1. Home
  2. Docs
  4. Unauthorised plugins

Unauthorised plugins

On the WPScale environment, some plugins are forbidden. Either because they duplicate our services included, they contain serious security failings or because they unnecessarily increase the server load...
Currently, 62 plugins are not allowed on WPScale !

How does it work ?

Each time our maintenance scripts spot an unauthorized plugin, it will be systematically deactivated from your installation with no possibility to reactivate it.

Which Plugins aren’t allowed ?

With more than 36,000 plugins in the WordPress Repository, we prohibit only a relative handful of plugins.

We prohibit certain plugins for several reasons, either because they clash with the solutions we provide as part of our service offer, or because they are considered at-risk plugins.

Be aware that many tests were performed before the plugins were put in this list. This list is not exhaustive and can be modified by the WPScale team at any time.

Caching Plugins

Most caching plugins do not cooperate with our custom cache environment (Varnish). As a result, we cannot run them in parallel with our solution, as this could do more harm than good to your WordPress.

  • Autoptimize
  • WP Super Cache
  • WP File Cache
  • WordFence

In addition, you shouldn't have to worry about the speed of your site ... that’s "our job". And our speed is, hopefully, one of the main reasons you chose us as your WordPress dedicated hosting provider !

As a side note, we haven’t banned Batcache, Quickcache (and similar) simply because they don’t work on our environment.

WP-Rocket is, on the other hand, compatible with WPScale and allows you to benefit from Lazy Load and minification.

W3 Total Cache is also compatible and allows you to increase your performance, especially with certain themes (Divi, Enfold).

Backup plugins

We already make multiple nightly backups of your site 7 days a week and on the 1st of each month for the last three months. These backups are automated and the data is stored securely outside your WordPress. You can access one of the last 10 backups whenever you want, and you can either restore one of them or download an archive containing your WordPress folder and its database.

If you feel safer with a secondary offsite backup, we recommend VaultPress on our servers.

In general, however, we don’t recommend the use of backup plugins. They duplicate our built-in functionality unnecessarily. Many of these plugins could perform their backup tasks at inappropriate times. This can slow down database connectivity with our extras and sometimes generate very large MySQL requests, which could cause delays on sites.

  • WP DB Backup - Although it recommends not saving backups to the local file system.
  • WP DB Manager - Local storage is the only option here, and a .htaccess protection file would be recommended, but disk space usage is a major concern.
  • BackupWordPress - Because it duplicates a number of files on the disk when they’re already in our backups.
  • AkeebaBackupCore - Duplicate files and store backups on the root of your FTP.
  • Backupbuddy- Duplicates files and stores backups on FTP.
  • All In One WP Migration - Backup system that can corrupt our backups.

If you ever need a full backup copy of one of your sites, you can access it from the WPScale console.

Server & MySQL Plugins

There’s another class of plugins that we forbid simply because they cause a high load on our servers or create too many MySQL requests if they’re badly configured.

  • Broken Link Checker - overloads even our Varnish caching layer with an excessive amount of HTTP requests.
  • MyReviewPlugin - Overloads the database with a large amount of database entries.
  • Linkman - Just like MyReviewPlugin above, linkman misuses the database.
  • Fuzzy SEO Booster - Causes a high number of MySQL requests.
  • WP PostViews - Ineffectively writes to the database every time a page loads. To monitor the traffic in a more scalable way, the statistics module of the Jetpack Automattic plugin, Google Analytics works perfectly.
  • Tweet Blender - May result in increased server load.

Matching Plugins

Almost all "Related Posts" plugins suffer from the same fundamental problems regarding MySQL usage - indexing and searching. All these problems make these plugins practise an extremely intensive use of the database. The ones we have simply outlawed altogether are:

  • Dynamic Related Posts
  • SEO Auto & Relates Posts
  • Yet Another Related Posts Plugin
  • Similar Posts
  • Contextuelles Related Posts
  • yuzo-related-posts

There are dedicated services that let you download these features related to their servers.

