One huge advantage to using WordPress is there is such a large, passionate family of developers that are constantly working on both the core of WordPress to improve it overall and building handy plug-ins for additional functionality. There is a plug-in out there to do almost anything. There are 38,000+ plug-ins available in the WordPress.org directory — that’s incredible! But…
All WordPress Plug-ins Are Not Created Equal
When it comes to these plug-ins, just because it is in the directory doesn’t mean the plug-in is coded well. Plug-ins are coded by different developers and there tends to be a lot of variation in skill level & coding expertise among them. Just because a plug-in works and does what it claims to do, it does not mean it is following best practices or coded in a way to minimize compatibility issues. There are plenty of stories of plug-ins slowing sites down because of the high number of database queries or plug-ins loading a heavy amount of JS & CSS code, which can negatively impact loadtime. If your site has been loading slow and you’re wondering if a plug-in is possibly the culprit, there is, somewhat ironically, a WordPress plug-in that can help you find these heavy plug-ins on your profile called P3 (Plugin Performance Profiler) that you may want to check out.
WordPress Plug-in Security Vulnerabilities
When you choose to install a plug-in, another thing to consider is you’re opening yourself up to any potential security vulnerabilities that exist within the plug-in’s code. In 2011, TimThumb was discovered to have a security vulnerability and it had widespread use among many plug-ins and themes.
You’re also making yourself reliant on the plug-in’s development team when it comes to long-term upkeep and compatibility with any future versions of WordPress. If you decide to use a plug-in to power a core piece of your site and the development team for said plug-in suddenly stops updating it, there’s no guarantee that when the WordPress update in one month, three months, one year, etc. from now gets pushed through that the plug-in won’t cause major issues.
Overall, your site will not run slower based on a sheer number game of how many plug-ins you have active. A large number of plug-ins could increase the likelihood that you may have a problematic plug-in but a large number of active plug-ins does not necessarily mean your site’s loadtime would be negatively impacted.
It’s all about the quality of the plug-ins used. Don’t misunderstand me, there are plenty of incredibly well-written plug-ins with phenomenal support teams that are more than safe to use on any WordPress project. It’s just important to vet any plug-in you are choosing to bring into your project. Do this by checking the plug-in’s feedback rating in the plug-in directory. Read the support forum for the plug-in to see if issues are being actively responded to if there are any. Check out the plug-in’s changelog to see what kinds of updates are being pushed through to the plug-in and if it looks like it is regularly being updated. If you test a plug-in and don’t end up liking it or it causes issues or you find a better one, deactivate it and delete it from your install. Leaving a bunch of inactive plug-ins sitting in your WordPress install is never a good idea.
There are definitely steps that can be taken to make sure every plug-in you add is an awesome & problem-free addition to your WordPress project. Just don’t get too trigger happy with installing them without vetting them or you could be doing damage to your site’s loadtime or potentially opening yourself up to problems down the line.
Edited June 2015