Discover Faithlab and quickly learn who we are

If you’re a pastor who has ever gotten a text on a Saturday night that says “the website is down” — and you had no idea what to do with that information — this post is for you. It’s also for the person who actually installs things on the site, who’s been quietly wondering whether that free plugin was such a good idea after all.

Here’s the thing almost nobody tells you: most church and nonprofit website failures aren’t hacks, and they aren’t hosting problems. They’re plugin problems. A plugin gets abandoned, or two plugins disagree, or an update lands wrong, and suddenly the giving page is a blank white screen on the one weekend you actually needed it. The good news is that this is largely preventable, and the prevention costs less than a single week of coffee for the staff meeting.

The short version

  • A WordPress plugin is a piece of software written by someone you’ve never met, running inside your website with a lot of freedom to break things.
  • Most site outages at small organizations trace back to a plugin that was abandoned, poorly built, or fighting with another plugin.
  • Free plugins are often excellent. But “free” usually means no support, slower security fixes, and no guarantee anyone is still maintaining it.
  • Paying $30–$100 a year for the pro version of the two or three plugins your site actually depends on is the cheapest insurance you will ever buy.
  • Fewer plugins, better plugins. That’s the whole strategy.

What a plugin actually is (and why it can take your site down)

WordPress on its own is fairly plain. Plugins are the add-ons that make it do specific things: collect donations, run an event calendar, build page layouts, secure logins, make forms, speed up loading. A plugin isn’t sandboxed off in a corner. It runs inside your site with real power. A badly written plugin can slow every page down, conflict with another plugin, or crash the whole thing. If a plugin has a security hole, that hole is now your site’s security hole.

So when a volunteer installs a plugin because it looked useful, they’re not adding a feature to a website. They’re inviting a stranger’s code to live in the building and handing it a key to most of the rooms. Usually the stranger is a good and competent person. Sometimes the stranger moved away three years ago and stopped answering the phone.

That’s not an argument against plugins. You can’t run a modern site without them. It’s an argument for being choosy.

The three ways plugins actually break sites

1. Abandonment. Someone built a nice free plugin in 2019, got busy, and stopped updating it. WordPress kept moving. PHP — the programming language WordPress runs on — kept moving. Then your host upgrades PHP, and the abandoned plugin doesn’t survive the upgrade. Your event calendar is now a stack of error messages.

2. Conflict. Two plugins both want to control the same thing — say, how images load, or what happens when someone submits a form — and they trip over each other. This is why a site can be totally fine for eight months and then break on a Tuesday when something unrelated updates.

3. Security. Plugins with security vulnerabilities are one of the most common ways WordPress sites get compromised. Well-maintained plugins get patched fast, and the fix lands in your site automatically. Abandoned ones never get patched at all — the hole just sits there, indefinitely, waiting.

Notice that all three of these are really the same problem wearing different clothes: is somebody still taking care of this thing? That’s the question. Not “is it free.”

Why the paid version is usually worth it

I want to be honest here, because the case for premium plugins is often oversold. Plenty of free plugins are superb and actively maintained. Plenty of paid plugins are mediocre. Money is not a guarantee of quality.

But money is a pretty good signal of sustainability. Here’s what you’re actually buying when you pay:

Someone whose job depends on maintaining it. A plugin with a real revenue stream has a developer who eats based on whether it keeps working. That’s a much stronger promise than a volunteer’s good intentions.

Faster security patches. Commercial plugin companies have a business reason to fix problems quickly and push updates out. That’s exactly the behavior you want from software running on the page where people enter their credit card numbers.

Actual support. When the giving form stops working at 9pm on a Saturday, the free version gives you a community forum where you can post a question and hope. The paid version gives you a support ticket and a human being who is obligated to answer it. If you have ever spent four hours of a pastor’s week troubleshooting a form, you understand exactly what that support ticket is worth.

Documentation that assumes you’re not a developer. Premium plugins usually have real, written, human-readable docs. Free ones often have a README and a prayer.

No upsell nags in your dashboard. A small thing, but the free tiers of many plugins spend a lot of energy trying to sell you the paid tier — banners, notices, disabled buttons. Paying makes the site calmer to work in.

Now do the math the way a board would. A pro license on a serious plugin runs somewhere in the neighborhood of $30 to $100 a year. If your site has three plugins that genuinely matter — say, forms, security, and whatever handles giving or events — you’re looking at a couple hundred dollars a year, total. Compare that to one emergency call to a developer to un-break the site, which will cost more than that in a single afternoon. Compare it to a giving page being down over a stewardship weekend. Compare it to the hours your administrator loses that could have gone to actual ministry.

This is a stewardship argument, not a tech argument. Cheapest is not the same as most responsible.

How to vet a plugin before you install it (a 5-minute check)

This is the part to hand to whoever actually manages the site. Before installing anything, open its page in the WordPress plugin directory and look at four things:

Last updated. If it hasn’t been touched in over a year, walk away. This one check eliminates most of the danger.

Active installations. Ten thousand or more means a lot of other people are pressure-testing it, and problems get found and fixed. A plugin with 200 installs might be great, but you’re one of the test subjects.

Support forum activity. Click into the support tab. Are recent questions being answered by the developer, or are there fifteen unanswered threads from March? Silence is the tell.

Who makes it. Is there a company behind it with a real website and a paid tier? Or is it a hobby project? Hobby projects are fine for something cosmetic and catastrophic for something load-bearing.

And then one rule that matters more than all four: the fewer plugins you have, the fewer things can break. Every plugin is a dependency. If you’re running 34 plugins on a church site — and I have seen far worse — a good chunk of them are probably doing something you no longer need, or something a plugin you already have could do. Deactivating and deleting a plugin you don’t need is free, takes two minutes, and makes your site faster and more stable.

What to watch out for

Don’t buy premium for everything. That’s the overcorrection. Pay for the two to four plugins your site genuinely depends on — the ones that would ruin your week if they failed. Everything else can be well-maintained free software.

Lifetime deals are usually a trap. A one-time payment for “lifetime updates” sounds thrifty, but it means the developer has no ongoing revenue to fund ongoing maintenance. Annual renewal is annoying, and it’s also the thing that keeps the lights on.

Actually renew the license. An expired premium license often stops receiving updates — which quietly puts you back in the abandoned-plugin scenario, except now you paid for it. Put the renewal dates on a calendar, or better, in the church’s annual budget as a line item. “Website software licenses: $250/year.” Boring. Effective.

Nulled plugins are a hard no. If someone offers you a paid plugin for free from a site that isn’t the developer’s, don’t. Those files are a well-known delivery mechanism for malicious code, and you’d be installing it on a site that handles donations.

A small next step

This week, ask whoever manages your site to do one thing: open the Plugins page in WordPress and read the list out loud. For each one, answer two questions — do we still use this? and when was it last updated?

Delete what you don’t use. Flag anything that hasn’t been updated in a year. Then pick the single most important plugin still on the list — the one that would hurt most if it broke — and go look up what the pro version costs. If it’s under $100, put it in the budget. And if you are a Faithlab client (or would like to be), ask us about a plugin you’re considering!

That’s it. Fifteen minutes, and your site is meaningfully more stable than it was this morning.


If posts like this are useful, you can get them in your inbox — subscribe to the Faithlab blog. No sales pitches, just practical help for church and nonprofit communicators.