WP Engine Products

WordPress Hosting

Boost performance while managing less

WooCommerce Hosting

Build faster and sell more with WooCommerce

Agency and Client Management

Automate client billing, reporting, & more

Headless WordPress

Build, deploy, and manage headless sites

View More Products

Solutions

Small Businesses

Enterprises

Agencies

eCommerce

View More Solutions

Website Tools

Smart Plugin Manager

Website Tester

Website Monitoring

WordPress Themes and Tools

Local WordPress Development

Featured Plugins

Advanced Custom Fields

Build rich, custom content editing experiences

WP Migrate

Migrate WordPress sites with confidence

WP Offload Media

Offload media assets & serve them lightning fast

WP Offload SES

Improve email send reliability with Amazon SES

View More Recommended Plugins

WordPress Resources

WP Engine Resources

Articles and videos for help with WordPress

WP Engine Help Docs

Guides for site setup & troubleshooting

Free Website Migration

Automated migration plugin & support

Find a WordPress Agency

Need help? Search our agency directory

Stay Connected

WP Engine Blog

Builder Community

Headless Developer Community

Torque Magazine

Velocitize Magazine

Thought Leadership

Velocitize Talks

Erik Posthuma of Aleph-labs on Web3, Cryptocurrency, & More

Podcast

Press This, the WordPress Community Podcast

Study

The World’s First Study of the WordPress Economy

Why WP Engine?

Our Platform Technology

Managed WordPress Hosting

Fast WordPress

Secure WordPress

24/7 WordPress Support

About Us

WP Engine Reviews

How You Win with WP Engine

Build faster, protect your brand, and grow your business with the #1 WordPress platform to power remarkable online experiences.

Learn More

Customer Spotlight

Peak Performance With Headless WordPress

Android Authority increases speed 6x by adopting a headless architecture with a WordPress back-end.

All Case Studies

Contact sales

Call Us

1-877-973-6446 to talk to a sales expert

Request a Quote

Submit a request for a personalized plan recommendation

Let’s Chat

Customer Support

Support Articles

Billing Help

Password Help

Log In for Support
Easiest Migration Ever!

Need Help Choosing a Plan?

We offer solutions for businesses of all sizes. For questions about our plans and products, contact our team of experts. Get in touch

Support Center
Setup A Site
Account & Features
Platform Information
WordPress Help
Troubleshoot
Browse All

Disallowed Plugins

Last updated on June 21st, 2021

PluginsSupport

At WP Engine we aim to offer the fastest and most secure WordPress hosting environment for your website. There are a handful of plugins that we’ve noted can cause various security or performance issues on your site. Our goal is to keep your site running smoothly, so for this reason we’ve made certain plugins disallowed. If you have one of these plugins, you’ll be notified and the plugin will eventually be removed from your site. We’ve broken these plugins down into groups to provide some context as to why they cannot be used.

Table of Contents
1. About Disallowed Items
2. Caching Plugins
3. Backup Plugins
4. Server & MySQL Thrashing Plugins
5. Related Posts Plugins
6. Duplicate Behavior Plugins
7. Email Plugins
8. Miscellaneous Plugins
9. Additional Scripts
10. Complete List of Disallowed Plugins
11. Disabled Modules and Functions

About Disallowed Items

By no means are we suggesting any of these disallowed plugins are “bad” plugins. Some of them, like related posts plugins, can be great for content discoverability. As your managed WordPress host however, our primary concern is to provide the fastest and most secure WordPress hosting experience we can. These plugins have proven that they will negatively impact performance or security on our platform and we’ve made the decision to prevent their use.

As for insecure plugins, we try to work with the plugin developer to have them corrected. During that time the plugin may temporarily be added to our disallowed list and we’ll happily allow it again once the issue has been addressed.

If you have any questions about these disallowed plugins, or feel a recent update to a plugin has been put forth to correct the issue we’ve banned it for, please contact our Support team.

Caching Plugins

Caching plugins can conflict with our platform’s built-in caching structure. These plugins are known to cause direct conflicts and would ultimately impact your site’s ability to load if used:

  • WP Super Cache
  • WP File Cache
  • W3 Total Cache

Many of the caching features these plugins offer we have built-in to our servers by default as part of your managed WordPress hosting experience. We have your back- don’t worry!

Backup Plugins

We discourage the use of backup plugins as they needlessly bloat your site and can store files in an insecure way. Many of these plugins also run their backup jobs at inopportune times, slowing down MySQL queries and even causing timeouts on your site.

The following backup solutions are disallowed plugins:

  • WP DB Backup — Needlessly bloats your site’s local storage.
  • WP DB Manager — .htaccess protection is recommended, but local storage usage is the major concern as it only offers a local storage option.
  • BackupWordPress — Duplicates a large number of files on local storage that are already in our backups.
  • VersionPress — In order to function this plugin needs access to server level functions that we disallow for security reasons.

We take nightly backups of all WordPress websites hosted with us. These are done in an efficient, automated manner and the data is kept securely on a separate server from your WordPress install. Our automated backups do not count towards any plan local storage limits and we make these backups available for you to restore, copy or download as-needed.

If you feel more secure with a secondary, off-site backup, we permit VaultPress on our servers.

Server & MySQL Thrashing Plugins

These plugins we disallow because they either cause a high load on the server or create an excessive number of database queries. They will directly impact server load and ultimately hinder your site’s performance.

  • Broken Link Checker — Overwhelms the server with a very large amount of HTTP requests
  • MyReviewPlugin — Slams the database with a significant amount of writes.
  • LinkMan — Much like the MyReviewPlugin above, LinkMan utilizes an unscalable amount of database writes.
  • Fuzzy SEO Booster — Causes MySQL issues as a site scales up.
  • WP PostViews — Inefficiently writes to the database on every page load.
  • Tweet Blender — Does not interact well with caching and can cause increased server load.

