How to do a plugin audit

Plugins can be a wonderful way to add new features and unique functionality to your website. But they can have a dark side. It's important to keep your list of installed plugins streamlined and updated. Let's dive in below:

Large number of plugins

A large number of plugins is going to slow your site down — period. You want to try to keep your list of plugins as lean as possible. If you have more than 20-25 plugins, it's time for a plugin audit. We'll go over what that means at the end of this article.

Outdated plugins

Plugins add new code to your site to perform different functions. Outdated plugins, or plugins that have not been updated in more than a year, may contain code that hackers and bots can exploit to gain access to your site. It's very important to monitor your plugins on a regular basis and remove any that are not being regularly updated.

The only exception to this is any plugins that are essential for the functionality of your theme. For example, the Genesis Connect for WooCommerce plugin is not regularly updated, but is required for compatibility between Genesis and WooCommerce. This is a very basic plugin that does not require frequent updates.

Duplicate plugins

When you have two (or more) plugins installed that are performing the same functionality, your site is ripe for a plugin conflict. Multiple plugins trying to perform the same function can also slow down your website. Common duplicate plugins we see are:

  • SEO plugins (i.e. All in One SEO and Yoast)
  • Security plugins (i.e. Wordfence Security and All in One WP Security)
  • Caching plugins (i.e. W3 Total Cache and WP Rocket)

Be sure to never install duplicate plugins. For example, if you already have Yoast installed and want to try All in One SEO instead, deactivate Yoast FIRST.

Plugin updates

Good plugins release frequent or semi-frequent updates. When plugin updates become available, update them. It is vital to keep your plugins up to date so that your site remains as secure as possible (see "outdated plugins" above).

Note about plugin updates: If a plugin just released a major update (i.e. a whole version number changed, like 5.9 to 6.0), it is wise to wait a couple of weeks before updating. That gives the plugin developers time to wrinkle out any bugs in a big update.

Plugins you don't need

Some hosts automatically install plugins on each new WordPress site. For most sites, these plugins are not necessary and can be removed.

  • Bluehost installs their Bluehost plugin, Bluehost Website Builder, Jetpack, MonsterInsights, and OptInMonster – none of these plugins are needed.
  • DreamHost installs BoldGrid and several BoldGrid add-on plugins – these should be removed. These plugins also change the appearance of your WordPress dashboard and block editor, which can cause confusion during theme setup.
  • GoDaddy installs CoBlocks and WP101 – neither of these plugins are needed.

This is another reason we LOVE and recommend SiteGround. Instead of installing a bunch of unnecessary plugins, SiteGround installs two essential plugins: SG Optimizer (for site optimization and caching) and SG Security (for site security and firewall).

Inactive plugins

Inactive plugins should be deleted from your website. You can always re-install the plugin(s) later if needed!

How to "audit" your plugins

Here's what we mean when we say audit your plugins:

  1. Go to your WordPress dashboard > Plugins > Installed Plugins.
  2. Delete any plugins that you are no longer using or that are inactive.
  3. Delete any plugins that have been closed or have not been updated in 18 months or more.
  4. Delete any plugins that are duplicating functionality (i.e. 2 SEO plugins).
  5. Update all remaining plugins.