A few years ago, I switched my main sites over to WP Engine: a hosting company that specializes in WordPress hosting.
I had been on shared hosting accounts with GoDaddy and Namecheap for years and for a while, it was fine. But as the post counts grew and I started to get some traffic, I was disappointed with the level of performance I was getting in return.
And with site speed becoming increasingly important to Google’s search algorithm, this was going to start negatively impacting my ability to rank for the keywords I wanted.
So I started looking up went to the company that I thought had the best reputation in the space.
And so far, it’s been great. 🙂 I’ve been very happy with my site’s speed, the responsiveness of the WP Engine support team and also the level of services that you get out of the box to help make your site load as fast as possible.
That last part is key. In order to give you the best possible performance, managed WordPress hosts typically do a number of extra things that other hosting companies, even ones that may host WordPress sites, don’t do.
However, the thing that I didn’t realize when I first moved those sites over is that a lot of the plugins I was using became redundant. WP Engine already does most of the work for you when it comes to performance, site speed and security. And because of that, they’ve chosen to disable these plugins on your WordPress site. That means if you migrate your site over and your site contains these plugins, they will be disabled eventually.
Luckily, they provide you with a 7 day grace period in which to find a suitable replacement.
But on the surface, it still seems a little harsh. I’m already paying double the price for dedicated WordPress hosting as I did for my shared hosting. Why can’t I install what I want?
Fortunately, there are sensible reasons why they do this. Mostly it comes down to these factors:
WP Engine, like many other shared WordPress hosting providers, already has their own caching systems, backup systems and security features set up out of the box. So you don’t need to install plugins that perform these functions. In fact, if they remain on your site, they could conflict with WP Engine’s hosting environment. Plugins that are redundant include things like WordFence
-Plugins that slow down performance
Any plugins that significantly increase server load are probably a no-go. For example, a lot of plugins that show users a set of “related posts” such as Contextual Related Posts and Yet Another Related Posts Plugin are banned outright from WP Engine and many other managed WordPress hosting providers because of the significant writes and re-writes those plugins, when activated, make to your database.
-Known Security Risks
Most WordPress plugins that have been susceptible to hacks or backdoor entries are promptly removed or patched up. But WP Engine makes sure those plugins with a known history of security issues are removed from your site before they cause a headache later on.
So without further adieu, here is the complete list of WP Engine disallowed plugins that every marketer should be aware of:
Adminer is a database management plugin that allows you to manage your database from the Admin area as opposed to PHPMyAdmin, which is already installed on most servers. A similar plugin was blacklisted because it contained a backdoor. Someone who gains access to your database without having access to the server can do a lot of damage, which is most likely why this is on the list. It’s also not in the official WordPress plugin depository anymore, for what it’s worth.
This was an older plugin that enabled asynchronous tracking for GA and hadn’t been updated in some time. It is also no longer in the official WordPress plugin directory. Google Analytics has since moved all properties to Universal Analytics so it wouldn’t work correctly anyway. If you’re looking to use Google Analytics on your WordPress site, you can use something like Yoast SEO or MonsterInsights instead.
Backup Guard is a backup solution for WordPress blogs. However, as mentioned, WP Engine already has backup functionality, including restore points and the ability to create backups at any time. So this is on the blacklist.
Same scenario as above.
Are you sensing a pattern here? 🙂
Bad Behavior is a plugin that helps reduce link spam and other potential spam attacks. Which is great, but it also conflicts with WP Engine’s own tools and blocks many of the hosts that they already disallow.
Broken Link Checker is a WordPress plugin that checks for broken links on your web site. Unfortunately, it also makes too many HTTP requests to the server to run efficiently. There are tons of other tools you can use to check for broken links and images on your site, many of which we cover in our free SEO tools list.
Content Molecules is (was?) a plugin that let you create dynamic content through shortcodes. According to its listing in WordPress’s directory, it hasn’t been updated in several years.
We talked about how database-intensive this and other “related posts” plugins are already and how they can significantly slow down your site. If you still want to show related posts to your users, WP Engine recommends using plugins like Jetpack that run the code on their servers, not yours.
Another backup creator plugin.
Dynamic Related Posts
Another related posts plugin. This one isn’t even in WordPress’s directory anymore.
EWWW Image Optimizer Plugin (Non-Cloud version)
Being able to reduce the size of your images is super important for site speed. Not all image optimizer plugins are banned from WP Engine but this one in particular is – at least the downloadable version. The cloud version, WP Engine says, is fine. It’s just the native version that bogs down the server. (If you’re looking for an alternative however, we use WP Smush here at Sustained Surge)
EZPZ One Click Backup
You know the drill. This is another one that’s no longer in the WordPress Plugin Directory.
