Disallowed and Non-Recommended Plugins for WordPress and WooCommerce

“Less is More” is the principle you always should have in mind when considering what plugins you should use in your WordPress installation. Any experienced developer knows that fewer lines of code means fewer bugs and fewer security holes.

Servebolt has highly optimised server setups, that take care of aggregation, optimization, gzip, caching and a lot more. Any alterations to this setup by plugins in WordPress is very likely to have a negative performance impact.

Security Plugins

There is no need to install any form of Security plugin in WordPress. These plugins are often very large in code size, touch central parts of the WordPress core that should be left untouched, add logging, bad .htaccess practices etc.

If you use strong passwords, and your WordPress plugins are maintained and kept up-to-date, your site will be safe. Robots, crawlers and scripts will continuously probe your site for weaknesses, or test logins, but this is not dangerous or something you need to spend time on preventing.

  • All In One WP Security & Firewall
  • iThemes Security
  • Wordfence Security
  • WP Hide & Security Enhancer

If you want to prevent probing or secure parts of your application, external services like a Cloudflare Pro Plan is much better option with its Web Application Firewall (WAF). Stopping malicious traffic before they reach your server should be your goal. 

Optimization Plugins

Any plugin that alters and adds to your .htaccess file is likely doing things it should not do. Servebolt’s servers are already finely tuned for performance, static caching of elements and gzip – and if a plugin modifies Servebolt’s default policies, it is guaranteed to doing either duplicate work, or changing something for the worse.

For example gzip should always be turned off in your WordPress, because Servebolt’s servers gzip everything in nginx. If gzip is enabled in apache, nginx will have to unzip the file before re-zipping it, which will cause added latency and resource wasteing.

  • fast-velocity-minify (doubles TTFB on many installations)
  • remove-query-strings-littlebizzy 
  • litespeed-cache

Caching Plugins

  • Cache Enabler
  • WP Fastest Cache

We also maintain a list of WordPress plugins that break caching.

Strongly Discouraged 

  • WPML (This multi language plugin will destroy the structure of your database, and has a major performance degrading impact). We recommend using MultiLingual Press or Polylang.
  • Translatepress
    This plugin generates lots of extra POST requests to your site on every page views.
  • Wise Chat
    This is a plugin requiring heavy resources, as also been acknowledged by the plugin developer.
  • User Insights
    The plugin runs an UPDATE query against larger datasets. Even though this should be avoided as it seriously affects performance when that is done on runtime.

Complete list with Plugin Folder Names


Give us your feedback on this article