;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; author: SlickStack ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; link: https://slickstack.io ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; mirror: https://mirrors.slickstack.io/modules/wordpress/blacklist.txt ;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; path: /var/www/html/wp-content/blacklist.txt ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; destination: n/a (not a boilerplate) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; purpose: Plugin Blacklist configuration file (with related comments by LittleBizzy) ;;;;;;;;;;; ;;;; module version: Plugin Blacklist 1.1.x + WordPress 6.4.x ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; sourced by: n/a ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; bash aliases: n/a ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; ARE YOU A WEB HOST USING SLICKSTACK? DEFINE A CUSTOM PLUGIN BLACKLIST IN SS-CONFIG! ;; ;; In most cases, plugins will be added by LittleBizzy to the Future blacklist first to give ;; ;; webmasters time to find alternatives (typically several months or longer). However, in ;; ;; cases of malware, crashing, thrashing, or other serious issues, plugins are banned ;; ;; immediately via the Active blacklist (rare, but sometimes necessary). ;; ;; The goal of SlickStack is to maximimize speed, stability, and security, along with ;; ;; championing the open web and competition -- and thus, inter-compatibility. We frown on ;; ;; page builder plugins or themes (etc) that try to lock-in webmasters to using ;; ;; their own proprietary frameworks or sister products. It is always better to avoid ;; ;; page builder plugins entirely, in fact, and rely only on themes. That said, if you want ;; ;; to use one, always choose a page builder that offers an open source (free) version ;; ;; in order to avoid as much lock-in and licensing as possible. ;; ;; Recommended page builders: Gutenberg, SiteOrigin, Beaver Builder, Elementor. ;; ;; BEWARE PROPRIETARY / LOCK-IN PAGE BUILDERS: Oxygen, Qards, Thrive Architect, Divi Builder, ;; ;; Fusion (Avada) Builder, Ebor (Aqua), WP Bakery (Visual Composer), etc. ;; ;; Avoid plugins more than "2 levels" deep... any plugin you install should only affect the ;; ;; open source CMS or micro-platform above it; do not rely on plugins that alter or customize ;; ;; proprietary or nonintuitive themes or plugins, or those released by other vendors. For ;; ;; example, a plugin that modifies WordPress or WooCommerce is a good idea, but a plugin that ;; ;; modifies another vendor's product e.g. Elementor, Divi theme, or Yoast SEO is generally ;; ;; a bad idea and often results in code conflicts and maintenance issues later. ;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; Recommended Plugin Vendors (Consistent Quality, Transparency, Best Practices, Etc) ;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; To keep our codebase clutter-free visit: https://slickstack.io/agencies/ ;; ;; To keep our codebase clutter-free visit: https://slickstack.io/developers/ ;; ;; Automattic (besides Jetpack-integrated products) ;; ;; WooCommerce.com (disable tracking) ;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; Blacklist.txt: Glossary Of Terms ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; we try hard to avoid making this blacklist a judgement of moral or political leanings ;; ;; however we do blacklist extreme cases of fraud, cronyism, and repeat abuses ;; ;; ss conflicts = conflicts with SlickStack (default MU plugins or LEMP stack modules) ;; hacks third-party design products = alters frontend layout products from other vendors ;; bloated = extremely heavy or slow scripts beyond what should be necessary ;; excessive logging = abuses the MySQL database for logging in ways that are bad practice ;; excessive api calls = abusive amount of external API calls (i.e. bloated API) ;; ransomware = illegally blocks access to scripts in violation of the GPL license ;; spyware = tracks WP or traffic analytics without opt-in or in otherwise deceitful ways ;; creates instability = foolish or bad practice scripts that hurt WP stability ;; poor coding = history of very bad quality or careless coding practices ;; poor maintenance = rarely releases patches or updates that would otherwise be expected ;; hijacks wp functions = tries to replace (stable) WP Core functions with their own ;; hjacks wp admin = repeat or long-term abuse of the WP Admin backend (e.g. spam, etc) ;; serious errors = repeat or long-term errors that seriously hurt functionality ;; database thrashing = abusive SQL queries that result in CPU spikes, RAM exhaustion, etc ;; code theft = illegally steals code from other GPL products without credits ;; death threats = authors sent death threats to SlickStack or other WP developers ;; brand abandoned = the company no longer updates or maintains their various products ;; deprecated = the script has been officially shut down by the original author ;; consumer fraud = repeat and long-term deceptive marketing practices that confuse users ;; exploitable = current or repeated instances of hackable code (security holes) ;; potential data loss = functions that could result in the mass loss of files or data ;; better options exist = several other similar scripts exist with better functions ;; smtp risks = risks getting your server/domain blacklisted as an email spammer ;; resource intensive = uses too many server resources than should typically be needed ;; theme-specific custom post types = generates CPTs that only support their own WP themes ;; theme-specific code ;; generates data/code that cannot be used by other WP themes ;; no public changelog = no public documentation of code/version changes or patches ;; wp cronyism = regularly abuses influence by trying to acquire unfair market advantage ;; violates GPL terms = illegally breaks the guidelines required by the GPL license ;; requires api validation = design/content will disappear if api credentials unaccepted ;; political censorship = products that arbitrarily deplatform or censor non-violent speech ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; 1. Long-Term Disallowed Vendors (Recurring Technical Or Ethical Reasons) ;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; Alex Panagis ;; consumer fraud, harassment, slander ;; ;; Astra Theme (Brainstorm Force) ;; ;; BeSquares ;; brand abandoned ;; ;; Bhanu Ahluwalia ;; consumer fraud, spyware, ransomware ;; ;; Brainstorm Force ;; bloated, creates instability, hacks third-party design products, lock-in issues ;; ;; Brian Lee Jackson ;; consumer fraud, code theft ;; ;; bringthepixel (Bimber theme) ;; poor coding, bloated, theme-specific code, no public changelog ;; ;; Crocoblock ;; poor coding, serious errors, hacks third party design products ;; ;; Jetpack ;; bloated, spammy, hijacks wp admin, lacks transparency, resource intensive, wp cronyism ;; ;; Joost de Valk ;; bloated, spammy, hijacks wp admin, poor coding, wp cronyism ;; Kinsta (Brian Jackon, Alex Panagis, Jon Penland, Mark Gavalda) ;; ;; Kodemann ;; brand abandoned ;; ;; Lumin Apps ;; brand abandoned ;; ;; Macho Themes (Alex Panagis) ;; consumer fraud ;; ;; MailChimp ;; political censorship ;; Monster Insights ;; bloated, spammy, hijacks wp admin, bad practice ;; ;; MyThemeShop (Bhanu Ahluwalia, Suraj Vibhute) ;; consumer fraud, spyware, ransomware, violates GPL terms, death threats ;; ;; OneTone theme ;; exploitable (via Sucuri), brand abandoned ;; Noah Kagan ;; bloated, excessive API calls, poor maintenance, illegal email spam ;; OptimizePress ;; ;; Qode Themes ;; poor coding, errors, poor maintenance ;; Rank Math SEO (Bhanu Ahluwalia, Suraj Vibhute) ;; consumer fraud, spyware, ransomware, violates GPL terms, death threats ;; PerfMatters (Brian Lee Jackson) ;; code theft ;; ;; Pipdig (Phil Clothier) ;; spyware ;; ;; Phil Clothier ;; spyware ;; ;; RadiantThemes ;; breaks all kinds of best practices, creates instability, poor coding, locked-in CPTs ;; Samuel "Otto" Wood ;; wp cronyism, consumer fraud ;; ShortPixel ;; bloated, resource intensive, spammy, generates junk files ;; Smart Slider (Alex Panagis) ;; ;; snapCX.io ;; brand abandoned ;; ;; Social Actions ;; brand abandoned ;; ;; SumoMe ;; bloated, excessive API calls, poor maintenance ;; Suraj Vibhute ;; consumer fraud, spyware, ransomware ;; ;; Swift Ideas ;; bloated, bad practices (bundles theme-specific custom post types, etc) ;; ;; Syed Balkhi ;; spammy, bloated, wp cronyism, better options exist ;; ;; Team Yoast ;; spammy, deceptive ;; The Web Design Hub ;; brand abandoned ;; ;; Themeco ;; serious conflicts, hijacks wp core, no public changelogs, theme-specific page builder ;; ThemeFusion (Avada) ;; bloated, everything is proprietary ;; ThemePunch (Revslider) ;; bloated, history of exploits ;; Thrive Themes ;; bloated, poor coding, excessive logging, serious errors, hijacks wp core functions ;; Vafour (Vafpress Framework) ;; brand abandoned, not maintained ;; ;; Warfare Plugins, etc (Dustin W. Stout, Jason T. Wiser, Nicholas Z. Cardot) ;; ;; WebFactory Ltd ;; history of exploits, history of poor coding ;; ;; Yotpo ;; ransomware ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; 2. Short-Term Disallowed Vendors (Resolvable Critical Issues) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; Rymera Web ;; WP-Cron abuse, database thrashing ;; ;; Josh Kohlbach (Rymera Web) ;; blames SlickStack for his poor code instead of fixing it ;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; 3. Not Recommended Vendors (Possibly Long-Term Disallowed In The Future) ;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; BestWebSoft ;; ;; Bootstrapped Ventures ;; conflicts with Nginx caching, overuse of REST API, etc ;; Contempo Themes (Chris Robinson) ;; exploitable, poor coding, poor maintenance, many plugins are theme-specific, no public changelogs ;; Course Cats ;; excessive API calls, poor coding ;; Divi Life ;; all products hack third-party design products ;; Drfuri ;; not maintained, no public changelogs, hacks third-party design products ;; Eric Turnnessen (MemberMouse) ;; ;; Elegant Themes (Divi) ;; ;; Elfsight ;; poor coding, database thrashing, serious errors, resource intensive ;; Future Design Group ;; poor coding, poor maintenance ;; Genesis Framework ;; proprietary frameworks ;; Gijo Varghese ;; ;; IntellyWP ;; bloated, poor coding, serious errors, violates GPL terms ;; Leadpages ;; bloated, poor maintenance, creates instability ;; MemberMouse ;; poor coding, MySQL data loss, does not use their own software, blames SlickStack for their errors ;; Mikado Themes ;; theme-specific CTPs and plugins, etc ;; Nextend (Roland Soos, Daniel David) ;; consumer fraud ;; NicheAddons ;; hacks third-party design products ;; Om Ak Solutions (Ankit Singla, Nikhil Khokhar, Savi Goyal) ;; ;; OnTheGoSystems (WPML, Toolset) ;; bloated, poor coding, security issues ;; Photocrati (Imagely / NextGen Gallery) ;; ;; PixelYourSite ;; spammy, hijack WP Admin ;; ;; Redux Framework + Dovy Paukstys ;; has drastically shifted from a general theme options framework to Gutenberg middleman/spammy ;; SmartDataSoft ;; poor coding, bad practices (e.g. theme-specific plugins, etc) ;; ;; Sridhar