WordPress plugins are infamous for adding both great functionality and great consternation if they turn out not to be secure, conflict with each other, and introduce unexpected behavior upon being updated. I’ve developed a methodology that allows me to build complex WordPress websites using a large number of plugins (over 20) and still maintain proven stability and security for my client through updates (or lack thereof) after years of use. Not that I endorse this, but one of my clients came back to me after 5-years of not updating their e-commerce WordPress website. It was running on WordPress 3.4.2 in early 2017, the original versions of all plugins, including WP eCommerce, and still worked great. Neither had it ever been hacked. I was both pleasantly surprised and very alarmed. I updated the site pronto, but it provided more validation that my methodology is sound. Of course having an excellent web hosting company is just as critical. Without a great web host that uses solid security approaches on their end (I strongly recommend baremetal.com operating out of Victoria, Canada for shared hosting endeavors, and SiteGround.com), nothing I do in this regard really matters.
I am a lone operator in my company, a sole proprietor. I have to be nimble, able to connect to others with the skill sets I don’t have, and do all of this efficiently to keep lag time and operating overhead at a minimum. My college degree is in Management and Organizational Development, not computer science. So for me, process is key (all hail W. Edwards Deming).
My client websites often have multiple workflows, e-commerce components, membership requirements for accessing research documents, or other protected content. They also usually have at least some custom coding provided by a programmer I outsource to (I am not a programmer) when it becomes obvious during the Architectural Phase (I work in phases, but more on that in another article) that using a plugin is simply not going to work.
Large plugin stacks are understandably frowned upon by many WordPress website developers. The more plugins you use, the greater the risk of unwittingly implementing an exploit or conflict. Every time you update plugins, you risk breaking something because the plugin author modified a hook or other aspect your site relies upon NOT to change. Even worse, the update might have a vulnerability in it that was not present in the previous version. But custom programming has its own drawbacks, so like anything in nature and tech, knowing where to strike a balance is important.
Custom programming is sometimes expensive compared to the planned ROI, and if the coder becomes unavailable years later when a compatibility issue arises, what do you do then? What if the programmer turned over a bunch of non-annotated code? What if they never refactored their work? I have spent more money having custom code re-written from scratch to fix such issues, at my own expense, than I’ve ever spent keeping a large plugin stack updated and secure. However, most of the programmers I’ve hired over the years were well worth it. I won’t let a few bad apples spoil my outlook. It simply reminds me that good hiring practices are as much a part of operating independently as they were when I was managing technicians in a corporate environment.
Plugins are not always the answer of course. Depending on your client’s needs you may indeed have to rely on the integrity of a programmer to get things done correctly. It just depends on the project.
For the majority of my clients, an array of fully vetted plugins, tested and configured for interoperability and stability through aggressive upgrade cycles, does the job just fine. However, positioning yourself as a web designer when building sites like this does not sufficiently communicate the sophistication of your skill set, and this can create a disconnect between the price you charge for your websites and the price the customer expects to pay.
You Are A WordPress Integrator
If you’re creating designs, heavily modifying themes with CSS and other back-end approaches like I do, testing plugins for interoperability and security issues, creating technical workflow maps, stepping through use cases with clients, creating simulations in Invision App, and producing a finished website as the final deliverable, then you are way beyond what most laymen think of when they hear the term “web designer”. Even if you’re not doing all of the above, just the act of finding and implementing different plugins to meet a use case, no matter how simple, is an act of integration.
Except for hyper-focused graphic designers that produce visual brilliance for theming into a website by someone else, most of us that build WordPress websites tend to work in several creative and technical media roles simultaneously. This can include heavy programming, plugin creation, graphic design, UX design, usability testing, responsive or adaptive web design, plugin interoperability testing…you name it. We shift between these roles so quickly and frequently that we forget we are actually wearing a lot of hats. We are integrating different skill sets and virtual components in order to produce the final deliverable. We are, by and large, WordPress Integrators.
Clients Must Pay For Their Own Plugin Licenses
A developer’s license is no substitute for a client getting their own license. Any push-back from a client on having to renew a set of plugins on an annual basis usually happens because expectations have not been set correctly. Clients need to understand both the enormous power and cost savings they are getting by having a competent WordPress Integrator build their website using plugins, instead of primarily via custom coding, when it makes sense.
