WordPress plugins to avoid to boost speed, reliability, security

Which WordPress plugins should you avoid installing in your site or blog and why? It is not always because plugins are bad and some good ones should be avoided too. Here are the reasons.

There are 55,000+ plugins in the WordPress plugin directory and I am not going to list them all and say whether they should or should not be installed. There are too many. There are some general principles that enable you to tell whether a plugin is useful or not, malicious or safe, and if it should be installed or not.

Armed with the knowledge here, you will be able to prune your list of installed plugins, make your site faster, safer and more reliable.

Plugins add to the workload of the website and as the number that are installed rises, the speed and security decreases, and conflicts between plugins increase. There are exceptions and there are some great plugins that increase speed or security, but generally speaking you have to be careful which plugins you install and don’t install too many.

Plugins banned by web hosts

Did you know that some web hosting companies ban some plugins? Is it because they are bad, malicious, badly written? Sometimes this is true, but not always and it may be because some plugins clash with the server backend or duplicate functions already provided by the web host. For example, some hosts disable WordPress revisions, so a plugin to disable revisions or modify the revisions feature will not work.

A backup plugin may be discouraged if the web host provides backups itself. Backups increase the workload of a web server and if your host is doing daily backups and you also have a plugin doing daily backups, then that might be too much work for the server, slowing it down. Plugins may be allowed if they take incremental backups, which copies only files that have changed since last time.

Some plugins are banned by web hosting companies. Here's WP Engine's banned list
WP Engine disallowed plugins

WP Engine says “In general, however, we discourage the use of backup plugins. They needlessly duplicate our built-in functionality, rely on a large amount of local storage and can store files in an insecure manner.

A web host may provide caching to speed up a website and installing caching plugins on your site may clash with them – clashes of the caches! Too many caches can be counterproductive, so what does your web host recommend? Find out.

There may be other reasons why certain WordPress plugs are not recommended or are even banned. Ask your web host, scour its online help, or search at Google for a list of banned plugins for your host.

Examples of web hosts banned plugins:

Avoid banned plugins. Does your web hosting company have a list?

(Affiliate link) If you are looking for a reliable web host for your next website, take a look at Bluehost. Get an awesome entry-level deal, go for a power user plan or anything in between. Choose your level.

Plugins not in WordPress directory

The WordPress plugins directory can be browsed on your computer or when you click Plugins > Add New in WordPress. There are over 55,000 and it is the place to be seen if you are a plugin developer.

Be suspicious of any plugin that is not in the WordPress plugin directory and ask why it isn’t. There may be valid reasons for not being in there, but one reason could be because the plugin breaks the rules. To be included, a plugin must ensure the code plays by the rules and is well written, safe, not malicious or contain obvious bugs.

Being in the directory is not a guarantee that a plugin is good and there are bad ones. However, at least someone has looked at it closely and performed some basic checks. Outside of the directory, plugins are not checked by anyone. You really have to trust the developer, so avoid any that you do not trust.

Avoid plugins not in the directory, unless you are sure they are OK.

Plugins kicked out of WordPress directory

Sometimes good plugins in the WordPress directory go bad. One way this can happen is when a plugin by one developer is sold to another developer and the new owner adds bugs, problems, adware, malware and so on.

When a problem with a plugin is discovered, it gets kicked out of the directory.

That’s good, but you will not be told when this happens. How do you know a plugin you have installed on your WordPress website right now hasn’t been kicked out of the directory?

Every so often, such as once a month, you should spend a few minutes going through the plugins installed in your site and checking that they are still in the WordPress plugin directory. Search for them and check they are OK. Delete them if they are not there, or at least find out why.

Avoid plugins that have been ejected from the directory.

Plugins not updated for years

When plugins are updated, a red badge appears in WordPress to catch our attention so we can go and update them. We assume that all plugins are OK and are regularly being updated, but some may not. They may have been abandoned by the developer and are no longer updated. This could cause clashes with other plugins and compatibility issues with WordPress.

