Social Share Buttons – Site Performance and Security Killers

UPDATE: There is an all new case study released on 2/18/19 with more speed, Pinterest, and Google PageSpeed Insight scores on the most up-to-date social share button plugins.

All content marketers want their posts to go viral. But some social share buttons are major performance and security offenders. And some even track viewers who share your posts, which is a privacy issue. See the eye-opening results of 13-point, head-to-head tests on 12 of the most popular social share button plugins and how the one your using stacks up.

The Winner

I’m going to save you some time and tell you the top performing social share plugin.

It’s Simple Share Buttons Adder This plugin has the most options, a great look, and one of the lightest loads of all the plugins tested. Besides being a super performer, it has none of the tracking or security issues of other plugins. Win-win-win.

Here’s a super video tutorial on all this little plugin can do.

The Runner Up

AddToAny is a top pick as well because it offers so many customization options. But, it did set a cookie, and had one additional DNS request that ran a little slow. However, it offers integration with Google Analytics and that can be a bonus to serious content marketers who need to track their shares.

See the Results Chart

A full spreadsheet with all of the data, including requests, total load time, and byte count is available to view. It’s a Google Drive embed, so there’s nothing to download.

Plugins Tested

The twelve plugins tested were:

What Makes Them Slow

Social share plugins put a variety of loads on a site including adding more JavaScript, CSS (style sheets), images, and even additional requests to external domains.

Basically, the fancier the plugin, the more load it adds to the site.

Here are a few examples.

A site with no social sharing buttons fully loaded in 2.059 seconds.

WPSocialite took 2.266 seconds. While AddThis took 5.080 seconds.

Requests

How many extra things the plugin requires to run comes in the form of requests.

WPSocialite adds 6 requests. While AddThis adds 33.

Fancy buttons like Digg Digg adds 42 requests. It is at the bottom of the performance list, along with Flare, which adds 36 requests.

Counters Cost

Fancy numbers come at a cost too. For these tests, I configured the plugins as simply as allowed. If there was a choice to kill the counters, I did. Some plugins offered no options for that.

Counters have to make at least two calls to the world outside of your site to be accurate. Some make several more calls. That becomes both a performance and security issue.

Ditch the Counters

A few content marketing folks stand by the idea that counters encourage shares. Ask them the last time they actually tested that theory.

In fact, some major sites that have numbers well worth showing off, like Smashing Magazine, removed their social sharing buttons completely, counters and all, because the shares are happening directly on social media, not from the site. And their shares have actually increased! (CopyBlogger removed comments for the same reason, and with the same result.)

Tracking Matters

Savvy web surfers are turning off cookie tracking. It’s just creepy to visit a site and then see an ad for what it offers, or related things, in your Facebook stream immediately afterward. Several share buttons have similar tracking features.

In other words, they spy on your viewers to see where else they go online and what else they like.

Two of the plugins that set cookies are AddToAny and AddThis.

Watch What You Block

Several of the plugins run apps and make calls to https://evsecure-ocsp.verisign.com/ That’s for Akamai Technologies, and while their headquarters is in Cambridge, Massachusetts, their CDN for these apps is in the Netherlands.

So, if you’ve got country blocking on via some security plugin or your CDN, like CloudFlare, you could be kicking your share button into the dirt.

Security

The OCSP part of the app mentioned above stands for Online Certificate Status Protocol. It’s used to maintain security of a server and other network resources.

A round trip request is made the minute a viewer lands on your post so that they see the share counts.

When they click a share button that uses this app, one call goes out to their server, is checked against their whitelist, and then is returned to your site as a counter increment.

Multiple things can go wrong in those round trips.

By using a share button plugin that has this app, you are giving license to that company to inject something on your site. If the data packet has been compromised, so has your site.

Several popular social sharing plugins have suffered multiple malware injections and other security issues of this nature.

At least one of the plugins on this list has been removed from the WordPress repository twice for it.

Chewing up Bandwidth

Some of the plugins also connect to clients1.google.com/ocsp, which is another cloud service. There are several reports of it constantly sending requests and results, eating up bandwidth. And even a recent report of it leaking data due to the Heartbleed vulnerability.

The Least Secure Plugins

Here is a list of the plugins that make the OCSP type requests:

Slick Social Share Buttons
Async Social Sharing
Share Center Pro
Flare

The Worst Performance of All

Of the 12 plugins I tested, the one with the worst load, by far, was Social Sharing Toolkit. It’s a great plugin for providing share and follow buttons everywhere on the site. But, it lacks async loading. And the worst part is, it loads everything, even if it’s not in use. That resulted in a whopping 409 requests!

I used and recommended this plugin for years due to its all-in-one convenience and security. But, this test has clearly shown that it is not the best choice for performance.

I’ve switched to Simple Share Buttons Adder because of its light load and security. And I’ll show you in an upcoming tutorial what I switched to for the social follow buttons it also provided.

Looks Matter

Most site owners choose their social plugin based mostly on looks. I get that. But, the fact is, fashion cannot outweigh function when it comes at too high a price.

I actually wanted to use the rtSocial plugin, but it didn’t give enough options for where it displayed, and that had a negative impact on the look of my site. (It displayed the buttons even below custom Text widget content in the sidebar!)

The Social Share Button Performance Chart page also has screenshots of how all of the plugins displayed on my test site. Keep in mind that I turned off counters when possible. So, just because they are not shown in the screenshot doesn’t mean that there is no option for them.

What I Didn’t Test

Social share buttons can be added to your site manually. Customizing features and code for them is available from each social site. I didn’t include them in this test because frankly, I doubt most of you want to hard code them into your site. I’m betting you’ll all use plugins. I did.

How Did Your Plugin Do?

Did you find your plugin in the list? Were you shocked by how it actually worked on your site? Leave a comment and let us know, and if you’re switching to another plugin and why.

2 Comments

Danny Brown says:
July 15, 2014 at 12:06 pm

Great article, and definitely an eye-opener on the various sharing options. Curious about a couple of things:

1. Was the Flare option the hosted version they’re working to now, versus the original WP plug-in?

2. Were these tested with or without caching options switched on? I’ve seen various plugins act differently when they’re part of a site that uses caching options.

I’ve been using Flare for a while now, and really happy with it (although will revisit to compare your test). Also looking into Ultimate Social Deux (premium plug-in). Have you had a chance to look at that and, if so, any thoughts on where it would sit?

Cheers!
1. MaAnna Stephenson says:
  July 15, 2014 at 2:36 pm
  
  Hi Danny. All great questions. Yes, the Flare option was the hosted version, not the plugin that they are no longer actively developing. And I have to say, they have the most round about way of registering. Like going around your elbow to get to your hand!
  
  No caching of any kind was used, including local cache or CDN. Yep, you’re right about them performing differently when those options are turned on.
  
  Please do let us know how Ultimate Social Deux performed for you. I haven’t checked it out yet.

Comments are closed.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.