Katakam ;; ;; StudioPress ;; proprietary frameworks ;; TagDiv ;; various bad practices, excessive logging, history of exploits ;; ThemeGoods ;; bundles theme-specific custom post types plugins ;; WP Desk ;; poor coding, tracking (spyware) ;; WPClever.net ;; ;; WPDeveloper ;; poor coding ;; WpIndeed ;; poor coding, serious errors ;; WPMU DEV ;; ;; YITH ;; spammy, security issues, poor coding ;; Upsolution / Us Theimes ;; poor coding ;; Zendesk ;; poor maintenance, sues anyone who users the ancient Chinese term "zen" ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; Blacklist.txt: Active Blacklist (Currently Disallowed Plugins) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; Message for automatically deactivated plugins (multiple lines allowed) ;; This message will appear in the WordPress admin notices section [message] The following plugins are disallowed on our network and have been deactivated: ;; match any path (case insensitive) ;; for exact directory matches use slashes e.g. /revslider/ [path] 10web-manager ;; vendor specific, no public changelog (By 10Web) 2-click-socialmedia-buttons ;; not maintained /301-redirects/ ;; not maintained /404s/ ;; excessive logging 404-error-monitor ;; excessive logging, not maintained 404-notifier ;; excessive logging, not maintained 404-redirected ;; excessive logging, not maintained (by Remkus de Vries) 404-redirection-manager ;; excessive logging, serious errors, not maintained 404-solution ;; excessive logging, bad practice (By Aaron J) 404-to-301 ;; excessive logging 6scan-backup ;; ss conflicts, not maintained, resource intensive 6scan-protection ;; ss conflicts, not maintained, resource intensive a2-optimized-wp ;; vendor specific a2-w3-total-cache ;; ss conflicts, vendor specific, bloated above-the-fold-optimization ;; deprecated accesspress-social-auto-post ;; resource intensive, bad practice aceide ;; feature exists in wp core /actifend/ ;; not maintained, ss conflicts acf-yith-woocommerce-compare-support ;; not maintained (by YITH Themes) activity-reactions-for-buddypress ;; bloated, not maintained add-category-to-pages ;; bad practice, creates instability, poor coding add-expires-headers ;; ss conflicts, bad practice (By Passionate Brains) add-index-to-autoload ;; ss conflicts, feature exists in WP Core 5.3+ already add-social-share ;; not maintained /add-to-any/ ;; adware, spyware, bloated addons-for-beaver-builder ;; hacks other vendor products, creates instability, bad practice (buy the Pro version) addons-for-elementor ;; hacks third-party design products (By Livemesh) addfreestats ;; excessive logging addthis-follow ;; not maintained addthis ;; not maintained addthis-all ;; not maintained admin-management-xtended ;; resource intensive, pointless admin-menu-editor ;; creates instability adminer ;; exploitable, creates instability adsense-click-fraud-monitoring ;; deprecated Advanced-Custom-Fields-Multilingual ;; possible thrashing, not maintained advanced-database-cleaner ;; ss conflicts advanced-menu-widget ;; serious errors, not maintained (by Ján Bočínec) advanced-speed-increaser ;; ss conflicts advanced-wp-reset ;; ss conflicts, potential data loss advanced-wpperformance ;; ss conflicts, creates instability afterpay-gateway-for-woocommerce ;; resource intensive, database thrashing (By Afterpay) aioseo-redirects ;; lock-in (Requires AIOSEO Pro to manage 301 redirects), better options exist ajax-load-more ;; resource intensive, creates instability (by Darren Cooney) ajax-store-locator-wordpress ;; not maintained, exploitable, resource intensive ajax-thumbnail-rebuild ;; database thrashing akeebabackupwp ;; unsafe local archives all-404-redirect-to-homepage ;; spammy, better options exist all-in-one-redirection ;; excessive logging all-in-one-webmaster ;; pointless, better options exist all-in-one-wp-security-and-firewall ;; bloated all-social-fw-style-widget ;; not maintained allow-php-execute ;; php hacks alinks ;; deprecated, serious errors Alinks ;; deprecated, serious errors alpine-photo-tile-for-instagram ;; not maintained, better options exist, no public changelog amazon-s3-and-cloudfront ;; ss conflicts, potential data loss amazon-s3-and-cloudfront-pro ;; ss conflicts, potential data loss amp-html-sitemap ;; not maintained, bad practice (HTML sitemaps unnecessary) amp-plugin-manager ;; ss conflicts (creates MU plugins) By Ahmed Kaludi, Mohammed Kaludi analyticator-google-analytics ;; not maintained analytics-code ;; not maintained analytics-counter ;; deprecated (By WPAdm.com) analytify-analytics-dashboard-widget ;; bloated, resource intensive (By Analytify) /antivirus/ ;; resource intensive, ss conflicts anywhere-elementor ;; database thrashing, hacks third-party design products (By WP Vibes) anywhere-elementor-pro ;; database thrashing, hacks third-party design products (By WP Vibes) apex-digital-toolbox ;; bloated, bizarre code, not maintained /apikey/ ;; known malware aqua-page-builder ;; not maintained (By Syamil MJ) ari-adminer ;; serious errors, potential data loss (adminer better used as standalone script) artbees-captcha ;; not maintained, no public changelog, better options exist (By José Rodríguez) a.k.a. Cool PHP Captcha aryo-activity-log ;; excessive logging askapache-debug-viewer ;; php hacks askapache-google-404 ;; serious errors, not maintained aspexi-login-audit ;; excessive logging, not maintained asta-html-minifier ;; ss conflicts astra-sites ;; requires blacklisted plugins by Brainstorm Force that hack third party design products (By Brainstorm Force) astra-pro-sites ;; requires blacklisted plugins by Brainstorm Force that hack third party design products (By Brainstorm Force) async-javascript ;; creates instability async-social-sharing ;; not maintained asynchronous-javascript ;; not maintained attachment-pages-redirect ;; ss conflicts, bad practice authentication-and-xmlrpc-log-writer ;; not maintained, bad practice, pointless /authorizer/ ;; ss conflicts, excessive logging /authors-page/ ;; not maintained authorizenet-payment-gateway-for-woocommerce ;; serious errors, poor coding, better options exist authorsure ;; deprecated auto-clean-url-seo ;; pointless, many conflicts, not maintained /auto-link/ ;; not maintained, creates instability auto-link-genius ;; not maintained, creates instability auto-tag-links ;; not maintained, creates instability /auto-updates/ ;; ss conflicts, creates instability (By Michal Novak) autoloader ;; ss conflicts autoloader-littlebizzy ;; ss conflicts autologin-links ;; exploitable, pointless /automatewoo/ ;; thrashing, bloated, excessive logging, resource intensive automatic-copyright-year ;; pointless, not maintained automatic-wordpress-backup ;; ss conflicts, resource intensive, not maintained autoupdater ;; vendor specific (WP Engine) backlink-rechecker ;; not maintained, resource intensive /backup/ ;; ss conflicts, unsafe local archives backup-scheduler ;; unsafe local archives, resource intensive backup-wd ;; ss conflicts, unsafe local archives backupbuddy ;; resource intensive, unsafe local archives backupwordpress ;; unsafe local archives backwpup ;; unsafe local archives, resource intensive bad-behavior ;; deprecated barbwire-security ;; ss conflicts baw-post-views-count ;; excessive logging, bloated, not maintained bb-addons ;; hacks other vendor plugins bb-bootstrap-alerts ;; hacks third-party design products (by Brainstorm Force) bb-bootstrap-cards ;; hacks third-party design products (by Brainstorm Force) bb-header-footer ;; hacks third-party design products (by Brainstorm Force) ;; bb-plugin ;; hacks third-party design products, bad practice (overrides theme settings) bb-ultimate-addon ;; creates instability, hacks third-party design products, no public changelog (By Brainstorm Force) bb-theme-builder ;; hacks third-party design products, no public changelog, creates instability, bad practice (overrides theme settings) aka Beaver Themer bdthemes-element-pack ;; hacks third-party design products (by BdThemes) beautiful-social-widget ;; not maintained beaver-builder-addons ;; hacks other vendor plugins ;; beaver-builder-lite-version ;; hacks third-party design products, bad practice (overrides theme settings) before-and-after-slider-for-vc ;; not maintained best-wp-smtp-email ;; blacklist risk (smtp) better-analytics ;; not maintained /better-related/ ;; not maintained, resource intensive better-rss-widget ;; not maintained better-wordpress-minify ;; ss conflicts better-wp-security ;; bloated bfi-thumb ;; deprecated biagiotti-core ;; theme-specific CPTs (By Mikado Themes) bj-lazy-load ;; not maintained (by Bjørn Johansen, Aron Tornberg, angrycreative) black-studio-tinymce-widget ;; not maintained, similar feature exists in wp core, bloated, creates instability (By Black Studio) blizhost-cache-purge ;; vendor specific block-bloglovin-iframe ;; malware company (Pipdig) blog-manager-light ;; bloated, serious errors, creates instability, bad practices (conflicting features) By OTWthemes blog-manager ;; bloated, serious errors, creates instability, bad practices (conflicting features) By OTWthemes block-wp-login ;; ss conflicts blogger-importer-extended ;; malware company (Pipdig) bloglovin-button ;; malware company (Pipdig) bloglovin-widget ;; malware company (Pipdig) blogvault ;; ss conflicts, resource intensive bluehost-site-migrator ;; vendor specific BoosterPage ;; deprecated, poor code, no public docs (Smart Marketer) bottom-of-every-post ;; not maintained (By Corey Salzano) bounce-handler-mailpoet ;; ss conflicts, bad practice (smtp, php mail) brave-payments-verification ;; not maintained, pointless, bad practice (should be done via SFTP etc) /breeze/ ;; vendor specific (Cloudways cache plugin) breezing-forms ;; poor maintenance, political censorhip (only supports MailChimp) By Crosstec broken-link-checker ;; resource intensive, not maintained, excessive logging brute-force-login-protection ;; excessive logging, ss conflicts, not maintained bruteprotect ;; not maintained bs-input ;; brand abandoned, bloated, excessive API calls (By BeSquares) bsf-changelog ;; pointless (by Brainstorm Force) bsf-docs ;; pointless (by Brainstorm Force) buddypress-google-plus ;; deprecated bugherd ;; ss conflicts? bulk-image-alt-text-with-yoast ;; spammy, bad practice, creates instability business-badges ;; deprecated businesspress ;; bizarre code, creates instability buttonizer-multifunctional-button ;; spyware, adware bv-cloudways-automated-migration ;; vendor specific bwp-google-xml-sitemaps ;; not maintained, resource intensive bwp-minify ;; not maintained, creates instability bws-smtp ;; blacklist risk (smtp) cache-cleaner ;; ss conflicts cache-control ;; ss conflicts cache-enabler ;; ss conflicts cache-images ;; resource intensive, bizarre code, bad practice, not maintained cache-performance ;; creates instability, ss conflicts, bad idea /cachify/ ;; not maintained /captcha/ ;; deprecated car-repair-services-core ;; theme-specific custom post types (By SmartDataSoft) /carla/ ;; bizarre code, ss conflicts casals-online-seo ;; not maintained category-color ;; bad practice (not a good way to adjust CSS colors) By Zayed Baloch category-for-pages ;; not maintained, creates instability cf-littlebizzy ;; ss included cf-post-formats ;; deprecated (a.k.a. WP Post Formats by Crowd Favorite) change-table-prefix ;; ss conflicts, bad practice, creates instability change-password-protected-message ;; malware company (Pipdig) change-wp-admin-login ;; ss conflicts (By Nuno Morais Sarmento) ;; check-email ;; serious errors, not maintained (by Chris Taylor) taken over by WPChill and working again check-and-enable-gzip-compression ;; ss conflicts (apache) cimy-swift-smtp ;; blacklist risk (smtp) clean-up-booster ;; bloated, excessive logging clear-cache-for-widgets ;; vendor specific clear-caches ;; ss conflicts clear-caches-littlebizzy ;; ss conflicts clearfy ;; bloated, ss conflicts /clickfunnels/ ;; not maintained, serious errors, creates instability, landing page imports, private page builder (by Etison, LLC) /clicky/ ;; fatal errors, better options exist (by Team Yoast) clink ;; not maintained, better options exist cloudbric-basic-ssl ;; not maintained /cloudflare/ ;; bloated cloudflare ;; ss conflicts cloudflare-cache-purge ;; ss conflicts cloudflare-flexible-ssl ;; ss conflicts cloudflare-littlebizzy ;; ss conflicts cloudflare-rocket-loader-manual-settings ;; not maintained, ss conflicts cloudflare-threat-management ;; not maintained, ss conflicts cloudguard ;; malware company (Pipdig) cloudinary-image-management-and-manipulation-in-the-cloud-cdn ;; poor code, creates instability, ss conflicts cloudways ;; vendor specific cms-tree-page-view ;; creates instability, potential data loss, resource intensive co-authors-plus ;; serious errors, creates instability, not maintained codeguard ;; ss conflicts, unstable codepress-admin-columns ;; creates instability collapsing-categories ;; serious errors, not maintained, creates instability column-separator-for-beaver-builder ;; hacks third-party design products (by Brainstorm Force) comet-cache ;; ss conflicts comment-engine-pro ;; not maintained /comment-images/ ;; deprecated (By talspotim) /comments-ratings/ ;; not maintained companion-sitemap-generator ;; bad practice (HTML sitemaps unnecessary) compressed-emoji ;; bloated, not maintained connect-polylang-elementor ;; hacks third-party design products (By Creame) contact-form-7-datepicker ;; exploitable (per Wordfence), deprecated (By Aurel Canciu) contact-form-7-datepicker-fix ;; not maintained (By Benjamin Klein) contact-form-7-to-database-extension ;; deprecated (Contact Form DB) ;; contempo-real-estate-custom-posts ;; exploitable, theme-specific CPTs (By Contempo Themes) ;; ct-compare-listings ;; exploitable, theme-specific, no public changelog (By Contempo Themes) ct-membership-packages ;; exploitable, theme-specific, bad practice (should be split into various independent plugins), no public changelog (By Contempo Themes) ct-mortgage-calculator ;; exploitable, theme-specific, no public changelog (By Contempo Themes) ;; ct-real-estate-7-extensions-loader ;; exploitable, theme-specific, no public changelog (By Contempo Themes) ct-real-estate-7-payment-gateways ;; exploitable, theme-specific, no public changelog (By Contempo Themes) contempo-saved-searches-email-alerts ;; exploitable, theme-specific, no public changelog (By Contempo Themes) /content-links/ ;; deprecated (By WPAdm.com) /content-locker/ ;; spyware company, poor coding, serious errors, political censorship (only supports MailChimp) better options exist (MyThemeShop) contextual-related-posts ;; resource intensive control-xml-rpc-publishing ;; deprecated constant-contact-forms ;; serious errors, poor maintainance constant-contact-signup-form-widget ;; not maintained copy-delete-posts ;; hijacks wp core, spammy, serious errors, better options exist cookies-for-comments ;; ss conflicts, bad practice, not maintained cool-php-captcha ;; not maintained, no public changelog, better options exist (By José Rodríguez) a.k.a. Artbees Captcha counterize ;; excessive logging, not maintained counterize-ii ;; excessive logging, not maintained country-caching-extension-for-wp-super-cache ;; ss conflicts creative-clans-embed-script ;; better options exist, not maintained (by Guido Tonnaer) cred-frontend-editor ;; deprecated crudlab-google-plus ;; deprecated css-above-the-fold ;; not maintained css-js-query-string-remover ;; ss conflicts css-share-buttons ;; not maintained ct-child-theme ;; no public changelog, better options exist (By Contempo Themes) ctw-ssl-for-cloudflare ;; ss conflicts current-date-time-widget ;; not maintained custom-404-error-page ;; not maintained custom-typekit-fonts ;; creates instability, bad practice, hacks third-party design products (by Brainstorm Force) custom-facebook-and-google-thumbnail ;; deprecated /custom-fonts/ ;; bloated, creates instability, bad practice (use CSS instead) (By Brainstorm Force) custom-functions ;; ss conflicts (installed as an MU plugin already) By LittleBizzy custom-functions-littlebizzy ;; ss conflicts (installed as an MU plugin already) By LittleBizzy custom-css-js ;; bad practice, creates instability, ransomware, better options exist (Simple Custom CSS And JS) custom-links-in-wp-toolbar ;; pointless, ss conflicts (by Brainstorm Force) custom-link-widget ;; not maintained custom-my-account-for-woocommerce ;; bad practice (should be done using theme template files), not maintained, poor coding, bloated (By phoeniixx) custom-one-click-seo-sitemap ;; not maintained, bad practice (HTML sitemaps unnecessary) custom-registration-form-builder-with-submission-manager ;; bloated, exploitable, excessive logging, creates instability (a.k.a. Registration Magic) custom-script-integration ;; not maintained, better options exist custom-searchable-data-entry-system ;; exploitable (via WordFence), deprecated (by Ghazale Shirazi) custom-share-buttons-with-floating-sidebar ;; excessive logging, better options exist custom-sidebars ;; exploitable (malware found), bad practice, resource intensive, errors/conflicts, spamware (WPMU lock-in) custom-template-learndash ;; hacks third-party design products (by Brainstorm Force) custom-user-profile-photo ;; not maintained, serious errors, bad practice (enables externally hosted profile photos) By VincentListrani custom-vc-column-layout ;; not maintained, hacks third party design products (By Cenemil Jones Sumbalan) customizer-reset-by-wpzoom ;; ss conflicts, potential data loss customizer-search ;; pointless cute-slider ;; deprecated (Envato product) cuteslider ;; deprecated (Envato product) CuteSlider ;; deprecated (Envato product) cw-image-optimizer ;; not maintained, better options exist cwis-antivirus-malware-detected ;; ss conflicts, resource intensive cyclone-slider ;; company deprecated, not maintained, better options exist (By Nico Amarilla / CodeFleet.net) dante-framework ;; theme-specific custom post types, serious errors, deprecated (By Swift Ideas) dashboard-cleanup ;; ss conflicts dashboard-cleanup-littlebizzy ;; ss conflicts database-browser ;; not maintained, ss conflicts, creates intability, potential data loss date-exclusion-seo-plugin ;; not maintained, pointless /db-cache/ ;; deprecated db-cache-reloaded ;; not maintained db-cache-reloaded-fix ;; not maintained dbc-backup ;; ss conflicts, resource intensive, not maintained dd-list-subpages ;; no public docs, better options eixst de-updraftplus-backup-exclude-image-thumbnails ;; ss conflicts default-to-gd ;; deprecated (By Mike Schroder) defensio-anti-spam ;; not maintained defensio-wordpress ;; not maintained defer-css-addon-for-bwp-minify ;; ss conflicts /debug/ ;; ss conflicts /debug-info/ ;; ss conflicts defender-security ;; ss conflicts, bloated (by WPMU Dev) degutenizer ;; malware company (Pipdig) /delete-all-comments/ ;; deprecated, exploitable, potential data loss delete-all-comments-of-website ;; potential data loss delete-expired-transients ;; ss conflicts delete-expired-transients-littlebizzy ;; ss included delightful-downloads ;; deprecated, exploitable (By Ashley Rich) designmodo-social-count ;; deprecated, better options exist desktopserver ;; xml-rpc, ss conflicts digg-digg ;; deprecated digiautolinks ;; blackhat seo, bad idea digiproveblog ;; pointless /digits/ ;; creates instability, serious errors, resource intensive disable-attachment-pages ;; ss conflicts disable-attachment-pages-littlebizzy ;; ss conflicts disable-empty-trash ;; ss conflicts disable-empty-trash-littlebizzy ;; ss conflicts disable-image-compression ;; ss conflicts disable-image-compression-littlebizzy ;; ss conflicts disable-jquery-migrate ;; exists in wp core (after version 5.5+) disable-jquery-migrate-littlebizzy ;; exists in wp core (after version 5.5+) By LittleBizzy disable-post-via-email ;; ss conflicts disable-post-via-email-littlebizzy ;; ss conflicts disable-real-mime-check ;; exploitable, not maintained disable-rss ;; deprecated /disable-site/ ;; not maintained, better options exist disable-woocommerce-reviews ;; malware company (Pipdig) disable-wordpress-updates ;; ss conflicts, creates instability disable-wp-emoji-icons ;; ss conflicts disable-xml-rpc ;; ss conflicts disable-xml-rpc-littlebizzy ;; ss conflicts disabler ;; better options available disk-space-usage ;; ss conflicts display-html-sitemap ;; bad practice (HTML sitemaps unnecessary) display-php-version ;; ss conflicts, not maintained, better options exist /display-widgets/ ;; active malware displet-pop ;; not maintained divi-alt-text ;; hacks third-party design products, no public changelog, bad practice (should not be theme-specific) By Yan Thiaudière divi-booster ;; bloated, serious errors, bad practice divi-footer-editor ;; hacks third-party design products divi-overlays ;; hacks third-party design products, no public changelog, bad practice (should not be theme-specific) By Divi Life / Tim Strifler dnui-delete-not-used-image-wordpress ;; serious errors, not maintained, potential data loss (By Nicearma) domain-sharding ;; deprecated download-button-for-elementor ;; hacks third-party design products, not maintained (By clicklabs Medienagentur) dreamhost-panel-login.php ;; vendor specific dreamobjects ;; vendor specific /dropbox-backup/ ;; deprecated (By WPAdm.com) ds-divi-extras ;; hacks third-party design products dts-simple-share ;; not maintained dukapress ;; exploitable duplicate-page ;; exploitable, ss conflicts (Gutenberg), better options exist /duplicate-post/ ;; spamware (acquired by Yoast), bloated, better options exist (By Enrico Battocchi & Team Yoast) duplicator ;; bloated, database junk, resource intensive dvk-social-sharing ;; not maintained dw-social-share ;; not maintained dynamic-related-posts ;; resource intensive dynamic-widgets ;; ridiculous ;; easy-contact-forms ;; cant remember why easy-googles-widget ;; deprecated easy-hide-login ;; ss conflicts, creates instability easy-html-sitemap ;; bad practice (HTML sitemaps unnecessary) easy-image-sizes ;; not maintained, pointless, creates instability easy-sitemap-page ;; not maintained, bad practice (HTML sitemaps unnecessary) /easy-social-share-buttons/ ;; excessive logging easy-social-share-buttons-for-wordpress ;; bloated, excessive logging /easy-social-sharing/ ;; excessive logging easy-text-links ;; blackhat seo easy-theme-and-plugin-upgrades ;; creates instability easy-webmaster-tools ;; deprecated, pointless easy-wp-smtp ;; blacklist risk (smtp) easyalttext ;; not maintained, pointless (By Rasmus Nørskov (RHNorskov)) easy2map ;; exploitable (per WOrdfence), deprecated (ak.a. wp-easy2map) Ebor-Framework ;; deprecated, poor maintenance, no public changelog (By Tom Rhodes) ebor-framework ;; deprecated, poor maintenance, no public changelog (By Tom Rhodes) eborframework ;; deprecated, poor maintenance, no public changelog (By Tom Rhodes) ebor-page-builder ;; deprecated (By TommusRhodus) based on aqua-page-builder echbay-admin-security ;; ss conflicts, pointless edgemesh ;; ss conflicts, bloated, pointless, bad practice (tries to overrule server cache rules) /edit-flow/ ;; abandoned (by Automattic) ele-custom-skin ;; hacks third-party design products (By Dudaster.com) elegant-themes-support ;; exploitable elementor-extras ;; hacks third-party design products (By Namogo) elementskit ;; hacks third-party design products (By Wpmet) elementskit-lite ;; hacks third-party design products (By Wpmet) elementskit-pro ;; hacks third-party design products (By Wpmet) elfsight-instagram ;; serious errors, resource intensive, database thrashing, poor coding, no public docs elfsight-instagram-feed-cc ;; serious errors, resource intensive, database thrashing, poor coding, no public docs email-customizer-woocommerce ;; serious errors, not maintained emoji-settings ;; ss conflicts emoji-shortcode ;; bloated, not maintained emojics-wp ;; bloated enable-shortcode-and-php-support-in-text-widget ;; deprecated, bad practice enable-gzip-compression ;; ss conflicts (apache) enhanced-custom-permalinks ;; creates instability, potential seo penalties, bad practice, not maintained ;; wp-envato-market ;; ss conflicts, blocks WordPress from receiving updates/patches (whitelist for now claims to be fixed) ;; envato-market ;; ss conflicts, blocks WordPress from receiving updates/patches (whitelist for now claims to be fixed) envato-wordpress-toolkit ;; deprecated eps-301-redirects ;; exploitable, history of poor coding, excessive logging, better options exist (by WebFactory Ltd) error-log-monitor ;; ss conflicts essential-addons-elementor ;; hacks third-party design products (By WPDeveloper) essential-addons-for-elementor ;; bloated, hacks third-party design products (By WPDeveloper) essential-addons-for-elementor-lite ;; bloated, hacks third-party design products (By WPDeveloper) essential-addons-for-elementor-pro ;; bloated, hacks third-party design products (By WPDeveloper) essential-blocks ;; illegal email spam, selling private data, bloated, hacks third-party design products (By WPDeveloper) et-safe-mode ;; ss conflicts, creates instability, exploitable (Elegant Themes) evolution-google-analytics-code ;; not maintained execution-time ;; php hacks expandable-row-for-beaver-builder ;; hacks third-party design products (by Brainstorm Force) /expander/ ;; deprecated (By Ciprian Popescu) exploit-scanner ;; not maintained export-all-urls ;; malware, resource intensive, not maintained exec-php ;; php hacks /expander/ ;; not maintained, deprecated (by Ciprian Popescu) extend-bundle-widgets ;; not maintained, no public docs, possibly exploitable extended-categories-widget ;; not maintained, creates instability ewww-image-optimizer ;; bloated, resource intensive, generates junk files ewww-image-optimizer-cloud ;; ezpz-one-click-backup ;; deprecated, ss conflicts, resource intensive facebook-for-woocommerce ;; serious errors, history of poor coding (By Facebook via WooCommerce.com) facebook-google-twitter-share ;; not maintained facebook-like-box ;; deprecated (by Marcos Esperon) facebook-like-button ;; deprecated /falcon/ ;; ss conflicts fancier-author-box ;; not maintained (by ThematoSoup) /fancy-box/ ;; not maintained fast-easy-social-sharing ;; not maintained fast-user-switching ;; not maintained, exploitable, creates instability, creates junk files (cookies, SQL) (By Tikweb) fast-velocity-minify ;; ss conflicts fast-wp ;; not maintained, ss conflicts /favorite-post/ ;; serious errors, not maintained (by Tareq Hasan) fb-instant-articles ;; poor coding, serious errors, not maintained (by Facebook and Automattic) /fb-messenger/ ;; deprecated ;; fb-pixel-littlebizzy ;; namespace conflicts (needs to be fixed in future version) featherlight-html-minify ;; ss conflicts /feature-policy/ ;; ss conflicts (by Google) featured-image-admin-thumb-fiat ;; wp core hacks, poor coding, resource intensive, bad practice feedburner-email-subscription ;; deprecated feedburner-setting ;; deprecated (By Jiayu (James) Ji) file-away ;; creates instability, not maintained file-changes-monitor ;; resource intensive, excessive logging, pointless (by nicolly) filebird ;; creates instability, potential data loss (By Ninja Team) filebrowser ;; deprecated /flare/ ;; serious errors, not maintained (By dtelepathy) flexible-shipping-pro ;; fatal errors, poor coding (by WP Desk) floating-social-media-icon ;; bloated, bad practice, spammy, hijacks WP Admin fluid-video-embeds ;; deprecated (By jamie3d) flying-pages ;; resource intensive, better options exist follow-subscribe ;; not maintained font-awesome-4-menus ;; not maintained, deprecated, better options exist /fonts/ ;; bad practice, creates instability; several conflicts with page builders etc footer-javascript ;; not maintained, creates instability force-https ;; ss conflicts force-https-littlebizzy ;; ss conflicts force-ssl-everywhere ;; not maintained force-strong-hashing ;; ss conflicts force-strong-hashing-littlebizzy ;; ss conflicts /frame-buster/ ;; ss conflicts, not maintained (by Warfare Plugins) free-social-media-with-whatsapp ;; not maintained freshizer ;; not maintained, generates junk files (image optimization) full-screen-menu-for-elementor ;; hacks third-party design products full-site-editing ;; ss conflicts, not ready for production sites (Gutenberg full site editing) fuzzy-seo-booster ;; thrashing g1-socials ;; deprecated, no public changelog (By bringthepixel) g-file-merge-minify ;; ss conflicts g-meta-keywords ;; bad practice (keyword stuffing), not maintained (By Sinan Yorulmaz) /ga-in/ ;; bloated, better options exist (copycat by IntelligenceWP) gator-cache ;; ss conflicts genesis-favicon-uploader ;; not maintained, hacks third-party design products genesis-featured-page-extras ;; not maintained, hacks third-party design products (By David Decker) genesis-layout-extras ;; not maintained, hacks other vendor design products (By David Decker / DECKERWEB) getbowtied-tools ;; vendor specific giphypress ;; serious errors, not maintained global-site-tag-tracking ;; better options exist glue-for-yoast-seo-amp ;; soon to be deprecated (By Yoast SEO) gmail-smtp ;; blacklist risk (smtp) gna-google-analytics ;; not maintained go_pricing ;; serious errors, abandoned (by Granth Web) godaddy ;; vendor specific google-1-shortcodes ;; deprecated google-adwords-remarketing ;; deprecated google-analyticator ;; serious errors, history of poor code, poor maintenance, better options exist (By SumoMe) google-analytics-dashboard-for-wp ;; spammy, bloated, serious conflicts, poor coding, tracking, spamware (acquired by WPBeginner) google-analytics-for-mymail ;; not maintained google-analytics-for-wordpress ;; spyware, history of spam/hijacking WP Admin, history of poor code, bloated (Monster Insights) google-analytics-post-pageviews ;; pointless google-author-link ;; deprecated google-authorship ;; deprecated /google-captcha/ ;; scamware, dashboard hijacking, better options exist (BestWebSoft) google-comments ;; deprecated google-content-experiments ;; not maintained, pointless google-for-page ;; deprecated google-importer ;; deprecated google-language-translator ;; exploitable, not maintained, pointless google-listings-and-ads ;; Jetpack honeypot, Automattic propaganda, not necessary to setup Google Merchant center, horrible design, absolutely pointless google-page-badge ;; deprecated google-per-page-tracking-code ;; deprecated (a.k.a. Awords Tracking Code) google-plus-author ;; deprecated google-plus-authorship ;; deprecated (By Martin Lazarov) google-plus-badge ;; deprecated google-plus-badge-widget ;; deprecated, spyware company, poor coding, serious errors, better options exist (MyThemeShop) google-plus-comments ;; deprecated google-plus-google ;; deprecated google-plus-name-link-popup-badge ;; deprecated google-plus-page-badge ;; deprecated google-plus-share-and-plusone-button ;; deprecated google-plus-stream-for-wordpress ;; deprecated google-plus-stream-widget-plugin-for-wordpress ;; deprecated google-plus-widget ;; deprecated google-privacy-policy ;; not maintained google-publisher ;; deprecated google-site-kit ;; bloated, excessive API calls (by Google) google-site-verification-using-meta-tag ;; bad practice, not maintained google-webfont-optimizer ;; not maintained /googleanalytics/ ;; poor maintenance, bloated, excessive API calls, better options exist, spyware (By ShareThis) googleplus-multi-authorship ;; deprecated gonzales ;; ss conflicts gosquared ;; bloated, excessive api calls gosquared-official ;; bloated, excessive api calls, excessive logging gosquared-wordpress-plugin ;; deprecated ;; gotmls ;; ss conflicts (a.k.a. Anti-Malware Security and Brute-Force Firewall) by Eli Scheetz) ;; whitelisted /gp/ ;; deprecated gpltimes ;; seems to cause spinning/thrashing (also, secretive plugin repo that does not disclose ownership) ... might enable again later gppro-export-css ;; not maintained gplus-author-profile ;; deprecated graceful-pull-quotes ;; deprecated (by By Stephen Rider) gravatar-widget ;; deprecated gravatarlocalcache ;; not maintained gregs-high-performance-seo ;; not maintained grisha-gplus-gallery ;; deprecated growmap-anti-spambot-plugin ;; deprecated gumlet ;; ss conflicts gunner-technology-authorship ;; deprecated /gutenberg/ ;; ss conflicts, bloated gwconditionalpricing ;; deprecated (bundled into Gravity Perks plugin) gwtermsofservice ;; deprecated (bundled into Gravity Perks plugin) gzip-ninja-speed-compression ;; deprecated /hammy/ ;; not maintained, better options exist hc-custom-wp-admin-url ;; not maintained, ss conflicts, poor coding, serious errors header-and-footer-scripts ;; poor maintenance, poor code, better options exist header-cleanup ;; ss conflicts header-cleanup-littlebizzy ;; ss conflicts header-footer-elementor ;; hacks third-party design products health-check ;; pointless, creates instability, history of poor coding, potential data loss, now included in wp core heartbeat-control ;; ss conflicts hello-dolly ;; pointless heroic-social-widget ;; not maintained hide-login-page ;; ss conflicts, creates instability hide_my_wp ;; ss conflicts, creates instability, deprecated (By AUB Media) hide-my-wp ;; ss conflicts, creates instability hide-wp-urls ;; ss conflicts, creates instability hierarchical-html-sitemap ;; bad practice (HTML sitemaps unnecessary) hitsteps-visitor-manager ;; bloated, excessive api calls ;; holler-box ;; serious errors, resource intensive, admin-ajax abuse, not maintained host-analyticsjs-local ;; pointless, creates instability (caos analytics) host-webfonts-local ;; pointless, creates instability (caos web fonts) /hsts-ready/ ;; ss conflicts, unclear purpose htaccess ;; ss no support (apache) html-javascript-adder ;; exploitable, bad practice (adds Flash, etc) ...