4 min read

What is the difference between a plugin and integration?

Plugins and integrations allow applications to do more things.
What is the difference between a plugin and integration?

When looking for a platform to create blogs and newsletters, you've come across plugins and integrations. But what are the differences between them? Or why should you prefer one or the other?

That's what you'll find out in this article.

There is a lot to consider, like security and impact on performance.


Affiliate Disclaimer: Some links are affiliates. This means that if you buy after clicking on one of those, I get a commission at no additional cost for you.


What is a plugin?

A plugin is software that can be installed into a host application to modify it. Think of them as an additional software.

Plugins are also known by names like addon or extension.

A practical example is using a plugin to add comments on a WordPress site.

They can be installed on local or remote programs. This means installing a plugin on a browser like Google Chrome or a WordPress website.

The effect of plugins varies significantly between changing the user interface (GUI), more customization options, or adding missing functionalities.

The creation of plugins can be the responsibility of the software parent company and 3rd-party devs if the code is open-source.

What is an integration?

Integration is the connection between 2 or more different software via APIs (Application Programming Interface).

Integrations serve to communicate, share, embed, enhance or automate processes and data. They allow the creation of advanced workflows with several relationships simultaneously.

You can also think of integrations as plugins that don't need to be installed.

The advantage of using integrations is that you have more control over what information is shared. Also, it's easier to turn on or off integrations and delete them!

An example of integration is connecting Ghost CMS with Cove to enable comments on posts. Another is to make Airtable email me every time someone subscribes to my newsletter.

Subscribe for tech stories, rants and updates

What are the differences between a plugin and an integration?

The main difference between a plugin and an integration is that plugins need to be installed. In contrast, integrations work by sharing a piece of code.

So, a plugin is an additional piece of software to the host application. While integration is making at least 2 different solutions communicate information between them.

2 critical details make integrations a good security option:

  1. APIs don't start sending information automatically when they are connected;
  2. An API will only share the information that the developers decide. This means APIs don't give access to all data.

For example, this is like me giving a key to my property gate to a friend. They will have access to the yard but not to the house.

So, when it comes to security, integrations are safer than plugins, even more if they use API keys with data encryption.

Also, APIs can be read-only. This means software B using the API will receive information but cannot send back changes for software A to store them.

Further, integrations are easier to deactivate if there is a security issue.

Plugins are considered "deeper" integrations, so they are treated differently.

As plugins need to be installed, they can access more data, which is problematic if there is a vulnerability.

Plugins are useful to save time, money and add features, but they open the door to bad actors in unpleasant ways that can hurt a machine or website.

Potential security issues with plugins for computers and blogs

As I said above, plugins are handy, but they also bring risks, including hacks.

Because plugins need to be installed, you should pay more attention to them, especially when considering that some plugins are disguised viruses. Some bad actors create plugins that work as a regular plugin would but later hurt you. This holds true for several programs or plugin stores on the web.

💡
Good citizens and employers of those app store owners work to find, report and remove such plugins, but new ones always appear.

Additionally, things that can make plugins dangerous are errors in the code.

Humans make plugins, humans make mistakes, and plugins have unintended errors, even from well-intended developers. Eventually, shit happens with plugins.

These errors and problems can happen with Google Chrome, WordPress, or any other software that uses plugins with software that "needs internet".

When talking about WordPress, plugins represent a significant vulnerability in the system, and some plugins are so bad that hackers can take control of the site.

Sectigo and Sitelock made a report estimating that for every 5 plugins, the risk of an attack doubles.

Another consideration is that some plugins aren't patched or updated for security.

This brings me to the recommendations when dealing with plugins:

  • Reduce the number of plugins you use. It will be better for security and performance. Some plugins without optimized code can make a WordPress site slower;
  • Update plugins frequently. On WordPress, you have the possibility of enabling auto-update for plugins;
  • Check if the plugins you use aren't abandoned. If a plugin isn't updated for a long time, the risk of vulnerabilities increases.

Summary

In this article, you learned more about a plugin and an integration and their main differences.

Remember, plugins need to be installed to work, and integrations don't. They both allow adding and modifying apps while having have overlapping features and use cases.

Integrations allow you to create workflows by connecting several apps simultaneously while doing many of the things that plugins do.

Plugins usually give more flexibility and options for customization. But they cause more security issues.

In short, plugins are easier to use and require less technical knowledge to operate. But integrations can be safer.

As for advice, I recommend you use the minimum amount of plugins possible. It will be better in terms of security and performance. Also, remove inactive plugins, especially on WordPress.

As a personal note, I prefer to use integrations when possible.


Subscribe to newsletter about tech for blogs and newsletters