1. Home
  2. Unauthorized WordPress plugins
Searching...

Unauthorized WordPress plugins

Content

On the WordPress environment, we disallow certain plugins for one of the following reasons:
- They duplicate our included services,
- They contain serious security holes,
- They add unnecessary load to the server.

Currently, sixty two (62) plugins are not allowed on our platform.

Mechanism

Whenever our maintenance scripts find an unauthorized plugin, it will be systematically deactivated from your installation with no way to reactivate it.

Unauthorized plugins

Numerous tests were carried out before the plugins were put in this blacklist which is not exhaustive and can be modified by our services at any time.

With over 36,000 plugins in the WordPress Repository, here's what we prohibit.

Caching plugins

Most of these plugins do not cooperate with our custom caching environment (Varnish). As a result, we cannot make them work in parallel with our solution, as this could do more harm than good to your WordPress.

Autoptimize
WP Super Cache
WP File Cache
WordFence

Also, you shouldn't have to worry about the speed of your site, because that's "our job". And our speed is hopefully one of the main reasons why you chose us as your dedicated WordPress hosting provider.

As an aside, we have not banned Batcache, Quickcache (and similar) simply because they will not work on our environment.

WP-Rocket is, on the other hand, compatible with our platform and allows you to benefit from the Lazy Load and the minification.

W3 Total Cache is also compatible and allows you to increase your performance with certain themes such as Divi and Enfold.

Backup plugins

We already do multiple nightly backups of your site on seven rolling days and the first of each month for the past three months. The backups are automated and the data is kept securely outside of your WordPress. You can access any of the last ten backups at any time, and you can either restore one of them or download an archive containing your WordPress folder and database.

If you feel more secure with an off-site secondary backup, we recommend VaultPress on our servers.

However, we do not recommend using backup plugins. They unnecessarily duplicate our built-in functionality. Many of these plugins may perform their backup tasks at inappropriate times. This can slow down database connectivity with our extras and sometimes generate very large MySQL queries, which could cause delays on sites.

WP DB Backup - Although it recommends not to save the backups on the local file system.
WP DB Manager - Local storage is the only option here and a protective .htaccess file would be recommended, but disk space usage is a major concern.
BackupWordPress - Because it duplicates a number of files on the disk when they are already in our backups.
AkeebaBackupCore - Duplicates files and stores its backups on the root of your FTP.
Backupbuddy- Duplicates files and stores backups on the FTP.
All In One WP Migration - Backup system that can corrupt our backups.

If you ever need a full backup of one of your sites, you can access it from the WPserver console.

Server & MySQL plugins

There is another class of plugins that we ban simply because they cause a heavy load on our servers or create too many MySQL queries when misconfigured.

Broken Link Checker - even overwhelms our Varnish caching layer with an excessive amount of HTTP requests.
MyReviewPlugin - Overloads the database with a large number of database entries.
Linkman - Like the MyReviewPlugin above, linkman misuses the database.
Fuzzy SEO Booster - Causes a large number of MySQL queries.
WP PostViews - Inefficiently writes to the database on every page load. To track traffic in a more scalable way, the statistics module of the Jetpack Automattic plugin, Google Analytics, works great.
Tweet Blender - May result in increased server load.

Plugins to connect people

Almost all "Related Posts" plugins suffer from the same basic problems regarding MySQL usage, indexing and searching. All these problems make these plugins extremely database intensive. The ones we have banned outright are:

Dynamic Related Posts
SEO Auto & Relates Posts
Yet Another Related Posts Plugin
Similar Posts
Contextual Related Posts
yuzo-related-posts

There are dedicated services that allow you to offload these features from their servers.

Jetpack Related Posts
Inline Related Posts
Reverb
Outbrain
LinkWithin
Contextually

If you have used the Broken Link Checker plugin and still want to track your broken links, we recommend using one of the following tools to check for broken URLS on your site:

This is not a plugin but this service does the job: www.brokenlinkcheck.com .
The best solution to search for broken links is an application that you install on your computer like the three below:

Broken Link Check - online, limited to 3,000 pages.
Xenu Link Sleuth - Windows only.
Integrity - Macintosh only.

