Top Disallowed Plugins for Managed WordPress Hosting

For the most part, WordPress plugins work well with just about any host. However, a plugin can duplicate a feature a managed host offers (which gums up the works), or it can kill performance. There are also plugins that pose security vulnerabilities or are known to be vehicles for spam. That’s why many hosts (and most managed WordPress hosting companies) have a list of disallowed plugins.

In other words, they have a list of plugins that they either block outright or seriously discourage you from using. By knowing which plugins to avoid from the get-go, you won’t have to repair a finicky site. Or fight with your host about it. You also won’t go through the trouble of finding and using a plugin for something your web host already does or a replacement for the functionality that you want.

Managed Hosts Included in this Post

It is impossible to include each and every WordPress host in our list. However, we have been sure to include as many of the best managed WordPress hosts as possible, provided they have a list of disallowed plugins. For instance, SiteGround and Cloudways offer WordPress-optimized hosting, but they don’t publish a list of disallowed plugins.

The hosts we include in this list are as follows:

• Flywheel
• Pressable
• Kinsta
• Pagely
• WP Engine
• HostGator
• BlueHost
• GoDaddy

Note: Disallowed Does Not Mean Bad

Before we move into the plugins themselves, we want to make clear that these are in no way bad plugins. Being disallowed generally means they conflict with a service offered by the host or would be redundant within the hosting ecosystem. If you’re on a host that does not have a disallowed plugins list, these are all great choices for what they do. It is only within the context of these hosts that they’re disallowed.

Plugins and Plugin Types That Are Most Often Disallowed

There are whole categories of plugins that are commonly disallowed (backup, caching, etc.). There are also a number of specific plugins that are disallowed by most hosts. Let’s go over some of the plugins and plugin types that show up in these lists over and over.

Note: the plugin lists and the hosts that disallow those plugins are not exhaustive. They’re simply designed to give you an idea of how frequently those plugins are blocked. We have done as much work as possible to ensure they’re as complete as possible.

Backup Plugins

Often, backups are included in your hosting plan. Since backup plugins can be resource-hungry, they can slow down your website (or even take it offline) and your disk space can be eaten up by large files. Also, some backup plugins don’t know how to locate the site root path, which may be specific to your host.

These backup plugins tend to be disallowed the most.

• BackupBuddy: Disallowed by Flywheel, Kinsta, Pagely
• BackUpWordPress: Disallowed by Flywheel, Pagely, WP Engine
• BackWPup: Disallowed by Flywheel, Kinsta, Pagely
• SimpleBackup: Disallowed by Bluehost, HostGator, Pagely

Is there a replacement?

Instead of creating another backup with a WordPress plugin, you should be able to download one of the host’s backups. Or use a backup plugin that stores offsite (VaultPress does this). While your site may still suffer performance-wise while the backing-up process is running, at least your storage won’t be impacted. Many managed hosts include regular backups as a part of their management packages.

Caching and Performance Plugins

Similar to backup plugins, since most hosts handle caching at the server level, there’s no need for a caching or performance plugin. And if you were to use a caching plugin because you thought it would only help performance — two are better than one, right? Not in this case! — you run the risk of the plugin interfering with the server-side caching. That can make website performance considerably worse.

Here are some caching/performance plugins that are commonly disallowed:

• W3 Total Cache: Disallowed by Flywheel, GoDaddy, Pressable, WP Engine
• WP Fastest Cache: Disallowed by GoDaddy, Pressable
• WP Super Cache: Disallowed by Flywheel, GoDaddy, Pressable, WP Engine

Is there a replacement?

You probably don’t need a dedicated caching plugin, but if there’s one that you want to use for its other features, you can just turn off the caching feature. For example, WP Rocket and W3 Total Cache handle important tasks that you may not want to forgo. You can use them for analytics, image management, and CDN integration. However, it might be better to just use a dedicated plugin for those rather than attempting to backdoor a disallowed plugin.

Related Post Plugins

This type of plugin automatically assigns related posts by relying on a bunch of MySQL queries every time a page loads. This can damage your database and slow down your website. Since managed WordPress hosting is all about optimum performance and a tightly controlled environment, these database tweaks often mean there’s no room for external plugins.

