Banned Components and Practices

Plugins, themes, third-party services, and other components in the WordPress ecosystem that are not currently allowed or supported in our ecosystem.

Why ban?

We don’t ban anything that we don’t absolutely need to exclude from our environments. And banned wares are not necessarily bad; they may simply not be compatible with our goals, which are all about supporting your goals in the most cost-effective and high-quality manner possible. Favored wares can become banned if and when they become incompatible with these goals. And banned wares can and do unban if and when they meet our compatibility and quality goals.

Some of the components we exclude are disallowed by our data centers, development tooling services, or other partners and providers. Some have been found to be incompatible with our own internal standards and practices, such as our various automation tools or implementation recipes. And, of course, some are banned because of quality or security concerns. Whatever the case, if you'd like to use a component that we do not support, we can work together to find viable alternatives.

Minimum fitness standards for themes and plugins

While plugins and themes are evaluated on a case-by-case basis, we do also have standards for evaluating the fitness of plugins and themes that are not already disallowed by our data centers or other upstream service providers. This part of our Banned Components and Practices Policy approves candidate plugins and themes that meet the following minimum fitness measures:

  1. Candidate plugins and themes should have a free version that is available on the WordPress directories (plugins, themes), and:
    1. Free directory versions must evolve alongside any available premium version
    2. Free directory versions must not behave or perform at levels that are significantly different or lesser than their premium versions
  2. Or, if candidate plugins and themes do not have a free directory version:
    1. Candidate must include free trials of appropriate length (as required to prove compatibility and quality within each applicable project)
    2. Candidate must include appropriate developer support even during the free trial
  3. All candidate plugins and themes (whether they have free directory versions or not) must have positive product histories:
    1. Release histories demonstrate high developer involvement
    2. Support histories demonstrate responsiveness to user concerns and requests
    3. Issue histories demonstrate stability, security, and compatibility with WordPress Core and applicable components on our recommendations list
  4. Candidate plugins and themes should not require other plugins or themes to run (dependencies), other than plugins or themes that are part of the same product suite that the candidate represents, unless:
    1. Plugin or theme dependencies meet the same minimum fitness measures described herein
    2. Plugin or theme dependencies do not require additional dependencies of their own (multi-level dependency chains are not allowed without special waivers that limit support and guarantee coverage)
    3. Plugin or theme dependencies must be supportable in all free and premium versions, where applicable
  5. Candidate plugins and themes must not include functionality or style that is difficult to override.
  6. Candidate plugins and themes must be documented thoroughly enough to enable agency-level support to end users at a predictable cost (extra points to candidates that also include documentation and training for end users).
  7. Candidate plugins and themes must pass our internal compatibility and quality checks, including:
    1. Ongoing Viability Testing
    2. Project-specific testing (as applied to current projects we maintain that include the candidate plugin or theme)

Beyond the above requirements, preference is given to candidate plugins and themes that also:

  1. Include API's, webhooks, or other features that enable automation
  2. Provide training materials for end users
  3. Are priced in a manner that allows projects to include candidate plugins or themes without undue concern about future costs of ownership

While not actually a fitness issue, we do avoid the use of plugins that offer functionality that overlaps with preferred plugins that are already implemented in the project (or are to be implemented).

Finally, if the functionality offered by a candidate plugin is implementable in our own code (in a cost-effective and timely manner), we will generally opt for such an implementation instead of using the candidate. This allows us to reduce third-party dependencies, streamline future growth and maintenance efforts, and improve project quality (performance, security, etc).

Banned WordPress plugins

This list is updated whenever our providers inform us about changes in their own ban lists and when we discover in our own work that a previously unbanned plugin must now be banned, or when a previously banned plugin is now safe to unban.

In each of the below categories, where detail is not specifically provided ahead of the list about our concerns regarding that portion of the list, the reasons are generally the same: Performance risks, functionality or security conflicts, or incompatibilities with our automation.