Plugins that duplicate each other

Like caching and backup plugins, these plugins duplicate the functionality we've built for you in a more efficient, scalable and configurable way.

No Revision - We limit the number of revisions to three for all clients by default.
Limit Login Attempts - We already have a similar system on the server side that allows us to offload your WordPress installation.
Force Strong Passwords - We already have a similar system on the server side that allows us to offload your WordPress installation.
WordFence - This plugin takes many security features and caching that already exist natively in our environment and can cause problems.
iThemes Security - This plugin protects your wordpress site from brute force attacks and other types of attacks.
WP Optimize - The databases are already optimized regularly.

Email plugins

We know that WordPress is able to send emails, but that doesn't mean we should use it. Especially when there are specialized services like MailChimp, Constant Contact, AWeber and countless others. Each offers complete email solutions for your business that will give you better results than WordPress.

If your domain's email provider offers its own SMTP server, you are welcome to set up your outgoing server. But you should check with your email provider about email policy, anti-spam and other options before doing so.

Basically, when our customers want to send emails, we want them to have the same service that Wpserveur can provide to your WordPress. Therefore, we recommend using one of the services listed above. To this end, we have rejected the following plugins, as they allow you to send mass emails with WordPress which can overload our servers and call up unauthorized directories:
WP Mailing List
MyMail
ALO EasyMail Newsletter

Various plugins

The other plugins we decided to proactively remove are:

Hello Dolly! - Sorry, Matt.
Query Monitor - Causes crashes and 502s with the varnish cache.
WP phpMyAdmin - Rejected due to a serious security issue. Our console already gives you access to phpMyAdmin without a plugin.
EWWW image optimizesr - Forbidden because of the exec() function which could compromise the security of our systems.
Wp-Spamshield - Prevents Varnish caching due to its cookies.
NewStatPress - Too many queries in the database.
Quttera Web Malware Scanner - Too many queries in the database.
WP Security Audit Log - Too many queries in the database.

Complete list

These are the files and folders we look for when scanning for unauthorized plugins. Compare your /wp-content/plugins/ directory to see if anything you have installed may conflict:

alo-esaymail akeebabackupcore adminer all-in-one-wp-migration async-google-analytics autoptimize backup backupbuddy backup-scheduler backupwordpress backwpup better-wp-security broken-link-checker contextual-related-posts dynamic-related-posts ewww-image-optimizer ezpz-one-click-backup file-commander fuzzy-seo-booster google-xml-sitemaps-with-multisite-support hc custom wp admin url hcs.php hello.php jr-referrer myMail no-revisions newstatpress ozh-who-sees-ads portable-phpmyadmin query-monitor quick-cache quick-cache-pro recommend-a-friend seo-alrp si-captcha-for-wordpress similar-posts spyderspanker spyderspanker_pro super-post superslider text-passwords the-codetree-backup toolspack tweet-blender wordfence wordpress-gzip-compression wp-cache wp-database-optimizer wp-db-backup wp-dbmanager wp-engine-snapshot wp-file-cache wp-mailinglist wp-optimize wp-phpmyadmin wp-postviews wp-slimstat wp-spamshield wp-super-cache wp-symposium-alerts wpengine-migrate wpengine-snapshot wponlinebackup yet-another-featured-posts-plugin yet-another-related-posts-plugin yuzo-related-posts

Our opinion, our choice

In no way are we suggesting that these plugins are bad. Some of them, such as Related Posts, can be very good for content discovery and SEO on most sites. However, our main goal is to satisfy our customers.

The same is true with "not secure" plugins, we try to work with the developers of these plugins to find a solution. We may temporarily add a plugin to our unauthorized list. But we will be happy to remove it from the list once the problem has been resolved.

In all cases, when asked, we try to provide reasonable alternatives. If you have any questions about these plugins or need help finding an alternative, please contact our support team via ticket.

Updated on 29 October 2020