Here are some related plugins that are often disallowed by hosts:

• Contextual Related Posts: Disallowed by Flywheel, GoDaddy, WP Engine
• Fuzzy SEO Booster: Disallowed by Bluehost, GoDaddy, HostGator, WP Engine
• Similar Posts: Disallowed by Flywheel and WP Engine

Is there a replacement?

Instead of one of these related post plugins, consider using an external service like Contextly, Jetpack Related Posts, or Related Posts for WordPress.

Security Plugins

With managed WordPress hosting, you probably have the configurations you need for security. Now, you may find a security plugin that adds another layer of protection. But it’s also possible that you’ll slow down your site by overusing the server and bloating your website’s database. And while a host may not disallow these plugins, they may frown upon using them.

These some security plugins are often discouraged by hosts:

• CleanTalk: Discouraged by Flywheel
• HC Custom WP-Admin URL: Disallowed by Bluehost, HostGator
• iThemes Security: Discouraged by Flywheel

Is there a replacement?

Good ol’ security best practices are the way to go here. Keep your plugins and themes updated, strengthen your passwords, etc. Check out our article about how to conduct a WordPress security audit for help.

Stat Plugins

Some hosts don’t work with certain stat plugins. When too many requests are sent to the database, site caching is prevented and performance slows. Part of managed hosting plans is generally providing stellar analytics from a server-level, and these sorts of plugins simply get in the way. Here are some of the most disallowed stat plugins:

• LiveStats: Disallowed by Bluehost, HostGator
• StatPress: Disallowed by Bluehost, GoDaddy, HostGator, Pagely

More Disallowed Plugins and Plugin Types

These plugins popped up over and over in the disallowed plugins lists:

• Adminer for database management: Disallowed by Bluehost, GoDaddy, HostGator, Pagely
• Broken Link Checker: Disallowed by Bluehost, Flywheel, GoDaddy, HostGator, Pagely, Pressable, WP Engine
• Email plugins, including Mailit and Send Email From Admin: Disallowed by Pressable and discouraged by most
• WPDBSpringClean, a database management plugin: Disallowed by Bluehost, HostGator, Pagely

Disallowed Plugins by Host

In this section, we’ve listed disallowed plugins per host. Some sections have simple lists, while others break those lists down into categories. Let’s jump in.

Note that we’ll sometimes write out the full name of the plugin, while other times it will be written as a URL splug such as: w3-total-cache (as opposed to W3 Total Cache). When listed this way, you can simply add the string to the end of https://wordpress.org/plugins/ to navigate directly to the plugin.

Flywheel Disallowed Plugins

Flywheel does not allow the following plugins or plugin types:

• Most backup plugins: BackupBuddy, BackUpWordPress, and BackWPup, for example.
• Most Caching and performance plugins: Batcache, NitroPack, W3 Total Cache, and WP Super Cache, for example.
• Many Link checker plugins: including Broken Link Checker, for example.
• Related post plugins: Contextual Related Posts and Similar Posts, for example.
• Security plugins (discouraged): CleanTalk and iThemes Security, for example.

Here are a couple more things to know about Flywheel’s disallowed or discouraged plugins:

• Plugins and themes that use ionCube are not compatible with Flywheel sites running PHP 7.4 or later.
• Plugins that modify .htaccess, write to the wp-config.php file, or need to access xmlrpc.php (with the exception of Jetpack) won’t work.

Pressable Disallowed Plugins

• Backup plugins: discouraged by Pressable, and they will be removed if the support team finds it causing a problem.if the customer support team finds that a backup plugin is causing a problem, they’ll disable and remove it.
• Better WordPress (BWP) Minify
• Link Checker Plugins: Broken Link Checker
• Caching plugins: Nginx Helper, W3 Total Cache, WP Fastest Cache, and WP Super Cache.
• Email plugins: Mailit and Send Email From Admin, for example.
• The Hummingbird performance plugin is discouraged.

