Banned WordPress plugins
This list is updated whenever our providers inform us about changes in their own ban lists and when we discover in our own work that a previously unbanned plugin must now be banned, or when a previously banned plugin is now safe to unban.
In each of the below categories, where detail is not specifically provided ahead of the list about our concerns regarding that portion of the list, the reasons are generally the same: Performance risks, functionality or security conflicts, or incompatibilities with our automation.
Administration Plugins
- Inactive User Deleter
- Plus: ?
Backup Plugins
Daily container backups are included in all of our packages. We also offer additional backup options that include incremental daily, six-hour, hourly, and near-real-time backup options. Since many backup plugins cause performance issues in our finely tuned environments and consume significant bandwidth (thereby risking overage charges), while not actually offering any services that aren't already included or available in our solutions, we ban most by default:
- All-in-One WP Migration
- BackupBuddy
- Backup Guard
- BackWPup
- BoldGrid Backup
- Duplicator
- Snapshot
- UpdraftPlus
- WP ALL Backup
- WP DB Backup
- WP DB Backup Made
- WP Time Capsule
- WPvivid
- Plus: Any backup plugin that performs non-incremental backups.
- Exceptions:
- BlogVault is allowed and we use it ourselves. However, the use of your own BlogVault account is discouraged as it would increase Care Plan costs. This is unfortunately unavoidable because our license management and update automation can only be applied to our own service accounts, which means that supporting your own private installation would add manual steps to ongoing care and maintenance commitments.
- VaultPress is allowed by discouraged as it adds no significant capabilities to our existing backup tools. Moreover, as is the case with private installations of BlogVault, the use of VaultPress will unavoidably increase Care Plan costs.
Caching Plugins
As our environments already include object caching and page caching services, most caching plugins actually degrade performance by consuming resources that are not adding any new capability to your project:
- Borlabs Cache
- Cache Enabler
- Comet Cache
- Hummingbird
- LiteSpeed Cache
- W3 Total Cache
- WP Fastest Cache
- WP-Optimize
- WP Super Cache
- Plus: Any caching plugin that repeats any of our existing caching or optimization capabilities.
- Exceptions:
- Super Page Cache for Cloudflare is allowed, though the use of the fallback cache system is discouraged.
- WP Rocket is allowed because we can automatically disable its caching functionality while leaving other optimization capabilities intact.
Code Execution and Development Plugins
- Allow PHP Execute
- Insert PHP Code Snippet
- PHP Everywhere
- Regenerate Thumbnails
- Styleguide
- Theme Switcha
- Plus: Any code execution or development plugin that circumvents industry standards for shipping quality and versioned code.
- Exceptions:
- Query Monitor, Theme Check, User Switching, View Admin As, and What the File, are not allowed on any White Glove server (Production and Primary Staging), but are allowed on Super Stagers, RemDevs, and QA servers.
- WPCodeBox is allowed on Super Stagers, RemDevs, and QA servers in ProDev programs.
- Log Deprecated Notices and Rewrite Rules Inspector are discouraged on all servers, but allowed on Super Stagers, RemDevs, and QA servers with appropriate support waivers.
Image Optimization Plugins
We provide image optimization features for most projects (rare projects may have specific needs that cannot be met with our existing tools). Our tools will not alter your images (unless you also want optimization of your base images), include lossless and lossy options, and even produce WebP versions that are only served if supported. For these reasons, and others, the following are all disallowed in our environments:
- Imsanity
- Kraken Image Optimizer
- reSmush.it
- Smush
- WP Compress
- Plus: Any image optimization plugins that use our servers for the actual optimization labor (server-based optimizers), and any image optimization plugins that have settings that conflict with our existing tools and that we cannot disable programmatically.
- Exceptions: Optimole and ShortPixel are allowed in our R&D environments, but not in most White Glove environments (Production and Primary Staging).