The estimated cost of annual licenses is one of the first things I address with potential clients. Updating those plugins is another cost I am careful to bring up before anyone signs on the dotted line. Together, these two items filter out a lot of potential customers, leaving only the ones that would never be able to get what they want any other way. This really cannot be overstated. You do not want to be conceptually associated as competing with the many Do-It-Yourself, cheap website builders on the market. WordPress Integrators are able to provide specific solutions to problems their clients cannot readily solve any other way, and at a competitive price-point.
My clients typically pay between $390.00 to $900.00 annually to keep their plugin licenses current, and about $500.00 annually for me to keep their websites updated. This cost is very competitive compared to using a programmer to get the same capabilities provided by a well-vetted plugin stack or hiring a full time person in-house for the same.
Just make sure to keep a few excellent coders on standby. They can provide immense insight and value that is well worth paying for in situations where plugins are too cumbersome, inexact, or simply insufficient. Often a trustworthy programmer is also your partner for troubleshooting plugin conflicts or identifying better ways of doing things when you thought a few plugins would do the job just fine. Programmers see things very differently, and that contrast will keep you from falling in love with your own ideas. A good WordPress Integrator knows when to say when, and get a programmer involved who can lead the way (hint: let them lead, don’t try and live on the solution side of the issue).
All of this leads to the core value of a WordPress Integrator. Were it otherwise, we would be irrelevant. If you are able to communicate this value, your relevance is significantly strengthened in the eyes of the potential customer.
Have a Formalized Vetting Procedure for Plugins and Themes
This aspect is so important, everything falls apart without it. Here’s my recommended approach no matter the size of your plugin stack:
- Have available both a local testing environment and an online testing environment. You can test faster on a local machine than having to “cowboy code” to a web host. Retaining a web domain strictly for testing with your favorite web host is critical to make sure the server technology they use doesn’t result in different outcomes. This is were you need to be very careful about which web hosting companies you trust. My experiences with GoDaddy, Site5, BlueGenesis, BlueHost, and DreamHost exclude them from my trust list. For me, trust has been earned by baremetal.com, SiteGround.com (comprised of a lot of former Site5 employees that were replaced by far less competent staff a few years ago when Site5.com almost destroyed my reputation and those of my trusted allies), and possibly getflywheel.com (I am still vetting them).
- Use the exact same directory structure in test that you intend to use on live; or get as close as you can. This is really important when it comes to security. My websites place wp-config.php in an area other than where the WordPress install exists, among other techniques. Fudging the directory structure in test means that I don’t get an exact emulation of live; which of course increases both complexity and uncertainty when dealing with issues that are revealed during testing.
- Test plugin interoperability not only for the current versions, but also through at least one upgrade cycle within your optimum security configuration, using the plugin stack your intend to deliver. This means that great plugin you found on Monday will likely not be allowed into a production environment for a few weeks. It is much better to deal with such a delay than the consequences of rushing to judgement and paying for it with instability or security flaws. For example, if a plugin gets updated and suddenly chokes when it cannot find wp-config.php in the WordPress install directory, that disqualifies it from my list.
- If a plugin is free and it is fulfilling some critical function, donate money to the developer per website you use it on, and adjust your pricing to your clients accordingly. This isn’t altruism, it’s practical business advice. Maybe you cannot always follow it, but try and you will be surprised how it can help future-proof your work. It makes a significant difference if you run into problems. Developers are human; it’s true, I’ve seen them! If you pay them something, it increases the likelihood they will be more inclined to help. Payment also helps them continue to develop what you have now realized you cannot live without. Just think, “What would it have cost me to hire a programmer to get the same functionality I’m getting for free with this plugin?” I think you will find a small donation, say around $15.00 per site, rather thin by comparison. Also be sure to give them great reviews that include meaningful information those considering using the plugin would find valuable to their decision.
