Web Developer& AI Consultant
markus stoeger
ContactDE
Back to all tutorials
MasterAI

Not every problem needs another plugin

27 June 2026·6 min·WooCommerce, WordPress, Plugins, Custom Code, Performance, Security
Not every problem needs another plugin

There's a reflex in the WordPress world: need a feature? There's a plugin for it. Install, activate, done. Do that for two years and your shop is running on a tower of 20, 30, 40 plugins — and every one of them is quietly costing you.

The average WordPress site runs 21 plugins (WP statistics 2025). A WooCommerce store is usually higher. The uncomfortable part: most of those don't need to be plugins at all.

What each plugin actually costs

  1. Speed. Most plugins load their own CSS and JavaScript on every page — even the ones that only do something on the checkout. The bundle grows, the pages get heavier.
  2. Security. This is the big one: 91% of WordPress vulnerabilities live in plugins (not core), per Patchstack's 2026 report. 92% of successful breaches came through plugins and themes, not WordPress itself. More plugins = more attack surface.
  3. Update roulette. Every plugin is one update away from a conflict that breaks your shop. The more you stack, the more often something snaps.
  4. Licences. Single-feature plugins and page builders add up — Elementor Pro starts at $59/year for one site, and the add-ons on top of it cost more again.

The alternative: a few lines of code

Here's the thing most "there's-a-plugin-for-it" advice skips: a huge number of those features are 20 lines of code in your theme.

A conditional shipping rule, a custom checkout field, hiding a payment method for certain products, a tweak to order emails — these are small, well-documented WooCommerce hooks. Instead of a 1.2 MB plugin with a yearly licence and its own CVEs, you get a few lines that load nothing extra, cost nothing, and can't be exploited as a separate component.

add_filter('woocommerce_package_rates', function ($rates) {
    // your one rule, right here — no plugin required
    return $rates;
});

The honest rule (this isn't plugin-bashing)

Plugins aren't the enemy. Some you absolutely keep:

  • Keep: your payment gateway, your security/backup layer, WooCommerce itself, anything that's a genuine system.
  • Often replace with code: single-feature add-ons, "I just need this one thing" plugins, and heavy page builders that bloat every page.

The skill isn't "never use a plugin." It's knowing which problems need one and which are a five-minute hook — so your shop stays lean, fast and small enough to actually secure.

Want to know which of your plugins can go?

This is exactly what I do for clients: audit the plugin stack, find the ones that are pure bloat or risk, and replace them with lean custom code. Fewer moving parts, faster pages, smaller attack surface, lower licence bills.

Want the next build & audit guides — with every gotcha? Subscribe to the "Built with AI" newsletter.

Prefer done-for-you? Drop me a line — it's what I do day to day.

Built with AI — the newsletter

Hands-on AI tutorials and the tools I actually use — straight to your inbox. Free, no hype.

Powered by Substack. Unsubscribe anytime.

Back to all tutorials