Bluehost Disallowed Plugins

Bluehost has a long list of disallowed plugins, and they’re not segmented in any way, other than alphabetically. Remember, you can add these slugs to the end of https://wordpress.org/plugins/ to find the direct link.

• adminer
• broken-link-checker
• counterize
• dbc-backup
• dynamic-related-posts
• ezpz-one-click-backup
• file-commander
• fuzzy-seo-booster
• google-xml-sitemaps-with-multisite-support
• gosquared-livestats
• hc-custom-wp-admin-url
• jr-referrer
• pressbackup
• repress
• seo-alrp
• simple-backup
• simple-wordpress-backup
• statpress-reloaded
• statpress-visitors
• stats
• superslider
• toolspack
• track-that-stat
• tweet-blender
• visitor-stats-widget
• vm-backups
• vsf-simple-stats
• wordpress-gzip-compression
• wp-cache
• wp-complete-backup
• wp-database-optimizer
• wpdbspringclean
• wpengine-migrate
• wp-time-machine

GoDaddy Disallowed Plugins

• Backup plugins: 6scan-backup, ezpz-one-click-backup, the-codetree-backup, and wponlinebackup
• Caching plugins: w3-total-cache, wp-cache, wp-cachecom, wp-fast-cache, wp-fastest-cache, wp-file-cache, and wp-super-cache
• Performance plugins: adsense-click-fraud-monitoring, broken-link-checker, google-sitemap-generator, and google-xml-sitemaps-with-multisite-support
• Plugins that duplicate functionality already offered by GoDaddy: 6scan-protection, adminer, portable-phpmyadmin, wordpress-gzip-compression, and wp-phpmyadmin
• Plugins with known security issues: clef, InfiniteWP Client, NextGEN Gallery, MailPoet, Pipdig Power Pack, slick-popup, toolspack, wp-copysafe-web, wp-copysafe-pdf, wp-database-backup, wp-live-chat-support, and Real-time Find and Replace
• Related posts plugins: contextual-related-posts, fuzzy-seo-booster, seo-alrp, similar-posts, wordpress-popular-posts, yet-another-featured-posts-plugin, and yet-another-related-posts-plugin
• Stat plugins: jr-referrer, referrer-wp, statpress, wp-postviews, wp-power-stats, and wp-slimstat
• Unnecessary plugins or plugins that won’t function on a GoDaddy site: Hello Dolly, p3-profiler, sgcachepress, synthesis, wordpress-beta-tester, wp-engine-snapshot, and wpengine-common

HostGator Disallowed Plugins

HostGator’s long list of disallowed plugins are not segmented in any way, other than alphabetically:

• adminer
• automatic-wordpress-backup
• broken-link-checker
• cache-images
• counterize
• dbc-backup
• dynamic-related-posts
• ezpz-one-click-backup
• file-commander
• firestats
• fuzzy-seo-booster
• google-xml-sitemaps-with-multisite-support
• gosquared-livestats
• hc-custom-wp-admin-url
• jr-referrer
• newstatpress
• no-revisions
• portable-phpmyadmin
• pressbackup
• repress
• seo-alrp
• similar-posts
• simple-backup
• simple-stats
• simple-wordpress-backup
• snapshot-backup
• statpress
• statpress-reloaded
• statpress-visitors
• stats
• superslider
• toolspack
• total-archive-by-fotan
• total-backup
• track-that-stat
• tweet-blender
• visitor-stats-widget
• vm-backups
• vsf-simple-stats
• wassup
• wordpress-backup
• wordpress-gzip-compression
• wp-cache
• wp-complete-backup
• wp-database-optimizer
• wpdbspringclean
• wpengine-migrate
• wp-engine-snapshot
• wpengine-snapshot
• wp-s3-backups
• wp-time-machine
• yet-another-featured-posts-plugin