Alternatives to Broken Link Checker

If you’ve used the Broken Link Checker plugin and still want to track your broken links, we recommend you use one of the following tools to check for broken URLs on your site:

It's not a plugin, but this service does the job: www. brokenlinkcheck.com. The best solution to search for broken links is an app you install on your computer like the 3 below:

Duplicate plugins

Like caching and backup plugins, these plugins duplicate the functionality we've put in place for you in a more efficient, scalable and configurable way.

  • No Revision - We limit revisions to 3 for all customers by default.
  • Limit Login Attempts - We already have a similar server system that lets us take the responsibility off your WordPress installation.
  • Force Strong Passwords - We already have a similar server system that means your WordPress installation doesn’t need one.
  • WordFence - This plugin includes many security features and caching that already exist in our environment and can cause problems.
  • iThemes Security - This plugin protects your wordPress site from brute force and other types of attacks.
  • WP Optimize - The databases are already optimized regularly.

E-mail Plugins

We know that WordPress is capable of sending email, but that doesn't always mean you have to use it. Especially when there are specialized services like MailChimp, Constant Contact, AWeber and countless others. Each offers complete messaging solutions for your business that give you far better results than WordPress.

If your domain's email provider offers its own SMTP server, you’re prompted to set up your outgoing server. But you should check with your email provider about email, anti-spam and other policy options before doing so.

Basically, when our clients want to send emails, we want them to have the same service that WPScale can offer to your WordPress. Therefore, we recommend you use one of the services listed above. To this end, we have refused the following plugins, because it allows you to send mass emails with WordPress and therefore can overload our servers and use unauthorised directories:

  • WP Mailing List
  • MyMail
  • ALO EasyMail Newsletter

Miscellaneous Plugins

The other plugins we’ve decided to proactively remove are:

  • Hello Dolly ! - Sorry, Matt.
  • WP phpMyAdmin - Rejected due to a serious security issue. The WPScale console already gives you access to phpMyAdmin without any plugin.
  • EWWW image optimiser - Prohibited because of the exec() function which could compromise the security of our systems.
  • Wp-Spamshield - Prevents varnish caching because of its cookies
  • NewStatPress - too many requests in the database
  • Quttera Web Malware Scanner - too many requests in the database
  • WP Security Audit Log - too many requests in the database

Complete list 

These are the files and folders we look for when we scan for unauthorized plugins. Compare your /wp-content/plugins/ directory to see if anything you’ve installed may conflict:

alo-esaymail akeebabackupcore adminer all-in-one-wp-migration async-google-analytics autoptimize backup backupbuddy backup-scheduler backupwordpress backwpup better-wp-security broken-link-checker contextual-related-posts dynamic-related-posts ewww-image-optimizer ezpz-one-click-backup file-commander fuzzy-seo-booster google-xml-sitemaps-with-multisite-support hc custom wp admin url hcs.php hello.php jr-referrer myMail no-revisions newstatpress ozh-who-sees-ads portable-phpmyadmin query-monitor quick-cache quick-cache-pro recommend-a-friend seo-alrp si-captcha-for-wordpress similar-posts spyderspanker spyderspanker_pro super-post superslider text-passwords the-codetree-backup toolspack tweet-blender wordfence wordpress-gzip-compression wp-cache wp-database-optimizer wp-db-backup wp-dbmanager wp-engine-snapshot wp-file-cache wp-mailinglist wp-optimize wp-phpmyadmin wp-postviews wp-slimstat wp-spamshield wp-super-cache wp-symposium-alerts wpengine-migrate wpengine-snapshot wponlinebackup yet-another-featured-posts-plugin yet-another-related-posts-plugin yuzo-related-posts

Our opinion, our choice !

In no way are we suggesting these plugins are bad. Some of them, such as "Related Posts", can be great for discovering content and SEO on most sites. However, our main objective is to satisfy our customers. And therefore, they’re not good for WPScale !

The same goes for "non-secure" plugins - we try to work with the developers of these plugins to find a solution. When we work with the developer, we can temporarily add a plugin to our list of unauthorised plugins. But we will be happy to then remove it from the list once the problem has been resolved.

In all cases, when asked, we try to provide reasonable alternatives. If you have any questions about these plugins or need help to find an alternative, please contact our support team by email or directly via chat built into our site and your WPscale console.

Was this article helpful to you? Yes 7 No