(by Aakash Chakravarthy) /html-minify/ ;; ss conflicts, not maintained html-sitemap ;; bad practice (HTML sitemaps unnecessary) html-sikistir-basit-html-sikistirici ;; ss conflicts http-headers ;; ss conflicts https-image-fixer ;; not maintained, better options exist https-redirection ;; ss conflicts (By Tips and Tricks HQ) hyper-cache ;; ss conflicts hyper-cache-extended ;; ss conflicts hyperdb ;; ss conflicts icon-moon-font-add ;; no public changelog iire-social-icons ;; not maintained imagefocuspoint ;; not maintained imagemagick-engine ;; ss conflicts images-lazyload-and-slideshow ;; not maintained image-optimizer-for-google-lighthouse ;; deprecated image-optimizer-wd ;; resource intensive, creates database junk resize-image-after-upload ;; feature exists in WP Core, acquired by ShortPixel to spam (by ShortPixel) /image-widget/ ;; exists in wp core, not maintained imagify ;; generates junk files improve-pagespeed-today ;; ss conflicts improved-variable-product-attributes ;; bloated, serious errors, bad practice (By XforWooCommerce) inactive-user-deleter ;; data loss inboundio-marketing ;; exploitable /infogram/ ;; pointless index-autoload ;; ss conflicts index-autoload-littlebizzy ;; ss conflicts /infolinks/ ;; not maintained inline-html-css-javascript-minifier ;; ss conflicts insert-google-analytics-tracking-code ;; not maintained insert-php ;; php hacks inspectlet-heatmaps-and-user-session-recording ;; abandoned, utility instant-feedback ;; bloated, not maintained instant-gzip-compression ;; ss conflicts (apache) /intelligence/ ;; excessive API calls, bloated, bad practice (using WP Admin as analytics dashboard) (by LevelTen) intuitive-custom-post-order ;; resource intensive, creates instability ip-blacklist-cloud ;; not maintained, ss conflicts, resource intensive ip-geo-block ;; bloated, excessive logging iq-block-country ;; bloated, excessive logging, bad practice (should be done at DNS level these days) By Pascal / Webence ithemes-sync ;; ss conflicts itr-popup ;; not maintained itro-popup ;; not maintained iwp-client ;; ss conflicts, creates instability (remote managers) jamie-social-icons ;; not maintained jawn-alp ;; previously zox-alp jch-optimize ;; ss conflicts jet-blocks ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jet-blog ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jet-booking ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jet-compare-wishlist ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jet-elements ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jet-engine ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jet-menu ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jet-popup ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jet-reviews ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jet-search ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jet-smart-filters ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jet-style-manager ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jet-tabs ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jet-theme-core ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jet-tricks ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jet-woobuilder ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jetappointment ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jetgridbuilder ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jetformbuilder ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) jetproductgallery ;; serious errors, no public changelog, hacks third party design products (By Crocoblock) /jetpack/ ;; bloated jm-live-blog ;; not maintained, resource intensive jonimo-simple-redirect ;; not maintained, better options exist (by Jonimo ?? anonymous) jquery-image-lazy-loading ;; not maintained jr-referrer ;; deprecated, exploitable js-css-script-optimizer ;; creates instability js_composer_theme ;; modified (nulled?) version of WP Bakery js-composer-qtranslate-x ;; not maintained, database thrashing jsm-force-ssl ;; better options exist jumpple ;; active malware (Sweet Captcha plugin under new name) just-image-optimizer ;; creates junk files kd-google-plus-badge ;; deprecated kn-social-slide ;; not maintained kocuj-sitemap ;; bad practice (HTML sitemaps unnecessary) kv-send-email-from-admin ;; not maintained, bad practice last-modified-timestamp ;; ss conflicts /launcher/ ;; spyware company, poor coding, serious errors, better options exist (MyThemeShop) laravel-dd ;; ss conflicts, not maintained LayerSlider ;; bloated, error prone, history of poor code, exploitable /lazy-load/ ;; not maintained lazy-widget-loader ;; not maintained ldw-clean ;; not maintained /leadpages/ ;; database thrashing, deprecated, creates instability, no public changelog, bad practice (new version but same folder name? impossible to know version?) leverage-browser-caching ;; ss conflicts, bad practice (By Rinku Yadav) lh-sitemaps ;; bad practice (HTML sitemaps unnecessary) /lightbox-gallery/ ;; serious errors, poor coding, not maintained (Lightbox Gallery by Hiroaki Miyashita) lightboxkiller ;; not maintained, no public docs lightweight-html-minify ;; ss conflicts /likes/ ;; bloated, no public docs /limit-attempts/ ;; ss conflicts, resource intensive limit-heartbeat ;; ss conflicts limit-heartbeat-littlebizzy ;; ss conflicts limit-login-attempts ;; not maintained, excessive logging limit-login-attempts-reloaded ;; excessive logging, ss conflicts link-first-image-to-post ;; malware company (Pipdig) link-to-telegram ;; abandoned link-to-url-post ;; not maintained, bizarre code linkman ;; blackhat seo, deprecated linkpatrol ;; resource intensive, no public changelog litespeed-cache ;; ss conflicts (litespeed) live-weather-station ;; pointless, resource intensive loading-page ;; bloated, bad idea local-emoji ;; pointless, ss conflicts loco-translate ;; pointless, creates instability, potential data loss logbook ;; excessive logging login-lockdown ;; excessive logging ;; login-recaptcha ;; pointless, bloated, ss conflicts (By Robert Peake) login-security-solution ;; creates instability, excessive logging, not maintained login-wall ;; exploitable loginpress ;; bloated, exploitable, bad practice (e.g. requires license for login page to work), hijacks wp core (By WPBrigade) loginwall-for-wp-beta ;; exploitable /log-viewer/ ;; ss conflicts luminpop ;; deprecated (a.k.a. Lumin Popover by Lumin Apps) /machete/ ;; ss conflicts /mailchimp/ ;; deprecated, political censorship mailchimp-for-woocommerce ;; serious errors, resource intensive, poor coding, better options exist, political censorship mailchimp-forms-by-mailmunch ;; spyware, political censorship, bloated (By Mailmunch) mailster-multi-smtp ;; blacklist risk (smtp) /maintenance-mode/ ;; ss conflicts maintenance-mode-littlebizzy ;; ss conflicts mainwp ;; ss conflicts, creates instability (MainWP) mainwp-child ;; ss conflicts, creates instability (MainWP) manual-image-crop ;; cant remember why mashshare-fblikebar ;; bloated, third-party cookies (By René Hermenau) ;; mashshare-google-analytic ;; pointless mashshare-pageviews ;; excessive logging, resource intensive (By René Hermenau) mashshare-likeaftershare ;; bloated, third-party cookies (By René Hermenau) maven-algolia ;; not maintained mavis-https-to-http-redirect ;; bad idea, not maintained max-file-size ;; php hacks maxblogpress-subscribers-magnet ;; deprecated (a.k.a. sbmg) mayo-login-screen ;; hijacks wp core, bad practice, creates instability, not maintained (By Passion In Design) mc-w3tc-minify-helper ;; ss conflicts mcafee-secure ;; ss conflicts, copyright issues, pointless media-file-manager ;; creates instability, no public docs media-file-renamer ;; creates instability, resource intensive, bad practice media-from-ftp ;; bad practice (caters to poorly configured servers, risks conflict with wp core) By Katsushi Kawamori /memcached/ ;; ss conflicts merge-minify-refresh ;; ss conflicts merge-minify-refresh-clear-caches ;; ss conflicts meta-generator-and-version-info-remover ;; ss conflicts, bizarre code meta-tag-manager ;; pointless, not maintained metronet-embed-google-plus ;; deprecated metronet-reorder-posts ;; creates instability, potential data loss, resource intensive micropoll ;; not maintained migrate-guru ;; vendor specific mihan-wp-cache ;; ss conflicts mime-types-plus ;; ss conflicts, exploitable, pointless minify-html ;; ss conflicts minify-html-littlebizzy ;; ss conflicts minimal-coming-soon-maintenance-mode ;; exploitable, political censorship (only accepts MailChimp), history of poor code (by WebFactory) miniorange-2-factor-authentication ;; no public changelog, poor coding miniorange-2-factor-authentication-premium ;; no public changelog, poor coding miniorange-limit-login-attempts ;; excessive logging miwoftp ;; exploitable mixpanel-integration ;; not maintained mobius-conversion-tracker ;; not maintained mojo-marketplace-wp-plugin ;; vendor specific monsterinsights-performance ;; excessive logging moon-phases ;; not maintained (Joe's Web Tools) mouseflow-for-wordpress ;; bloated, excessive api calls, bad practice (login to their site instead) by Mouseflow /mp6/ ;; deprecated, exists in wp core mts-url-shortener ;; spyware company, poor coding, serious errors, better options exist (MyThemeShop) multi-google-analytics ;; bloated, not maintained, bad practice multipurpose-sliders ;; deprecated, serious errors, no public docs (a.k.a. iWorks Sliders by Marcin Pietrzak) my-custom-css ;; serious errors, not maintained, better options exist my-custom-functions ;; ss conflicts (alternative one exists as MU plugin already), bad practice (PHP functions should not be stored as SQL queries) By Space X-Chimp my-database-admin ;; bad practice, creates instability, likely exploitable my-simple-space ;; ss conflicts my-smtp-wp ;; blacklist risk (smtp) my-wp-backup ;; ss conflicts, spyware company, poor coding, serious errors, better options exist (MyThemeShop) my-wp-fast ;; ss conflicts my-wp-translate ;; spyware company, poor coding, serious errors, better options exist (MyThemeShop) mycurator ;; pointless, spammy, bad practice, resource intensive mymail-multi-smtp ;; blacklist risk (smtp) myreviewplugin ;; deprecated mythemeshop-connect ;; spyware company, serious errors, poor coding, extortion ware, better options exist (MyThemeShop) mythemeshop-theme-customizer ;; spyware company, serious errors, poor coding, better options exist (MyThemeShop) mywebtonet-performancestats ;; resource intensive native-lazyload ;; serious errors, creates instability, experimental software (By Google) native-emoji ;; bloated nazy-load ;; creates instability (overwrites paths), ss conflicts (By Gijo Varghese) new-google-plus-badge ;; deprecated new-google-plus-badge-widget ;; deprecated news-ticker-tj ;; not maintained, serious errors newstatpress ;; excessive logging, resource intensive nginx-cache-optimizer ;; ss conflicts nginx-champuru ;; ss conflicts nginx-compatibility ;; ss conflicts, not maintained nginx-helper ;; ss conflicts nginx-mobile-theme ;; ss conflicts nifty-backups ;; unsafe local archives, resource intensive, not maintained (By NickDuncan) nm404 ;; creates instability no-external-links ;; pointless no-revisions ;; not maintained, pointless (after WP 