late into the evening or over a weekend.
Level One Author
A level one WordPress plugin author knows just enough to get started. They can do simple plugins but once the complexity increases, their plugins become bloated and can quickly drag the who system down.
One of the tells you will see in their code are generic function names. When you add a function to a plugin it is loaded globally when the plugin loads. If the function is generic such as generateUniqueTrackingCode() it is possible some other plugin with generic function names might have something similar. Each plugin should have a defined prefix added to every single function in the plugin. No exceptions.
They rely on the default mechanism to save data beyond basic configuration settings needed for their plugin instead of creating and managing their own tables. While this works, it can really drag performance down fast.
These are just three of ways Level One plugin authors out themselves. Once you spend a little time looking at plugins, you’ll quickly add to the list.
Level Two Author
Level Two plugin authors have a great grasp of the WordPress platform and how it works. They know what to watch to avoid and what to embrace and they understand how to properly segment their code and resources so they are available when needed and out of the way otherwise.
But they do everything in WordPress.
If you look at a plugin and don’t see your obvious signs of a Level One author the plugin was most likely written by a Level Two.
Level Three Author
A Level Three plugin author also has a great grasp of the WordPress platform and how it works. The know how to seamlessly and peacefully coexist within the WordPress ecosystem. But they also understand while WordPress is an awesome hammer not all problems are nails.
A Level Three knows when to literally think outside the WordPress box. They can fully integrate their WordPress plugin with an external API or isolate their business logic so that it executes without impacting the performance of the site.
They know how to securely handoff tasks to other processes and handle any returning data, notifications or messages.
If you need a custom plugin this is the person you want. If your company produces plugins for other, you definitely need people like this on your team.