Looking for our Curated Plugins instead?

We make a big deal out of the fact that we “curate” plugins. These are plugins we offer 100% technical support on and recommend. That doesn’t eliminate the rest of them. In fact, with over 16k plugins (currently) in the WordPress plugin repository, we only (at this time) forbid a few dozen. Those are pretty good odds that if you want to use a plugin on our infrastructure, you should feel free to use it! It’s your blog after all.

But what about these disallowed plugins? Most of them, honestly, fall into a couple “classes” of plugins and we ban them because they collide with our necessary solutions that we put in place as part of our service offerings.

Caching Plugins
Most caching plugins do not cooperate with our own caching solutions (which include W3 Total Cache). As a result, we can’t have them running in parallel to our “stuff”. Whenever we see these on the filesystem, we automatically remove them. It’s okay, we’re already covering you and you shouldn’t have to worry about the speed of your site… that’s our job and why you’ve chosen us as your provider!

We haven’t banned Batcache and others but they simply won’t work in our environment. We’re already handling Memcached anyways, so there’s no need for it.

Database Backups
We already provide you with backups (complete filesystem and database), done in an efficient and automated manner, and available for you to rollback or even leave our service whenever you’d like.

In general we discourage the use of all backup plugins, not only because it needlessly duplicates functionality, but because they occupy a ton of disk space, run at inopportune times, can tie up your database, fail on large installations, and in some cases are insecure, allowing non-authenticated people to access your private data.

So we disallow most database backup plugins at WP Engine. We do allow BackupBuddy from our friends at iThemes and we recommend VaultPress. For people looking for non-premium solutions, simply asking for a backup from us will get that for you – no charge to you!

  • WP DB Backup – though to the author’s credit, he highly recommends not saving to the local file system.
  • WP DB Manager – Local storage is the only way, .htaccess protection recommended, but disk space is a concern.
  • BackupWordPress – not insecure, but duplicates files on disk which we already have for you in our backups

CPU/MySQL Thrashing Plugins
There’s another class of plugins we disallow simply because they thrash our servers CPU or create unnatural number of MySQL queries.

  • Broken Link Checker – Pounds the server with HTTP requests.
  • Dynamic Related Posts – Almost all “Related Posts” plugins suffer from the same fundamental problems regarding MySQL, indexing, and search making most very database intensive.
  • WP Smushit – Relies on Yahoo services and memory mapping… When Yahoo fails or memory mapping is exceeded, the plugin fails and brings down sites with it.
  • MyReviewPlugin (MyRP)SLAMS the database with writes at orders of magnitude.
  • LinkMan – Related to MyRP.
  • Google XML Sitemaps – More info here.
  • SEO Auto Links & Related Posts – Creates large and inefficient queries which load down the database
  • Fuzzy Seo Booster – Thrashes MySQL
  • WP PostViews – inefficiently writes to the database on every pageload. Try something like Automattic’s stats or Google Analytics to track traffic in a scalable manner.
  • Tweet Blender

Duplicate Behavior Plugins
These plugins do some behavior that we already do for you in a more efficient, scalable, and configurable manner.

  • WordPress HTTPS – when we serve HTTPS for you, this plugin cannot detect which connections are secure, and therefore doesn’t work. We can do all the redirecting and other special casing for you.
  • No Revisions – We already do this!
  • Missed Schedule and WP Missed Schedule – Interferes with cron at scale, and we already have automated processes that run wp-cron regularly and check for missed posts and publish them.

Miscellaneous Plugins
Other plugins that we’ve decided to proactively remove include:

  • Hello Dolly! (Sorry, Matt)
  • A competitor’s management plugin
  • WP phpMyAdmin – SECURITY ISSUE!
  • WDS Custom Search – Breaks the post indexes in the WP Admin.

A Window into our World
By no means are we suggesting all (or even most) of these plugins are bad plugins. Some of them, like related posts plugins, are very good for most sites. However, we deal with scaling customers and so they aren’t good for us. When we find insecure plugins, we try to work with the plugin developer to find a fix and may temporarily remove access to a plugin and restore that access once the issue is addressed. In other cases, for stability and scaleability, we just have to wash our hands and move on.

In all cases, when asked, we try to provide reasonable alternatives. If you have any questions about these plugins or help finding an alternative, contact us at support@wpengine.com.