There is a warning that this WordPress plugin has not been updated in the WordPress plugins directory
Read the message at the top – ‘no longer maintained or supported’

As you check that your plugins are still in the WordPress directory, look at the date they were last updated. You may even see a notice on the plugin page saying that it hasn’t been updated for a long time and may be abandoned.

Avoid abandoned plugins.

Plugins not tested with latest WordPress

Check when a WordPress plugin was last updated and what it has been tested with

Plugins that have not been tested with the latest version of WordPress may or may not work. Do you want to be the one that tests them? That could lead to problems with the site or it could bring it down completely in serious cases.

The plugin directory shows what version of WordPress the plugin has been tested with. Not being tested with your version does not mean it will not work, it may be OK, but you might want to wait until it has been tested before installing it.

Related: Essential WordPress plugins to install on day 1

Plugins with few users

You should beware of WordPress plugins with only a few users. It does not mean that it is definitely a bad plugin, but you have to wonder why so few people would use a plugin if it was really good. Maybe it is new (check the version or release date), or maybe few people have discovered it.

The best plugins are usually installed by tens of thousands, hundreds of thousands or even millions of users. It does not mean they are perfect, but would a million people install a plugin if it was bad? No. User numbers are a good indication of a plugin’s quality.

Avoid a plugin with few users unless you are certain it is a good one.

Plugins that scan the site

Some plugins scan the website and a good example of this is a security plugin. They may scan the whole site daily looking for malware. That’s great, but it adds extra work for the web server and can slow it down. If your site is slow when you visit, maybe it is because a scan is in progress.

It may be unavoidable and the benefits of a security plugin scanning your site may outweigh the problem with slowing it down a little.

See what your web hosting company says about security plugins. For example, Kinsta says “A lot of security plugins cause performance issues due to their always-on and scanning functionalities. Many features in security plugins such as IP blocking, geo-blocking, etc., will not work as intended due to the fact that we use Google Cloud Load Balancers.

Some WordPress plugins show related posts. This looks great when it works and it can be very useful for keeping visitors on your site and preventing them from bouncing away. However, they scan all your posts looking for related ones and this can slow it down and put too much workload on the server. Web hosting companies don’t like them for this reason and related posts plugins are often on the banned list.

A broken link checker scans the site looking for links and then testing them to see if they are OK. This is a lot of extra work for the server and web hosts don’t like them because they can slow down your site.

Avoid plugins that scan the site.

Plugins with low scores, bad reviews

WordPress plugin with a low rating

Always check the score for a plugin in the WordPress directory and avoid ones with low scores. Scores of 4 and over are excellent, 3.5 to 4 are maybe OK, but beware of plugins scoring below 3.5. They could be more trouble than they are worth.

The score is not the only way to tell whether a plugin is good or bad. Sometimes a plugin is excellent and is awarded a high score by thousands of users. Then an update is buggy and causes problems. The score may still be high, but if you look at the most recent reviews on the plugin page in the WordPress directory, there could be a series of 1 or 2 stars. Beware of good plugins gone bad by checking the most recent reviews and scores, not just the overall score, which may be high because of scores from years ago.

Avoid low scoring plugins or those with recent bad reviews.

Plugins that have been nulled

Nulled plugins are basically hacked ones. They may have previously been paid plugins or even free ones, but someone has taken them, hacked the code, added a bunch of extra code, and distributed it on a dodgy website.

Avoid nulled plugins. They may be illegal, they may be bugged or contain adware or malware. It’s just asking for trouble.

Summing up

  • Don’t assume that all your plugins are OK just because your site is working. Check them
  • Your site may work better without some plugins
  • Some of your plugins may duplicate features provided by your web host
  • Some plugins may have been abandoned by the developer, check for them
  • Some plugins may duplicate features already provided and are unnecessary
  • Avoid plugins with low scores, bad reviews, not recently updated