How to vet a plugin for add on development


Without plugins, many projects in WordPress would never have been possible. Almost all developers develop add-ons to modify existing plugins to fit a client’s needs.

But how do we choose vendor plugins to develop add-ons for? What makes a plugin extensible? What makes it reliable?

These are the questions that prompted me to create a checklist for vetting plugins. The checklist starts at presales and goes to code reviewing.

This is the checklist I shared during this talk. I also received a lot of great input from other developers during the talk and was able to improve the checklist as a result.

Checklist for vetting a plugin for add-on development

Before Downloading or Purchasing

  1. Does it have a good support culture?
  2. Does it have add-ons developed by third party developers?
  3. Does it have a strong community?
  4. Do they have clear, easy on the eyes, documentation?
  5. Do they embrace open source?

After Activation: Administrator UX

  1. Does it use the WordPress UI?
    • If not, is the changed UI creating a significantly better UX?
  2. Does it use nags tastefully?
  3. Does it take up minimal space for upsells?
  4. Does it allow for exports of user generated data?
    • Ex: Form submissions.

After Activation: Database Usage

  1. Does it stick to WP’s built-in tables?
  2. If it creates new tables are they absolutely needed?
  3. Does it add just a handful of rows in the wp_options table?
  4. Is everything prefixed?
    • New tables, meta keys, option keys, CPT or Custom taxonomy slugs etc…

After Activation: Performance

  1. Load the site up with a bunch of dummy content. I use WP-CLI, or FakerPress. The dummy content is important because you’ll only be able to see performances issues with content stressing the code.
  2. Use a profiler such as Query Monitor
    • You can use your preferred profiler for this
      Debug bar, Browser Dev tools for Client side stuff.
  3. Check the Query Monitor output for red.
  4. Check for slow SQL queries, failing HTTP requests, or long running JS scripts.

After Activation: Uninstallation

  1. Does it give you the option to remove it’s data from the DB and Uploads directory? (credit to Brent Jett from the Beaver Builder Team)

Code Review: Clean Code

  1. Is it readable/easy to follow?
  2. Does it follow PHP and WP standards?

Code Review: Can you add Functionality?

  1. Grep do_action and apply_filters Are there a lot of them and are they all well documented in the code with a doc block?
  2. Does it provide a lot of actions?
  3. Does it allow you to filter data before saving?
  4. Does it allow you to filter data before it is output?

Code Review: Can you remove functionality?

  1. Does it use the hook pattern internally?
  2. Are the callbacks it adds to WP accessible?
    • Use Global Vars, static methods or Singletons.
      Bottom Line: Callbacks need to be accessible in some way.

Code Review: ShortCodes

  1. Does it allow you to filter the user input for shortcode attrs?
  2. Does it allow you to filter the allowable shortcode attrs?
  3. Does it allow you to filter shortcode HTML output?

Code Review: Internal API

  1. Does it have an internal API to access core functionality?
    • Check out WooCommerce (pre 3.0).

Code Review: Display Logic

  1. Does it have overridable templates?
  2. Does it enqueue scripts and styles?
  3. Does it use WordPress’ loop logic to output content?

Examples of good plugin design

  1. Gravity Forms- has a ton of filters to change submission data.
  2. WooCommerce- Overridable templates, great internal API.
  3. Beaver Builder- Best overridable Admin templates for module settings pages. Amazing communities of users and add-on developers.
  4. Ninja Forms- Breaks the rule about Admin UI design and greatly improves form creation UX as a result. An amazing community of add-on developers.
  5. Contact Form 7- really beautifully clean code, solid yet minimal plugin design, and amazingly extensible. Is symbolic of open source.
  6. CMB2- Great Developer’s meta box plugin


Useful Sources

Database Usage

  1. Which tables to use for what data
  2. What are the WP DB tables
  3. Problems with the options table
  4. Meta key best practices
  5. How to use post meta correctly
  6. How post meta gets abused
  7. A profiler for PHP, js, and mysql queries
  8. Versioning options arrays

Clean code

  1. PHP coding standards
  2. WP Coding standards
  3. Code mistakes in plugins
  4. Clean code in plugins
  5. Clean code in plugins
  6. File management in plugins

Can you remove functionality?

  1. Problems with not extensible plugins
  2. Orphan objects
  3. How to instantiate an accessible plugin

Display logic

  1. Overridable templates, filtered shortcodes and more

Admin UI

  1. Why use WP’s built in UI