To track traffic in a more scalable manner, both the stats module in Automattic’s Jetpack plugin and Google Analytics work great.

We recommend that you use one of the following tools to check your site for broken links. As they are not plugins these will not have a negative effect on your site’s performance.

Related Posts Plugins

Almost all “Related Posts” plugins suffer from the same MySQL, indexing, and search issues. These problems make the plugins extremely database intensive.

The ones that we’ve banned outright are:

  • Dynamic Related Posts
  • SEO Auto Links & Related Posts
  • Yet Another Related Posts Plugin
  • Similar Posts
  • Contextual Related Posts

There are dedicated services which allow you to offload related post functionality to their servers. We advise that you look into one of the related post services instead:

Duplicate Behavior Plugins

Like the caching and backup plugins, the following plugins also duplicate things that we already do for you in a more efficient, scalable, and configurable manner.

  • No Revisions — We disable revisions for all customers by default. See our Platform Settings article for more information.
  • Force Strong Passwords — We already install & activate this plugin for you.
  • Bad Behavior — This plugin attempts to block a number of hosts that we already disallow.

Email Plugins

Just because you are able to send emails with WordPress, that doesn’t always mean you should. We want our customers to experience the same best-in-class experience with email as we provide with web hosting, so we recommend using a 3rd party service. Specialized services like MailChimpConstant ContactAWeber and countless others offer complete email solutions for your business and will provide you with optimal results.

If your domain’s email provider offers its own SMTP server, you are welcome to configure that as your outgoing server. Be sure to check with your email provider about their bulk mail, opt-in mail and anti-spam policies before doing so.

We’ve also written a blog post about sending email blasts with WordPress if you would like more information.

Further information on configuring third party email hosting can be found in this guide.

Miscellaneous Plugins

Other plugins that we’ve decided to proactively remove include:

  • Hello Dolly!
  • WP phpMyAdmin — Disallowed due to a fairly major security issue. We also offer phpMyAdmin access without a plugin from your User Portal.
  • Sweet Captcha — After our partners at Sucuri revealed that the Sweet Captcha service was used to distribute adware, we have decided to follow the WordPress Plugin Repo’s lead and ban the plugin outright.
  • Digital Access Pass (DAP) — While we do not actively remove this from sites, please be aware that it will not work properly on our platform due to its use of PHP Sessions and System-level crons. Instead, we recommend using one of the other highly-rated Membership plugins like Paid Memberships Pro, Restrict Content, or S2Member.

Additional Scripts

Some frequently used scripts are known to contain security vulnerabilities. Our platform scans the files system periodically to identify and either patch or remove these scripts.

  • TimThumb — Older versions of TimThumb are known to contain vulnerabilities. When our system scan identifies an older version, it will automatically update the script. After the upgrade has been completed, the system will notify you by email.
  • Uploadify — Access to this script is blocked due to known security threats. The reasoning behind this was largely informed by this blog post from our partners at Sucuri.

Complete List of Disallowed Plugins

These are the files and folders that we explicitly searching for when we scan for disallowed plugins. You can compare this against your wp-content/plugins/ directory to check for conflicts.

adminer
async-google-analytics
backup
backup-scheduler
backupwordpress
backwpup
bad-behavior
broken-link-checker
content-molecules
contextual-related-posts
duplicator
dynamic-related-posts
ezpz-one-click-backup
file-commander
fuzzy-seo-booster
gd-system-plugin
gd-system-plugin.php
google-xml-sitemaps-with-multisite-support
hc-custom-wp-admin-url
hcs.php
hello.php
jr-referrer
jumpple
missed-schedule
no-revisions
ozh-who-sees-ads
pipdig-power-pack
portable-phpmyadmin
quick-cache
quick-cache-pro
recommend-a-friend
seo-alrp
si-captcha-for-wordpress
similar-posts
spamreferrerblock
ssclassic
sspro
super-post
superslider
sweetcaptcha-revolutionary-free-captcha-service
text-passwords
the-codetree-backup
toolspack
ToolsPack
tweet-blender
versionpress
w3-total-cache
wordpress-gzip-compression
wp-cache
wp-database-optimizer
wp-db-backup
wp-dbmanager
wp-engine-snapshot
wp-file-cache
wp-phpmyadmin
wp-postviews
wp-slimstat
wp-super-cache
wp-symposium-alerts
wpengine-migrate
wpengine-migrate.tar.gz
wpengine-migrate.zip
wpengine-snapshot
wpengine-snapshot.tar.gz
wponlinebackup
yet-another-featured-posts-plugin
yet-another-related-posts-plugin

Disabled Modules and Functions

There’s the possibility of using a plugin that is technically allowed, but will not function due to disabled server modules or functions. These modules/functions can impact performance or security if enabled and are therefore turned off on all WP Engine servers.

We do not disallow plugins utilizing these because developers will often release updates that no longer rely on poorly performing modules or functions. This is particularly relevant to plugins utilizing ionCube Loader, which is disabled across WP Engine.

For a full list of disabled modules and functions, see the Server Modules and Functions section of our Platform Settings guide.

NEXT STEP: Check out our Solution Center for partners and plugins of choice.

Still need help? Contact support!

We offer support 24 hours a day, 7 days a week, 365 days a year. Log in to your account to get expert one-on-one help.

Log in for one-on-one help

The best in WordPress hosting.

See why more customers prefer WP Engine over the competition.

See Our Products

See Our Plans