Administration Plugins

  1. Inactive User Deleter
  2. Plus:  ?

Backup Plugins

Daily container backups are included in all of our packages. We also offer additional backup options that include incremental daily, six-hour, hourly, and near-real-time backup options. Since many backup plugins cause performance issues in our finely tuned environments and consume significant bandwidth (thereby risking overage charges), while not actually offering any services that aren't already included or available in our solutions, we ban most by default:

  1. All-in-One WP Migration
  2. BackupBuddy
  3. Backup Guard
  4. BackWPup
  5. BoldGrid Backup
  6. Duplicator
  7. Snapshot
  8. UpdraftPlus
  9. WP ALL Backup
  10. WP DB Backup
  11. WP DB Backup Made
  12. WP Time Capsule
  13. WPvivid
  14. Plus: Any backup plugin that performs non-incremental backups.
  15. Exceptions:
    1. BlogVault is allowed and we use it ourselves. However, the use of your own BlogVault account is discouraged as it would increase Care Plan costs. This is unfortunately unavoidable because our license management and update automation can only be applied to our own service accounts, which means that supporting your own private installation would add manual steps to ongoing care and maintenance commitments.
    2. VaultPress is allowed by discouraged as it adds no significant capabilities to our existing backup tools. Moreover, as is the case with private installations of BlogVault, the use of VaultPress will unavoidably increase Care Plan costs.

Caching Plugins

As our environments already include object caching and page caching services, most caching plugins actually degrade performance by consuming resources that are not adding any new capability to your project:

  1. Borlabs Cache
  2. Cache Enabler
  3. Comet Cache
  4. Hummingbird
  5. LiteSpeed Cache
  6. W3 Total Cache
  7. WP Fastest Cache
  8. WP-Optimize
  9. WP Super Cache
  10. Plus: Any caching plugin that repeats any of our existing caching or optimization capabilities.
  11. Exceptions:
    1. Super Page Cache for Cloudflare is allowed, though the use of the fallback cache system is discouraged.
    2. WP Rocket is allowed because we can automatically disable its caching functionality while leaving other optimization capabilities intact.

Code Execution and Development Plugins

  1. Allow PHP Execute
  2. Insert PHP Code Snippet
  3. PHP Everywhere
  4. Regenerate Thumbnails
  5. Styleguide
  6. Theme Switcha
  7. Plus: Any code execution or development plugin that circumvents industry standards for shipping quality and versioned code.
  8. Exceptions:
    1. Query Monitor, Theme Check, User Switching, View Admin As, and What the File, are not allowed on any White Glove server (Production and Primary Staging), but are allowed on Super Stagers, RemDevs, and QA servers.
    2. WPCodeBox is allowed on Super Stagers, RemDevs, and QA servers in ProDev programs.
    3. Log Deprecated Notices and Rewrite Rules Inspector are discouraged on all servers, but allowed on Super Stagers, RemDevs, and QA servers with appropriate support waivers.

Image Optimization Plugins

We provide image optimization features for most projects (rare projects may have specific needs that cannot be met with our existing tools). Our tools will not alter your images (unless you also want optimization of your base images), include lossless and lossy options, and even produce WebP versions that are only served if supported. For these reasons, and others, the following are all disallowed in our environments:

  1. Imsanity
  2. Kraken Image Optimizer
  3. reSmush.it
  4. Smush
  5. WP Compress
  6. Plus: Any image optimization plugins that use our servers for the actual optimization labor (server-based optimizers), and any image optimization plugins that have settings that conflict with our existing tools and that we cannot disable programmatically.
  7. Exceptions: Optimole and ShortPixel are allowed in our R&D environments, but not in most White Glove environments (Production and Primary Staging).

Minification and Optimization Plugins

Performance enhancement features like resource modification, database optimization, and payload compression are already included in all of our environments. If your project requires a form of optimization that we don't already cover and is available in a plugin or service that does not conflict with our services, we will certainly review it. At the outset, however, most plugins in this category are excluded from our service, including:

  1. Better WordPress Minify
  2. JCH Optimize
  3. Optimize Database after Deleting Revisions
  4. P3 Profiler
  5. Plus: Any minification and optimization plugins that perform functions that our tools are already providing, add non-cachable payloads that should otherwise be cachable, or otherwise interfere with our finely tuned infrastructure.

Page Builder Plugins

The following Page Builders are disallowed by default, but some may be considered with appropriate Care Plan exclusion and coverage waivers:

  1. BoldGrid
  2. Brizy
  3. Divi
  4. SeedProd
  5. SiteOrigin
  6. Themify Builder
  7. Thrive Architect
  8. Visual Composer
  9. WPBakery
  10. WP Page Builder
  11. Zion
  12. Plus: Any page builder plugin that is too difficult to optimize cost-effectively or prevents us from controlling user access to builder features (vs native WordPress content editors).
  13. Exceptions:
    1. Beaver Builder
    2. Elementor
    3. Generate Press
    4. Oxygen
  14. Possible upcoming exceptions: We are currently evaluating several page builders as viable candidates for the development of Headless WordPress projects. Check back here for upcoming updates on this category of page builders.