Another one not in WordPress’s plugin Directory anymore, so unless your WordPress site has been in mothballs for the last few years, odds are you don’t have this installed anyway.
Fuzzy SEO Booster essentially creates a tag cloud with long tail keyword phrases. Still in the WordPress plugin directory but hasn’t been updated in an eternity. Best to stay away.
GD System Plugin
To the best of my knowledge this was the old GD Star Rating Plugin, a post ratings plugin which has since been replaced by GD Rating System. The latter is not on the list, so it’s probably OK to use.
Google XML Sitemaps with Multisite support
Another plugin that is no longer in the WordPress plugin directory, this was an XML sitemap generator plugin. I used to use the Google XML Sitemaps plugin which should work fine with WP Engine. But you don’t need a dedicated plugin: Yoast will create XML sitemaps for you as well.
This is a plugin that allows you to hide the location of your WP Admin page from hackers, although I’m guessing a lot of people probably locked themselves out by accident. It also hasn’t been updated in a while.
I actually haven’t a clue as to what this is. 🙂 But it’s on the list.
One of WordPress founder Matt Mullenweg’s first plugins. Displays a lyric from Louis Armstrong’s Hello Dolly in the Admin page. It’s pretty pointless. And on top of it, hackers have used disguised versions of it to hack unsuspecting webmasters.
Plugin that displayed a widget showing referral sites to your blog. Hadn’t been updated in years and is no longer in the WordPress plugin directory.
This and another plugin by the name of SweetCaptcha were built by a company that leveraged both of them to inject 3rd party ad code, so naturally they’ve both been blacklisted. Read this post on Sucuri for the backstory if you’re interested.
Missed Schedule was a plugin that assisted with post scheduling issues. No longer in the WordPress plugin directory.
This plugin was built for WordPress 2.6(!). Hasn’t been updated in forever. No need to have it.
This plugin is an ad management plugin that lets you serve different ads to different users. Hasn’t been updated in a while, so your best bet is to find an alternative like AdRotate.
This was removed from the WordPress plugin repository years ago thanks to the security risk, so you’re not likely to have it.
Quick Cache was another caching program that was blacklisted, both the regular and pro versions. It changed names a few times and is now known as Comet Cache, which isn’t specifically on the blacklist. But we imagine it will end up there eventually.
Social share plugin that has very little security (no captchas) around their “e-mail a friend” feature and is therefore susceptible to abuse. There are plenty of social sharing plugins that are much better options.
Another related posts plugin; this one hasn’t been updated in several years.
This is another CAPTCHA plugin that WP Engine has disallowed.
Another “similar content” plugin. This one hasn’t been updated in a few years.
Same functionality as Bad Behavior. Conflicts with WP Engine’s existing spam-fighting capabilities.
Couldn’t find any information on this one other than the fact that it’s on the banned list.
Another security scanner banned by WP Engine.
Controls post types and taxonomies. Hasn’t been updated in several years.
Couldn’t find any information on this one. Odds are most of you don’t have it.
Backup utility plugin that hasn’t been updated in a while.
ToolsPack is a PHP backdoor masked as a legitimate WordPress plugin. If you have this on your site, you’ve got issues.
Tweet Blender lets you show off tweets, hashtags and other Twitter data but severely increases server load and has been disallowed by WP Engine. One plugin that might work as an alternative is Easy Twitter Feed.
VersionPress is a version control plugin for WordPress. It allows you to create staging sites and undo changes; both things you can do out of the box with WP Engine.
Another caching plugin blacklisted by WP Engine.
WordPress security plugin. Again, redundant.
File compressor. Hasn’t been updated in several years.
All caching plugins banned by WP Engine.
WP Online Backup
All of these are database backup and optimization plugins and all are redundant.
WP Engine Snapshot
Legacy WP engine plugin that has since been retired.
Couldn’t find any info on this one.
Same issue as Adminer. Stay away from any plugins that purport to let you access PHP-MyAdmin from inside a plugin.
Really basic analytics plugin that puts too much of a burden on database tables. Best to use Google Analytics or Jetpack’s stats module instead.
Similar to WP-PostViews
WP Symposium Alerts is a plugin that, I assume, comes with WP Symposium Pro. According to the developers of the plugin, you can use the Pro plugin and disable this one, which is associated with Alerts. That said, if you can, you might want to try something like BBPress instead if you’re looking for forum-like capabilities inside WordPress.
WP Engine Migrate
WP Engine Snapshot
Legacy tools from WP Engine.
Two more related posts plugins that are blacklisted.
List of File Names
To make this easier, we’ve included an alphabetical list of file names below so you can easily compare this with your list of plugins to see if any of them are on the banned list:
Are there any other WordPress plugins that you’ve tried to use that have been banned by WP Engine?
What plugins that haven’t been banned negatively impact performance?
Let us know in the comments. 🙂