Minification and Optimization Plugins
Performance enhancement features like resource modification, database optimization, and payload compression are already included in all of our environments. If your project requires a form of optimization that we don't already cover and is available in a plugin or service that does not conflict with our services, we will certainly review it. At the outset, however, most plugins in this category are excluded from our service, including:
- Better WordPress Minify
- JCH Optimize
- Optimize Database after Deleting Revisions
- P3 Profiler
- Plus: Any minification and optimization plugins that perform functions that our tools are already providing, add non-cachable payloads that should otherwise be cachable, or otherwise interfere with our finely tuned infrastructure.
Page Builder Plugins
The following Page Builders are disallowed by default, but some may be considered with appropriate Care Plan exclusion and coverage waivers:
- BoldGrid
- Brizy
- Divi
- SeedProd
- SiteOrigin
- Themify Builder
- Thrive Architect
- Visual Composer
- WPBakery
- WP Page Builder
- Zion
- Plus: Any page builder plugin that is too difficult to optimize cost-effectively or prevents us from controlling user access to builder features (vs native WordPress content editors).
- Exceptions:
- Beaver Builder
- Elementor
- Generate Press
- Oxygen
- Possible upcoming exceptions: We are currently evaluating several page builders as viable candidates for the development of Headless WordPress projects. Check back here for upcoming updates on this category of page builders.
Security Plugins
Many security plugins introduce significant performance costs because of the scanning they typically perform. Since all our solutions include DDOS protection, firewalls with configurable rulesets, IP blocking, and more, there is little to be gained from typical security plugins.
That said, we are not currently banning any security plugins, though the "minimum fitness standards for themes and plugins" rules as detailed above do indeed apply. Nevertheless, security plugins in general are discouraged and requests for including them in client projects will be considered on a case-by-case basis.
SEO and Content Optimization Plugins
Search engine and content optimization are important objectives, but there is also a great deal of hype and waste in this area. Too many of the offerings in this category have risky performance costs, or modify content in ways that are not clear or easily predictable. Some even take advantage of the secrecy that necessarily surrounds engine algorithms by providing misleading guidance that is intended to encourage your dependence upon their "wisdom". Of course, not all SEO plugins are guilty of these unfortunate practices, and some actually help quite a bit (our favorites are listed on our recommendations page), but the following are banned in our environments:
- Broken Link Checker
- Yoast
- WordPress Popular Posts
- Plus: Any SEO plugins that modify your content without providing complete control and reporting, degrade performance to a degree that is difficult to justify relative to the benefits offered, or engage in scare tactics or fictitious guidance.
Social Media Plugins
- WP-InstantArticles (Facebook Instant Articles)
- Plus: Any social media that performs poorly, does not allow for failed listings to be styled for consistency with the website, or interferes with caching.
Theme Support Plugins
- Pipdig Power Pack (P3)
- Plus: Any theme support plugin that is required for theme usage (rather than used as an optional feature enhancement).
Video Compression, Conversion, and Encoding Plugins
Server-based video compression, conversion, and encoding plugins consume heavy infrastructure resources and often require more management and support than can be justified in our fixed-pricing. Therefore, all such plugins are excluded from our White Glove environments (Production and Primary Staging).
Video compression, conversion, and encoding plugins may, however, be considered for use on a case-by-case basis in projects that are homed in our R&D environments.
Ultimately, serious video crunching objectives should be serviced by third-party cloud platforms such as Amazon Elastic Transcoder, Cloudinary, Dacast, Qencode, etc. And, of course, we can wire up such solutions to your project as needed.
Remember that if all you need in video is online storage and playback within your pages, Dailymotion, YouTube, Vimeo, and the like may be all you need, especially since each of these also includes a growing collection of creative and management power tools.
All nulled plugins are banned!
Premium plugins that have been modified (hacked) to allow the use of premium features without the proper license are often known as "nulled plugins". In the most benign cases, these plugins effectively steal from their authors by allowing users free access to features that normally require a fee. In more harmful cases, however, these plugins can also include code that collects information without user permission and even attacks other sites.
Ehven Consultants will not install or approve the installation of any nulled plugins for any reason. Projects that have been granted access to install their own plugins or themes and are found to incorporate nulled plugins, will be required to replace these disallowed wares or risk suspension and eviction.
Of course, all of the same risks and rules apply to nulled themes, as well as nulled plugins.