Security Plugins

Many security plugins introduce significant performance costs because of the scanning they typically perform. Since all our solutions include DDOS protection, firewalls with configurable rulesets, IP blocking, and more, there is little to be gained from typical security plugins.

That said, we are not currently banning any security plugins, though the "minimum fitness standards for themes and plugins" rules as detailed above do indeed apply. Nevertheless, security plugins in general are discouraged and requests for including them in client projects will be considered on a case-by-case basis.

SEO and Content Optimization Plugins

Search engine and content optimization are important objectives, but there is also a great deal of hype and waste in this area. Too many of the offerings in this category have risky performance costs, or modify content in ways that are not clear or easily predictable. Some even take advantage of the secrecy that necessarily surrounds engine algorithms by providing misleading guidance that is intended to encourage your dependence upon their "wisdom". Of course, not all SEO plugins are guilty of these unfortunate practices, and some actually help quite a bit (our favorites are listed on our recommendations page), but the following are banned in our environments:

  1. Broken Link Checker
  2. Yoast
  3. WordPress Popular Posts
  4. Plus: Any SEO plugins that modify your content without providing complete control and reporting, degrade performance to a degree that is difficult to justify relative to the benefits offered, or engage in scare tactics or fictitious guidance.

Social Media Plugins

  1. WP-InstantArticles (Facebook Instant Articles)
  2. Plus: Any social media that performs poorly, does not allow for failed listings to be styled for consistency with the website, or interferes with caching.

Theme Support Plugins

  1. Pipdig Power Pack (P3)
  2. Plus: Any theme support plugin that is required for theme usage (rather than used as an optional feature enhancement).

Video Compression, Conversion, and Encoding Plugins

Server-based video compression, conversion, and encoding plugins consume heavy infrastructure resources and often require more management and support than can be justified in our fixed-pricing. Therefore, all such plugins are excluded from our White Glove environments (Production and Primary Staging).

Video compression, conversion, and encoding plugins may, however, be considered for use on a case-by-case basis in projects that are homed in our R&D environments.

Ultimately, serious video crunching objectives should be serviced by third-party cloud platforms such as Amazon Elastic Transcoder, Cloudinary, Dacast, Qencode, etc. And, of course, we can wire up such solutions to your project as needed.

Remember that if all you need in video is online storage and playback within your pages, Dailymotion, YouTube, Vimeo, and the like may be all you need, especially since each of these also includes a growing collection of creative and management power tools.

All nulled plugins are banned!

Premium plugins that have been modified (hacked) to allow the use of premium features without the proper license are often known as "nulled plugins". In the most benign cases, these plugins effectively steal from their authors by allowing users free access to features that normally require a fee. In more harmful cases, however, these plugins can also include code that collects information without user permission and even attacks other sites.

Ehven Consultants will not install or approve the installation of any nulled plugins for any reason. Projects that have been granted access to install their own plugins or themes and are found to incorporate nulled plugins, will be required to replace these disallowed wares or risk suspension and eviction.

Of course, all of the same risks and rules apply to nulled themes, as well as nulled plugins.

Banned WordPress Themes

We don't maintain a list of banned WordPress themes, because all of our current and recent projects are built on one of our recommended themes. Even in cases in which clients request a specific theme be evaluated for fitness, we have found that strong developer-friendly themes (of the kind listed on our recommendations page) can do anything that a theme with a pre-crafted design can do. And they can do it in a manner that doesn't box the project into a look-and-feel that is difficult to change down the road.

Toss in a modern page builder (such as any of the builders listed on our recommendations page), if indeed your project is actually likely to benefit from a page builder, and you quickly run out of reasons to use most themes.

Newly banned plugins that are already in use

As this ban list is a living document that is subject to change, your project may include a plugin that was perfectly acceptable during implementation, but that has since been banned.

While following the guidelines in the "minimum fitness standards for themes and plugins" section above should limit the likelihood of such occurrences, abandoned plugins and other changing conditions are nevertheless possible.

Should a plugin in your project become banned after it was implemented while approved, we will assist you in replacing it with an appropriate alternative. As is our practice in all other commissioned work, you will be offered a detailed proposal with fixed and transparent pricing options, as well as enough time to decide how to respond to the banning.

Waiving bans

Under rare circumstances, some projects may become dependent upon plugins that have been banned.

If the banning can be waived, such that all affected teams (hosting, external services, etc) agree to allow the plugin to remain in the project in an activated state, you will be offered the opportunity to sign a waiver that stipulates the following, as required:

  1. Change in Care Plan cost
  2. Change in support coverage
  3. Timeline for the project to free itself from this dependency
Scroll to Top