How to Find and Vet WordPress Plugins and Themes

When you’re first starting out on WordPress, it can all feel a bit overwhelming. In addition to learning how to use the platform, you’ve also gotta figure out what themes and plugins you’re going to need to power your website. There are thousands of themes and plugins available on the WordPress repository and then there are other paid premium plugins and themes not on the repository. So how do you pick the right one when there are so many to choose from? Through a lot of trial and error, I’ve devised a strategy for vetting themes and plugins that I’ll share with you below. I’ll also share my list of preferred free, freemium, and premium plugins and themes, as well as professional insights for each.

Where Do You Find Plugins and Themes?

When it comes to finding the right plugins and themes, there are two major marketplaces:

The repository is the most popular and reliable place to find today’s most used free and freemium plugins and themes. It’s managed by the WordPress foundation and is by far the most reputable place to find plugins and themes. The WordPress repository, or “repo” for short, only accepts free and freemium plugins – paid plugins are not allowed.

Envato is the world’s leading marketplace for buying and selling creative assets. It consists of several different brands that each sell different types of products. The two that apply most to us are ThemeForest and CodeCanyon. ThemeForest is a place for developers to sell their themes. CodeCanyon is a place for developers sell their plugins.

Changelogs Are Your Friend!

Before deciding on any plugin or theme, you should always take a look at it’s changelog. A changelog is basically a historical record of updates the developer has made to the plugin or theme. Changelogs are publicly available for most software – and WordPress plugins are no exception. Both the repository as well as Themeforest and CodeCanyon require developers to provide development change logs. I’ve attached a few photos of where you can find them below. Changelog

You can find the changelog for any plugin in the repository by clicking the ‘Development’ tab at the top of the plugin page. On the development page, you’ll find the changelog, along with a number of other stats that will be valuable when considering a plugin.


ThemeForest/CodeCanyon Changelog


Things to consider when looking at the changelog…

  1. How long has the plugin or theme been listed in the repository or on ThemeForest/CodeCanyon?
    • The fact that a plugin is brand new does not indicate it’s actual usefulness or the quality of its code. With new plugins you are really taking a gamble though, so do your research and choose wisely. Look for examples of the developers other work and if not listed, ask for examples. Just because it’s a new plugin doesn’t mean that the same developer hasn’t published other popular plugins. The thing to remember when you go with a new or newer plugin is that you’re really taking a risk, so have a backup plan in the event the plugin doesn’t work out.
  2. When was the plugin or theme last updated?
    • If it’s been updated within the last 3 months: You’ve got nothing to worry about, it should be safe!
    • If it’s been updated in the last 3-6 months, take a look at the changelog to see how frequently the plugin or theme has been updated in the past.
    • I wouldn’t install a plugin that hasn’t been updated in the last 6 months. I would consider a plugin neglected if it hasn’t been updated within the last 6 months.
    • Plugins and themes that haven’t been updated in more than 2 years are considered abandoned and I would not install these plugins under any circumstance. Outdated plugins and themes are the #1 reason WordPress websites get hacked. If a plugin you really need has been abandoned, you should first try to find an alternative plugin, and if all else fails, seriously consider working with an experienced developer to check the code for conflict and security flaws and have them make any changes necessary to remediate those issues prior to installing it on your site. Important note: If your developer makes any substantial changes, have them do it using hooks in a ‘must-use’ plugin, or else they’ll need to rename the plugin entirely to avoid their updates being overwritten by future updates from the original developer.
  3. How frequently are the updates released?
    • This should give you a good idea of whether they are actively developing the product to add new functionality or just maintaining the code to avoid conflicts and security flaws. If there’s an update more than once a month, there’s a good chance the developer is still actively developing the plugin. If there’s only one update every 3-6 months, then it’s probably not being actively developed and chances are, the developer is primarily releasing security patches.
  4.  Is there a pattern of publishing updates to patch security issues?
    • If the developer is constantly releasing updates that include security patches, this might be an indication of a larger pattern of security flaws in the developers code.
  5.  How active is the plugin author in support forums/comments section?
    • If you look through the support forum (WordPress Repository) or comments section (ThemeForest/CodeCanyon) for the plugin or theme and see that there are a bunch of unanswered questions, this should be a major red flag. If the developer isn’t responding to others in the support forum or comment section, it’s pretty unlikely they are going to respond to you when you need help. Also check: to see if the developer hosts their own support forum outside of the repository or marketplace.
  6. Has the plugin been tested with the latest version of WordPress?
    • The fact that a plugin isn’t listed as tested with the latest version of WordPress doesn’t necessarily mean it isn’t compatible. It simply means that it hasn’t been tested. You can still test it yourself to see if it works, but this should be a red flag as it frequently also means the plugin hasn’t been updated in a while.

How Many Active Installs?

The number of active installs is a direct indication of the value, functionality, and usability others have found in that plugin. The repository identifies how many sites have each plugin installed and activated. ThemeForest and CodeCanyon on the other hand list the number of times a plugin or theme has been bought.

Plugin reviews?

Just like anything else you buy online, the number and quality of reviews a plugin has is an easy identifier of how happy other users are with you. Pay attention to the reviews!

Free, Freemium, or Premium?

  1. Free – While there are still a number of plugins offered completely free on the WordPress repository, most developers have begun moving in the direction of freemium or premium.
  2. Freemium – this is when plugins are offered for free with a selection of basic features, but you have to pay to get the premium features.
  3. Premium – some plugins are not offered for free at all. These developers have chosen to instead pursue a premium licensing model where you have to purchase a paid license to use the plugin.

My Preferred Plugins


SEO Framework (Free)

Yoast SEO (Freemium)

SEOPress (Freemium)


W3 Total Cache – More advanced settings

WP SuperCache – Fewer advanced settings – easier for newbies

Photo Compression



Learning Management





Site Migration

All-In-One Migration


WP Time Capsule






My Preferred Themes


Beaver Builder