Kinsta Disallowed Plugins

• Backup plugins: All-in-One WP Migration, BackupBuddy, BackWPup, Duplicator Pro, Snapshot, UpdraftPlus, WP DB Backup, and WP DB Backup Made
• Caching plugins: Cache Enabler and LiteSpeed Cache
• Performance plugins: Better WordPress Minify, JCH Optimize, Optimize Database After Deleting Revisions, P3 Profiler, and WordPress GZIP Compression
• Server-based image optimization and video conversion plugins: all are not allowed.
• Social media plugins: Facebook Instant Articles & Google AMP Pages by PageFrog and Facebook Open Graph, Google+ and Twitter Card Tags
• More disallowed plugins: Allow PHP Execute, Dynamic Widgets, Exec-PHP, Inactive User Deleter, Pipdig Power Pack (P3), WooCommerce Amazon & eBay Integration, WP RSS Multi Importer, and WordPress Popular Posts

Pagely Disallowed Plugins

Pagely has segmented their disallowed plugins and provided the slug for the wordpress.org repository.

Backup plugins:

• akeebabackupwp
• automatic-wordpress-backup
• backup
• backupbuddy
• backupbuddy2.2.33
• backupcreator
• backup-db
• backup-to-dropbox
• backupwordpress
• backupwp
• backwpup
• dbc-backup
• pressbackup
• simple backup
• simple-wordpress-backup
• snapshot
• snapshot-backup
• the-codetree-backup
• total-archive-by-fotan
• total-backup
• vm-backups
• wordpress-backup
• wordpress-backup
• wordpress-backup-to-dropbox
• wordpress-database-backup
• wp-complete-backup
• wp-db-backup
• wponlinebackup
• wponlinebackup
• wp-s3-backups
• wp-time-machine
• xcloner-backup-and-restore

Caching plugins:

• cache-images
• db-cache-reloaded
• hyper-cache
• wp-file-cache

Database plugins:

• adminer
• portable-phpmyadmin
• wp-database-optimizer
• wp-dbmanager
• wpdbspringclean
• wp-optimize
• wp-phpmyadmin

Stat plugins:

• counterize
• firestats
• gosquared-livestats
• newstatpress
• simple-stats
• statpress
• statpress-reloaded
• statpress-visitors
• stats
• track-that-stat
• visitor-stats-widget
• vsf-simple-stats
• wassup
• wp-postviews
• wp-slimstat
• wp-statistics

More plugins:

• backjacker
• broken-link-checker
• delete-all-comments
• disable plugin updates
• display-widgets
• exploit-scanner
• facebook
• google-sitemap-generator
• hcs-client
• hello.php
• pipdig (p3)
• repress
• search-unleashed
• sendpress email marketing
• smestorage-multi-cloud-files-p
• timthumb-vulnerability-scanner
• updraftplus
• viberspy-pro
• wp-mailinglist
• wp-maintenance-mode
• youtube-sidebar-widget
• xml-sitemap-feed

WP Engine Disallowed Plugins

• Backup plugins: BackupWordPress, VersionPress, WP DB Backup, and WP DB Manager.
• Caching plugins: W3 Total Cache, WP File Cache, and WP Super Cache.
• Related post plugins: Contextual Related Posts, Dynamic Related Posts, SEO Auto Links and Related Posts, and Similar Posts.
• Plugins that have duplicate functionality: Bad Behavior, Force Strong Passwords, and No Revisions.
• Server and MySQL thrashing plugins: Broken Link Checker, Fuzzy SEO Booster, LinkMan, MyReview Plugin, Tweet Blender, and WP PostViews.
• More plugins: Digital Access Pass (DAP), Hello Dolly, Sweet Captcha, and WP phpMyAdmin.

Final Thoughts on Disallowed Plugins

There’s a lot of built-in functionality that high-quality hosting services offer. Therefore, you won’t have to add much to your plugin library when it comes to backups, caching, security, and other maintenance-related issues. Also, know that even if a host lists their disallowed plugins, you could still face an issue with a plugin that’s not on the list. When in doubt, it always pays to check with the host to find out if there’s some kind of issue — before the user experience takes a hit.

If you’re interested in managed WordPress hosting, be sure to take a look at our Divi hosting partners and see how well they can take care of your site.

Article featured image by eamesBot / shutterstock.com