- Regardless of if the plugin is free or premium, test their technical support approach. This starts by reviewing any online resources like support forums, and can go all the way through to seeing how they handle a support issue directly up on a test site. If questions are not being answered in the forums, then that’s a red flag. Negative reviews or comments are also interesting, but try to weed out the valid complaints from those made by people too lazy to read directions or the user guide.
- If the plugin requires access to a licensing server, get it in writing from the developer what will happen if their licensing server becomes unavailable. If they hedge in their response, do not use the plugin.
- For more complicated plugins and themes, a professionally written user guide should be available. User guides should be written with high proficiency in the target language. They should also make generous use of screen shots. I have found that a lack of such documentation speaks to a lack of commitment (and therefor longevity) to the component in question.
- Make sure as you add to your plugin stack that you do not exceed the memory capacity of your server. This is really only a problem in lower-end, shared hosting environments but it is always good to make sure. The php.ini file often controls this, but sometimes it’s a C-panel setting or some other control required by the web host.
- At the very least, have separate backups of both the full website and it’s database, and a backup of just the database, before you perform an update. For more sophisticated websites, consider hosting a full clone running on a completely different domain and performing updates there first; of course being sure not let web crawlers or unwarranted visitors view the test site. There are many methods for cloning and testing websites securely, but that is beyond the scope of this article. Make sure any maintenance contract takes into consideration the costs of hosting a staging clone, if any, and that any user accounts and protected content are just as protected on the staging site as they are on the production site.
- Finally, make sure clients understand before you build their website that all these components must be constantly updated, and that such time is billable. Push back here once again comes from unrealistic expectations on the part of the client which you, the WordPress Integrator, are responsible for addressing in the very first meeting. I have never encountered clients willing to pay these fees until they understand the value of what is being built. Communicating that value is another article, but it definitely starts for some with a light education on what the web design world offers and where your services fit within that market space. This is called “triangulation”, and allows your client to understand the actual market place you operate within as well as what makes you stand out.
Keep in mind that clients don’t care about plugins and themes. They care about functionality and aesthetics. Though this fact makes it tempting to want to hide “all this plugin and theme complexity” from a client, it is often not in the best interest of the client to do so; depending on your business model.
I am developing a subscription based lease model for some client websites, but in my current model the client owns the site and all its assets (as much as ownership is possible for open source projects). Once launched, they are responsible for its ongoing maintenance and health unless they source that aspect to my company through a maintenance package. It is imperative that I educate my clients on what they are buying and the ongoing responsibilities that entails. How effective I am at this educational aspect absolutely determines my likelihood of being awarded the contract and the quality of life we experience together as the project is completed.
Create A Library Of Trusted Plugins and Themes by Use Case
It is arduous, tedious work testing plugins and themes for interoperability and security. Also, many beautiful themes found on the major theme repositories require certain plugins or they won’t operate correctly. It’s important that once you have gone to all the trouble to determine which components work well together, solve certain use case issues (like secure sign-up for a membership site using e-mail validation routines), and don’t impair the website through an update cycle, that you document them and keep on top of what their authors are doing.
You want to have at your disposable a library of themes and plugins with a document that cross-references them by use case. Preferably this document is an Integrator’s Guide you maintain for yourself and those on your team which describes the configuration and interoperability for each use case. It’s true that this allows you to build on past successes, but there’s an even more important point to doing it this way. It allows you to create a standardized baseline pricing model for the different features your client is requesting.
It is also important to realize that, for a WordPress Integrator, plugin and theme authors are nothing less than an extension of the programmers you may have direct, personal relationships with in the analog world. Treating them as such goes a long way toward avoiding problems, or getting their help, when the compass starts to point south.
The Bottom Line
Making a business out of the all the creative and technical work that goes into building a WordPress website means leveraging talent and resources just as it does in any other industry.
Positioning yourself correctly in the minds of potential clients requires educational aspects to your marketing materials that strike a balance between the technical and business knowledge required for the client to understand your value.
Then too, knowing when to get a programmer you can trust involved is just as important as knowing how many plugins you can safely leverage given your own skill sets. By having a methodology, and the right financial expectations set with your clients as it relates to components and their licenses, your ability to serve a more sophisticated and lucrative market space increases…even if you’re the only employee of your company.