“Less is More” is the principle you always should have in mind when considering what plugins you should use in your WordPress installation. Any experienced developer knows that fewer lines of code means fewer bugs and fewer security holes.
Servebolt has highly optimised server setups, that take care of aggregation, optimization, gzip, caching and a lot more. Any alterations to this setup by plugins in WordPress is very likely to have a negative performance impact.
There is no need to install any form of Security plugin in WordPress. These plugins are often very large in code size, touch central parts of the WordPress core that should be left untouched, add logging, bad
.htaccess practices etc.
If you use strong passwords, and your WordPress plugins are maintained and kept up-to-date, your site will be safe. Robots, crawlers and scripts will continuously probe your site for weaknesses, or test logins, but this is not dangerous or something you need to spend time on preventing.
- All In One WP Security & Firewall
- iThemes Security
- Wordfence Security
- WP Hide & Security Enhancer
If you want to prevent probing or secure parts of your application, external services like a Cloudflare Pro Plan is much better option with its Web Application Firewall (WAF). Stopping malicious traffic before they reach your server should be your goal.
Any plugin that alters and adds to your
.htaccess file is likely doing things it should not do. Servebolt’s servers are already finely tuned for performance, static caching of elements and gzip – and if a plugin modifies Servebolt’s default policies, it is guaranteed to doing either duplicate work, or changing something for the worse.
For example gzip should always be turned off in your WordPress, because Servebolt’s servers gzip everything in nginx. If gzip is enabled in apache, nginx will have to unzip the file before re-zipping it, which will cause added latency and resource wasteing.
- fast-velocity-minify (doubles TTFB on many installations)
- Cache Enabler
- WP Fastest Cache
We also maintain a list of WordPress plugins that break caching.
- WPML (This multi language plugin will destroy the structure of your database, and has a major performance degrading impact). We recommend using MultiLingual Press or Polylang.
Complete list with Plugin Folder Names
all-in-one-wp-security-and-firewall better-wp-security ithemes-security wp-hide-security-enhancer fast-velocity-minify remove-query-strings-littlebizzy cache-enabler wp-fastest-cache wpml
Give us your feedback on this article
Did this help you?
Servebolt has launched Accelerated Domains!
Accelerated Domains is a service that greatly improves and optimizes your site on these four areas: Performance, Scalability, Security and the Carbon footprint of your website.