4.x) no-self-ping ;; ss conflicts /nofollow/ ;; serious errors, creates instability, not maintained nofollow-for-external-link ;; bad practice, not maintained, serious errors nxs-snap-pro-upgrade ;; serious errors, no longer relevant (NextScripts: SNAP Pro Upgrade Helper) o3-social-share ;; not maintained ocean-elementor-widgets ;; hacks third-party design products (By OceanWP) odihost-easy-redirect-301 ;; not maintained, potential serious errors (does not remove data on deactivation) official-facebook-pixel ;; serious errors, history of poor coding, better options exist (Official Facebook Pixel via GitHub) official-statcounter-plugin-for-wordpress ;; serious errors ol_scrapes ;; blackhat seo, copyright issues, no public docs one-click-child-theme ;; deprecated onesignal-free-web-push-notifications ;; spyware, history of exploits, bad for reputation, soon blocked by default in Chrome/Firefox/etc onlywire ;; idk onlywire-bookmark-share-button ;; not maintained, serious errors /opcache/ ;; ss conflicts, not maintained optimize-javascript ;; ss conflicts optimize-scripts-styles ;; ss conflicts optimizely ;; not maintained optimizely-x ;; not maintained optimizemember ;; alt spelling optimizeMember ;; requires OptimizePress (banned) optimizepress ;; bloated, serious errors, creates instability, potential data loss optimizePressPlugin ;; bloated, serious errors, creates instability, potential data loss optimizePress ;; bloated, serious errors, creates instability, potential data loss optimole-wp ;; excessive api calls, bloated optimus ;; resource intensive, poor coding /options-manager/ ;; not maintained outtatimr ;; deprecated /oxygen/ ;; creates instability, content lock-in, theme-specific page builder, hijacks wp core p3-profiler ;; not maintained, serious errors page-bundle ;; database thrashing, no public changelog (By Pablo Cruz Digital) page-links-to ;; not maintained, poorly coded, bad practice (redirects should not conflict with permalink system/database) page-or-post-clone ;; not maintained, better options exist page-sitemap ;; not maintained, bad practice (HTML sitemaps unnecessary) page-speed ;; ss conflicts, not maintained page-tagger ;; not maintained, pointless page-views-count ;; excessive logging pagefrog ;; not maintained pageloader-by-bonfire ;; bad practice /pageviews/ ;; pointless, resource intensive pantheon-advanced-page-cache ;; vendor specific parallelize-downloads ;; deprecated parallel-loading-system ;; deprecated parrallelize ;; deprecated PartnerPal ;; poor coding, not maintained, no public docs (Google Tag Manager, etc) pb-responsive-images ;; not maintained pc-google-analytics ;; deprecated pdf-viewer-for-wordpress ;; not maintained (ThemeNcode) pdf-viewer-for-wordpress-visual-composer-addon ;; not maintained (ThemeNcode) pegasaas ;; ss conflicts pegasaas-accelerator-wp ;; ss conflicts per-page-add-to ;; bad practice, not maintained, creates instability perfectdashboard ;; ss conflicts, bad practice perfmatters ;; bloated, stolen code, ss conflicts performance-optimization-order-styles-and-javascript ;; not maintained performance-tester ;; not maintained, resource intensive permalink-finder ;; creates instability, bad practice permalink-manager ;; creates instability, bad practice (overwrites permalinks in database even when disabled) By Maciej Bis permalink-manager-pro ;; creates instability, bad practice (overwrites permalinks in database even when disabled) By Maciej Bis permalink-modifier ;; deprecated, exists in wp core already peters-literal-comments ;; not maintained, possible database thrashing (By Peter Keung) peters-login-redirect ;; exploitable, bad practice (By Peter Keung) phastpress ;; ss conflicts photo-express-for-google ;; deprecated photomix ;; resource intensive php-code-for-posts ;; deprecated, php hacks php-code-widget ;; php hacks php-settings ;; php hacks php-text-widget ;; php hacks, not maintained phpmyadmin ;; exploitable, creates instability picasa-express-x2 ;; deprecated piio-image-optimization ;; bloated, creates junk files pilotpress ;; serious errors, poor coding (By Ontraport) pinterest-pin-it-button ;; not maintained (by Phil Derksen) pipdig ;; malware company (Pipdig) pipdig-cookie-banner ;; malware company (Pipdig) pipdig-custom-credit ;; malware company (Pipdig) pipdig-snapcode-widget ;; malware company (Pipdig) pipdisqus ;; malware company (Pipdig) pirate-forms ;; not maintained, spamware (WPForms), smtp blacklist risk pj-object-cache-red ;; ss conflicts (Reids Object Cache by PressJitsu) pj-page-cache-red ;; ss conflicts (Redis Page Cache by PressJitsu) platinum-seo-pack ;; excessive logging (By Techblissonline.com (Rajesh)) plugin-blacklist ;; ss conflicts plugin-blacklist-littlebizzy ;; ss conflicts plugin-output-cache ;; not maintained /postie/ ;; ss conflicts, post via email pods-alternative-cache ;; ss conflicts /poll-plugin/ ;; serious errors, no public docs (Responsive Poll by Weblator) /popup-manager/ ;; not maintained popups-for-divi ;; hacks third-party design products (By Divimode) portable-phpmyadmin ;; deprecated, exploitable, creates instability post-expirator ;; not maintained post-types-order ;; creates instability, pointless, resource intensive, creates instability, potential data loss post-hit-counter ;; excessive logging post-views-counter ;; excessive logging /postman-smtp/ ;; deprecated posts-analysis ;; bloated, excessive logging posts-by-tag ;; abandoned, serious errors (by Sudar) powered-cache ;; ss conflicts powerpack-elements ;; hacks third-party design products (By IdeaBox) premium-addons-for-elementor ;; hacks third-party design products (By Leap13) pre-publish-checklist ;; pointless (by Brainstorm Force) pressbackup ;; deprecated, resource intensive, ss conflicts propellerads-official ;; serious errors, possible malware/spyware publishvault ;; remote managers, creates instability, generates database junk purge-cache-for-cloudflare ;; not maintained, ss conflicts purge-cloud-flare ;; ss conflicts purge-varnish ;; ss conflicts pushlive ;; not maintained (By 1 Squared, Jamin Szczesny) /premise/ ;; deprecated (merged to rainmaker platform) psn-pagespeed-ninja ;; ss conflicts pt-instant ;; deprecated purchased-items-column-woocommerce ;; malware company (Pipdig) pushengage ;; resource intensive qards ;; closed-source page builder, serious errors, bad practice (only supports its own custom post types?) qode-instagram-widget ;; not maintained, serious errors, no public docs query-string-remover-from-static-resources ;; ss conflicts quick-pagepost-redirect-plugin ;; not maintained, bizarre code, bad practice, better options exist /quick-sharing/ ;; better options exist qtranslate-x ;; database thrashing, deprecated, serious errors simple-image-sizes ;; not maintained, creates instability, potential resource intensive (By Rahe) rank-checker-by-surfing-panda ;; not maintained /raptor/ ;; malware company (Pipdig) rc-site-map ;; bad practice (HTML sitemaps unnecessary) reachedge ;; serious errors (404 errors), poor coding, not maintained /react/ ;; not maintained react-and-share ;; bloated read-meter ;; pointless (by Brainstorm Force)https://reclaimthenet.org/twitter-locked-out-grabien-media-account-for-quoting-a-congressman-andy-briggs/ real-time-find-and-replace ;; thrashing, js hacks really-simple-ssl ;; bloated, ss conflicts, better options exist really-simple-twitter-feed-widget ;; deprecated recaptcha-in-wp-comments-form ;; serious errors, not maintained (By Joan Miquel Viadé) /recent-tweets-widget/ ;; poor coding, serious errors, better options exist redirect-to-404 ;; not maintained /redirection/ ;; excessive logging, better options exist ;; redis-cache ;; ss conflicts (By Till Kruss) redis-http-cache ;; ss conflicts redis-https-cache ;; ss conflicts redis-object-cache ;; ss conflicts Redis-Object-Cache ;; ss conflicts redis-wp-cache ;; ss conflicts related-posts-by-zemanta ;; deprecated, resource intensive related-posts-for-wp ;; resource intensive related-ways-to-take-action ;; deprecated (By Social Actions) remove-author-pages ;; not maintained, better options exist remove-category-url ;; poor coding (By Valerio Souza, Сreativemotion) remove-google-analytics-comments ;; pointless, not maintained /remove-ip/ ;; not maintained remove-query-strings ;; ss conflicts remove-query-strings-from-static-resources ;; ss conflicts remove-query-strings-littlebizzy ;; ss included remove-yoast-seo-comments ;; pointless, better options exist (e.g. minify HTML plugins) rename-wp-login ;; ss conflicts, creates instability, not maintained rename-xml-rpc ;; ss conflicts /replyme/ ;; not maintained /reporting-api/ ;; excessive logging, pointless (by Google) /repress/ ;; deprecated reset-wp ;; ss conflicts, potential data loss, deprecated resmushit-image-optimizer ;; creates instability, potential data loss, resource intensive, better options exist responsive-add-ons ;; exploitable, hacks third-party design products (by CyberChimps) responsive-video-shortcodes ;; deprecated (by Felix Arntz) /rest-api/ ;; exists in wp core, not maintained restricted-site-access ;; excessive logging revslider ;; bloated, poor code, history of exploits /rewrite/ ;; not maintained, ss conflicts (By takien) ricg-responsive-images ;; not maintained rich-reviews ;; exploitable, deprecated rich-text-excerpts ;; not maintained, creates instability robin-image-optimizer ;; creates junk files, bad practice (small CDN team) By Webcraftic rocket-lazy-load ;; ss conflicts root-cookie ;; not maintained rs-head-cleaner-lite ;; deprecated rs-social-sidebar ;; not maintained rss-post-importer ;; resource intensive, copyright issues, seo penalties rsvpmaker ;; bad practice (tries to do too much e.g. billing), political censorship (only supports MailChimp) By David F. Carr rvg-optimize-database ;; ss conflicts rw-quick-page-and-post-redirects ;; bad practice saksh-wp-smtp ;; blacklist risk (smtp) salt-shaker ;; ss conflicts sar-friendly-smtp ;; blacklist risk (smtp) scripts-n-styles ;; not maintained, bad practice (no central settings to manage assets) By unFocus Projects scripts-to-footerphp ;; creates instability, bad practice search-by-algolia-instant-relevant-results ;; deprecated search-console ;; excessive API calls, bad practice (login to GSC instead) ;; By Tropicalista secupress ;; excessive logging secure-html5-video-player ;; serious errors, not maintained /seed-social/ ;; not maintained /segmentio/ ;; deprecated, serious errors selfhost-google-fonts ;; pointless, creates instability, several conflicts with page builders etc sem-author-image ;; not maintained, better options exist semrush-seo-writing-assistant ;; poor coding, database thrashing, resource intensive, excessive API calls, pointless send-email-from-admin ;; not maintained, possibly exploitable sendgrid-email-delivery-simplified ;; does not work as of Jan 2021, serious errors, not maintained (By SendGrid) SenestreGDPR ;; better options exist, no public changelog seo-advicer ;; pointless (By ScorpionGod Lair) seo-auto-links ;; not maintained seo-automated-link-building ;; resource intensive, bad practice seo-automatic-links ;; not maintained seo-alrp ;; blackhat seo, pointless, not maintained seo-booster ;; excessive logging, resource intensive seo-by-rank-math ;; poor coding, serious errors, no public docs seo-images-that-work ;; pointless, not maintained seo-monitor ;; excessive logging seo-optimized-images ;; pointless, too limited seo-optimized-share-buttons ;; excessive logging, not maintained seo-rank-analyser ;; not maintained /seo-redirection/ ;; bloated, excessive logging (By Fakhri Alsadi) seo-redirection-premium ;; spammy, better options exist (by Clogica) servebolt-optimizer ;; vendor specific server-status ;; ss conflicts server-status-littlebizzy ;; ss conflicts sftp-details ;; ss conflicts sftp-details-littlebizzy ;; ss conflicts sg-cachepress ;; vendor specific, ss conflicts /share-button/ ;; excessive logging share-center-pro ;; not maintained shareaholic ;; adware, spyware, excessive logging sharebar ;; not maintained /sharify/ ;; not maintained, better options exist sharing-is-caring ;; not maintained shipper ;; vendor specific, bloated, requires dependencies, spamware (by WPMU Dev) shopbop-widget ;; database thrashing shopkeeper-typekit-fonts ;; vendor specific, error prone shortcode-emojis ;; bloated /shortcode-ui/ ;; serious errors, better options exist (By Fusion Engineering and community) shortpixel ;; bloated, generates junk files, resource intensive, potential broken file structure shortpixel-image-optimiser ;; bloated, generates junk files, resource intensive, potential broken file structure show-google-analytics-widget ;; pointless showgplus ;; deprecated si-captcha-for-wordpress ;; spamware, deprecated ;; simple-301-redirects ;; exploitable (malware), By WPDeveloper similar-posts ;; database thrashing simple-adblock-notice ;; bloated, not maintained, creates instability (By Shrinivas Naik) simple-cache ;; ss conflicts simple-chat ;; not maintained simple-custom-post-order ;; creates instability, resource intensive similar-posts ;; resource intensive simple-embed-code ;; thrashing, resource intensive, bad practice simple-emoji-reactions ;; bloated, not maintained simple-google-analytics ;; creates instability (hosts web scripts locally) simple-google-analytics-manager ;; not maintained simple-google-analytics-tracking ;; not maintained simple-google-plus-badge-widget ;; deprecated simple-google-plus-profile-badge-widget ;; deprecated simple-google-recaptcha ;; serious errors, history of poor code (By Michal Novák) simple-include ;; not maintained, php hacks simple-instagram-embed ;; deprecated, exists in WP Core (By Mattias Hedman) simple-ip-ban ;; excessive logging, bad practice (should be done in WAF firewall or in front of server) by Sandor Kovacs simple-login-log ;; not maintained, potential excessive logging (not too bad currently) By Max Chirkov simple-page-ordering ;; creates instability simple-post-thumbnails ;; deprecated simple-share-buttons-adder ;; serious errors simple-site-map-page ;; bad practice (HTML sitemaps unnecessary) /simple-sitemap/ ;; pointless, must pay for correct functionality simple-social-buttons ;; exploitable, excessive logging, better options exist simple-social-share ;; not maintained /simple-urls/ ;; not maintained, excessive logging, bad practice (hard-codes URL prefix) simply-sitemap ;; bad practice (HTML sitemaps unnecessary) simple-stripe-payments ;; better options exist (by Brainstorm Force) simple-wp-sitemap ;; bad practice (HTML sitemaps unnecessary) single-author-g-meta ;; deprecated single-category-permalink ;; not maintained, creates instability sis-social-share ;; not maintained site-speed-monitor ;; pointless siteground-migrator ;; vendor specific sitelock ;; bloated, ss conflicts /sitemap/ ;; deprecated sitemap-page-embed ;; not maintained, bad practice (HTML sitemaps unnecessary) sitemap-simple ;; bad practice (HTML sitemaps unnecessary) sitemap-with-woocommerce ;; bad practice (HTML sitemaps unnecessary) sitespeed ;; malware (as per Sucuri report) sitewide-message ;; not maintained sitewide-notice-twdh ;; deprecated, poor coding, no public changelog, better options exist (By The Web Design Hub) skype-online-status ;; deprecated skysa-google-1-app ;; deprecated slick-popup ;; deprecated, exploitable, authors ignored WordFence reports (by Om Ak Solutions) sm_rssplugin ;; fatal errors, not maintained sm-google-plus ;; deprecated smooth-page-scroll-updown-buttons ;; not maintained smtp-mail ;; blacklist risk (smtp) smtp-mailer ;; blacklist risk (smtp) smtp-mailing-queue ;; not maintained sn-google-plus ;; deprecated snapshot ;; unsafe local archives (by WPMU Dev) social-discussions ;; not maintained social-fblog ;; not maintained social-glutton ;; not maintained social-impact-widget ;; not maintained social-media-feather ;; not maintained, potential excessive logging social-locker-content ;; not maintained social-network-user-detection ;; pointless, not maintained social-networks-auto-poster ;; serious errors, no longer relevant (Nextscripts) social-networks-auto-poster-facebook-twitter-g ;; serious errors, no longer relevant (Nextscripts) social-networks-facebooktwittergoogle ;; not maintained social-pug ;; excessive logging social-warfare ;; exploitable (March 2019), excessive logging social-warfare-pro ;; exploitable (March 2019), excessive logging SocialBuzz ;; excessive logging, not maintained (envato) socialize-plugin ;; serious errors, no public docs socials-ignited ;; not maintained solid-code-theme-editor ;; deprecated, feature exists in WP Core (by Dagan Lev) sosh-icons ;; not maintained speed-booster-pack ;; ss conflicts speed-demon-littlebizzy ;; ss conflicts (temporary) speed-up-optimize-css-delivery ;; creates instability, bad practice (do not async CSS, use Inline Styles free plugin instead) spider_blocker ;; no public docs, blackhat seo squirrly-seo ;; bloated, excessive logging, excessive api calls sr-wp-minify-html ;; ss conflicts, not maintained st-social-links ;; not maintained stars-smtp-mailer ;; blacklist risk (smtp) statcounter-popular-posts ;; pointless, not maintained static-html-output-plugin ;; ss conflicts statify ;; excessive logging statpress ;; deprecated, excessive logging statpress-reloaded ;; deprecated, excessive logging statpress-visitors ;; deprecated, excessive logging /stock-ticker/ ;; pointless, resource intensive stop-user-enumeration ;; ss conflicts storefront-header-picker ;; bad practice, hacks third-party design products, poor coding storefront-product-pagination ;; deprecated storefront-product-sharing ;; not maintained, serious errors storefront-sticky-add-to-cart ;; deprecated /stream/ ;; excessive logging strx-simple-sharing-sidebar-widget ;; not maintained subscribe2 ;; spyware (via Appsero), better options exist (By weMail) sucuri ;; ss conflicts, bloated sucuri-scanner ## ss conflicts, bloated sumome ;; bloated, not maintained, very poor performance, serious errors, history of poor maintenance /sunny/ ;; ss conflicts super-emoji-plus ;; bloated, not maintained super-simple-social-media-widget ;; not maintained super-static-cache ;; ss conflicts /supersonic/ ;; ss conflicts SupportCenterMUAutoloader.php ;; (Elegant Themes) surbma-smtp ;; blacklist risk (smtp) surbma-yoast-seo-sitemap-to-robotstxt ;; bad practice, hacks other vendors sweetcaptcha ;; active malware sweetcaptcha-revolutionary-free-captcha-service ;; active malware swift-performance ;; bloated, ss conflicts switch-to-astra ;; bad practice (by Brainstorm Force) sx-easy-going-smtp ;; blacklist risk (smtp) syntaxhighlighter ;; exploitable, abandoned (by Alex Mills) target-notifications ;; political censorship (only supports MailChimp) By Simple Plugins /taxonomy-metadata/ ;; not maintained (By mitcho) taxonomy-terms-order ;; hijacks wp core, creates instability (By Nsp-Code) tco-google-analytics ;; no public changelog (By ThemeCO) td-social-counter ;; not maintained, possible excessive logging (TagDiv Social Counter) technoscore-bing-conversion-tracking ;; pointless (generic snippet function), not maintained (by Technoscore) temporary-login-without-password ;; exploitable, pointless tentblogger-optimize-wordpress-database-plugin ;; not maintained tenweb-speed-optimizer ;; ss conflicts term-management-tools ;; not maintained, creates instability, potential data loss /testimonials/ ;; poor coding, no public changelog (E2W Plugins whitelabel) tevik-minimized ;; ss conflicts tfm-google-product-feed ;; abandoned, serious errors (by Themes For Me) thank-me-later ;; not maintained, probably a bad idea the-loading-bar ;; not maintained, bad practice the-open-graph-protocol ;; not maintained the-preloader ;; bad practice, serious errors (By Alobaidi) theme-my-login ;; hijacks wp admin, creates instability, history of poor coding, serious errors themediv-social-widget ;; not maintained themetrust-social ;; not maintained, no public changelog, better options exist thrive-ab-page-testing ;; excessive logging, creates instability thrive-clever-widgets ;; exploitable, hijacks wp core, bad practice, poor coding, better options exist thrive-comments ;; excessive logging, creates instability, feature exists in wp core thrive-headline-optimizer ;; excessive logging, pointless (does not take into account Google cache delay, etc) thrive-intercom-beta ;; deprecated, not for production servers thrive-leads ;; exploitable, fatal errors, excessive logging, resource intensive, possibly exploitable thrive-ovation ;; poor coding, serious errors, no public changelog, better options exist (by Thrive Themes) thrive-product-manager ;; all kinds of problems with their plugins for many years thrive-ultimatum ;; exploitable, excessive logging, poor coding, serious errors, no public docs thrive-visual-editor ;; exploitable, fatal errors, private page builder, resource intensive (Thrive Architect a.k.a. Thrive Content Builder) thrive-quiz-builder ;; exploitable, poor coding, hijacks wp admin, excessive logging (By Thrive Themes) thinkific-uploader ;; looks to be exploitable thirstyaffiliates ;; database thrashing, resource intensive, poor coding (by Rymera Web) thirstyaffiliates-pro ;; database thrashing, resource intensive, poor coding (by Rymera Web) timed-content-for-beaver-builder ;; hacks third-party design products (by Brainstorm Force) timeline-for-beaver-builder ;; hacks third-party design products (by Brainstorm Force) timthumb ;; exploitable timthumb-vulnerability-scanner ;; not maintained tinymce-custom-styles ;; creates instability title-remover ;; deprecated toolbar-extras-oxygen ;; hacks other vendor products toolkit-for-envato ;; serious errors, not maintained ToolsPack ;; active malware /top-10/ ;; excessive logging (By Ajay D'Souza) total-archive-by-fotan ;; not maintained, ss conflicts, resource intensive, unsafe local archives total-donations ;; exploitable, not maintained totaldonations ;; exploitable, not maintained tracemyip ;; ss conflicts, resource intensive, excessing logging tracemyip-visitor-analytics-ip-tracking-control ;; ss conflicts, resource intensive, excessing logging turbosmtp ;; blacklist risk (smtp) tw-pagination ;; not maintained, better options exist (By Igor Vučković) tweet-blender ;; not maintained /tweet-this/ ;; deprecated /tweetable/ ;; not maintained, serious errors types-access ;; deprecated /twitter/ ;; deprecated uber-login-logo ;; not maintained uji-countdown ;; serious errors, not maintained ultimate-addons-for-beaver-builder ;; creates instability, hacks another add-on plugin, no public docs ultimate-addons-for-beaver-builder-lite ;; hacks third-party design products (by Brainstorm Force) ultimate-carousel-for-elementor ;; hacks third-party design products (By Nasir Ahmad) Ultimate_VC_Addons ;; hacks third-party design products (by Brainstorm Force) ultimate-elementor ;; hacks third-party design products (By Brainstorm Force) ultimate-facebook-comments-email-notify ;; not maintained ultimate-member ;; exploitable, hijacks wp core, only supports MailChimp (political censorship) By Ultimate Member ;; um-mailchimp ;; um-mycred ;; um-profile-completeness ;; um-social-login ultimate-security-checker ;; not maintained, serious errors, unclear purpose ultimate-reset ;; ss conflicts, potential data loss ultimate-social-media-icons ;; excessive logging ultimate-social-media-plus ;; hijacks wp admin, excessive logging, excessive API calls, bloated (By social share pro) ultimate-wp-reset ;; ss conflicts, potential data loss unlimited-elements-for-elementor ;; hacks third-party design products (By Unlimited Elements) unlist-posts ;; creates instability (by Brainstorm Force) /unyson/ ;; spammy, serious errors, excessive resource usage, better options exist update-alt-attribute ;; not maintained, creates instability (cannot be removed), bad practice uploadify ;; exploitable upress ;; vendor specific use-any-font ;; bad practice, creates instability, several conflicts with page builders etc use-google-libraries ;; creates instability, not maintained user-login-history ;; excessive logging usm-premium ;; excessive logging (ultimate-social-media-icons) varnish-http-purge ;; ss conflicts vaultpress ;; ss conflicts vc_clipboard ;; hacks third-party design products, poor coding (By bitorbit) aka Visual Composer Clipboard vcaching ;; ss conflicts vcp-events ;; deprecated versionpress ;; ss conflicts, resource intensive /versions/ ;; ss conflicts, not maintained very-simple-password ;; not maintained vevida-optimizer ;; ss conflicts, creates instability viber-spy-pro ;; spyware, no public docs viberspypro ;; spyware, no public docs video-embed-optimizer ;; not maintained vihv-speed-up ;; not maintained virtual-robotstxt ;; ss conflicts virtual-robotstxt-littlebizzy ;; ss conflicts visitor-stats-widget ;; not maintained, excessive logging visitors-traffic-real-time-statistics ;; bloated, excessive logging vm-backups ;; not maintained, ss conflicts, resource intensive, unsafe local archives vsf-simple-stats ;; deprecated, excessive logging w3-total-cache ;; bloated, ss conflicts, serious errors warm-cache ;; resource intensive, ss conflicts /wassup/ ;; excessive logging, not maintained way2enjoy-compress-images* ;; deprecated, malware? wc-cancel-order ;; creates instability wc-password-strength-settings ;; exploitable, not maintained, serious errors, pointless (should be WP-level) we-minify-html ;; ss conflicts webcraftic-updates-manager ;; creates instability (blocks security updates) webp-converter-for-media ;; creates instability (changes file paths), potential data loss webp-express ;; creates instability (changes file paths), potential data loss webriti-smtp-mail ;; not maintained website-blacklist-monitor ;; pointless, should not be plugin webzunder ;; deprecated, not maintained wedesin-html-sitemap ;; not maintained, bad practice (HTML sitemaps unnecessary) wesafe ;; vendor specific (upress) whoosh-traffic ;; not maintained white-label-cms ;; creates instability, hurts security, better options available wicked-folders ;; creates instability, resource intensive (ajax) widget-title-links ;; not maintained (by @ragulka on GitHub) widgets-controller ;; not maintained, serious conflicts (by IndiaNIC) widgplus-google-widget ;; deprecated winsite-image-optimizer ;; creates instability wistia-wordpress-oembed-plugin ;; serious errors, outdated code, not maintained wordpress-23-related-posts-plugin ;; resource intensive wordpress-database-reset ;; exploitable, history of poor code, not for production (by WebFactory) wordpress-extended-content-analysis-yoast ;; not maintained, resource intensive, hacks other vendors, pointless wordpress-facebook-like-plugin ;; deprecated wordpress-firewall-2 ;; ss conflicts, creates instability wordpress-gzip-compression ;; ss conflicts, not maintained, bad practice (Gzip should be server-level) wordpress-mu-domain-mapping ;; ss conflicts wordpress-popular-posts ;; resource intensive woo-confirmation-email ;; exploitable, poor coding woo-gutenberg-products-block ;; ss conflicts, serious errors woodojo ;; deprecated woocommerce-abandoned-cart ;; exploitable, poorly coded, serious errors woocommerce-admin ;; resource intensive, poor coding, serious conflicts with other scripts, not yet stable woocommerce-ajax-filters ;; exploitable (spam links), serious errors, bloated, database thrashing, history of poor coding and exploits (By BeRocket) woocommerce-checkout-field-modifier ;; spyware company, poor coding, serious errors, better options exist (MyThemeShop) woocommerce-jetpack ;; bloated, creates instability, serious errors, bad practice woocommerce-jquery-cookie-fix ;; unstable woocommerce-login-and-registration ;; hijacks wp core functions, creates instability, potentially exploitable (By phoeniixx) woocommerce-products-already-added-to-cart-or-purchased ;; spyware company, poor coding, serious errors (MyThemeShop) woocommerce-product-archive-customiser ;; not maintained, creates instability, serious errors (By jameskoster) woocommerce-product-mirroring ;; database thrashing, no public changelog (By Pablo Cruz Digital) woocommerce-qtranslate-x ;; not maintained, database thrashing woocommerce-services ;; ss conflicts, bloatware, spamware wonderm00ns-simple-facebook-open-graph-tags ;; serious errors woocommerce-social-media-share-buttons ;; not maintained woocommerce-vendor-stores ;; serious errors woocommerce-wholesale-lead-capture ;; database thrashing, resource intensive, poor coding (by Rymera Web) woocommerce-wholesale-prices ;; database thrashing, resource intensive, poor coding (by Rymera Web) woocommerce-wholesale-prices-premium ;; database thrashing, resource intensive, poor coding (by Rymera Web) woocommerce-wholesale-order-form ;; database thrashing, resource intensive, poor coding (by Rymera Web) woocommerce-zoomifier ;; deprecated, serious errors, js conflicts, better options exist woosidebars ;; not maintained (By WooCommerce) woosidebars-sbm-converter ;; deprecated woothemes-updater ;; deprecated wordfence ;; bloated, political censorship (disabled security for paying Russian customers) wordfence-login-security ;; ss conflicts wordpress-extended-content-analysis-yoast ;; pointless, not maintained wordpress-faq-manager ;; serious errors, not maintained (by Andrew Norcross) wordpress-firewall-2 ;; deprecated wordpress-hit-counter ;; not maintained, excessive logging wordpress-https ;; better options exist wordpress-gzip-compression ;; ss conflicts wordpress-ping-optimizer ;; pointless wordpress-popular-posts ;; thrashing, resource intensive wordpress-redis-backend ;; ss conflicts wordpress-rss-multi-importer ;; deprecated wordpress-seo-premium ;; spyware, exploitable, bad practice (e.g. auto-301), bloated, excessive logging, excessive API calls (aka Yoast SEO Premium) /wordpress-starter/ ;; vendor specific (SiteGround), pointless wordpresscom-popular-posts ;; not maintained, bloated dependencies work-the-flow-file-upload ;; deprecated, exploitable /worker/ ;; resource intensive, ss conflicts, creates instability, vendor specific (GoDaddy ManageWP) worpit-admin-dashboard-plugin ;; ss conflicts wp-404-auto-redirect-to-similar-post ;; serious errors, database junk, creates instability, bad for SEO (By hwk-fr) wp-add-mime-types ;; ss conflicts, not maintained wp-admin-protection ;; ss conflicts, pointless wp-advanced-importer ;; serious errors, not maintained wp-amazon-ses-smtp ;; blacklist risk (smtp) wp-analytify ;; bloated, pointless, excessive api calls wp-analytify-pro ;; bloated, pointless, excessive api calls wp-asset-clean-up ;; creates instability, bad practice (prevents browser pre-loading resources, etc) By Gabriel Livan wp-author-date-and-meta-remover ;; serious errors, bad practice, not maintained wp-avoid-slow ;; not maintained wp-backitup ;; ss conflicts, resource intensive, unsafe archives wp-backup-bank ;; ss conflicts wp-browser-update ;; pointless wp-cam-tester ;; php hacks, ss conflicts, pointless wp-category-posts-list ;; not maintained (by Swashata) wp-cerber ;; bloated, creates instability, ss conflicts, excessive logging wp-clean-up-optimizer ;; ss conflicts, bloated, resource intensive, database junk, excessive logging wp-cleanfix ;; serious errors, ss conflicts wp-cloudflare ;; not maintained, ss conflicts wp-clone-by-wp-academy ;; ss conflicts, resource intensive, unsafe local archives wp-comment-push ;; not maintained, serious errors wp-complete-backup ;; deprecated, ss conflicts, resource intensive wp-config-file-editor ;; ss conflicts /wp-contact-widget/ ;; spyware company, poor coding, serious errors, better options exist (MyThemeShop) wp-content-copy-protector ;; pointless wp-content-copy-protection ;; pointless wp-controls ;; deprecated wp-copysafe-web ;; exploitable, pointless, bad for SEO, bad practice wp-copysafe-pdf ;; exploitable, pointless, bad for SEO, bad practice wp-criticalcss ;; creates instability, not maintained wp-data-access ;; bad practice, creates instability, likely exploitable wp-database-backup ;; exploitable, ss conflicts, unsafe local archives wp-database-optimizer ;; not maintained wp-db-backup ;; resource intensive, unsafe local archives wp-db-backup-made ;; resource intensive, unsafe local archives wp-db-optimizer ;; not maintained wp-db-table-editor ;; bad practice, creates instability wp-dbmanager ;; ss conflicts, resource intensive, unsafe local archives wp-defender ;; ss conflicts, bloated (by WPMU Dev) wp-deferred-javascripts ;; not maintained, serious errors, bad practice wp-denyhost ;; not maintained, ss conflicts wp-easy-contact ;; political censorship (only supports MailChimp) By eMarket Design wp-easy-smtp ;; blacklist risk (smtp) wp-easy2map ;; exploitable (per WOrdfence), deprecated wp-edit ;; better alternatives, feature exists in wp core, prone to errors wp_edit_pro ;; better alternatives, feature exists in wp core, prone to errors wp-editor-widget ;; exists in wp core, creates instability /wp-email/ ;; blacklist risk (smtp) wp-email-delivery ;; better options exist wp-email-smtp ;; blacklist risk (smtp) wp-email-login ;; deprecated wp-embed-facebook ;; poor coding, serious errors wp-emoji-one ;; bloated, not maintained wp-engine ;; vendor specific wp-external-links ;; pointless, bizarre code, serious conflicts, bloated (By WebFactory Ltd) wp-facebook-plugin ;; not maintained wp-fail2ban ;; ss conflicts, excessive logging (By Charles Lecklider) wp-fastest-cache ;; ss conflicts wp-fastest-cache-premium ;; ss conflicts wp-favorite-posts ;; not maintained wp-file-cache ;; ss conflicts, not maintained wp-file-manager ;; being used in malware attacks wp-fontsize ;; bad practice, not maintained wp-force-http ;; ss conflicts, bad idea wp-force-https ;; better options exist wp-force-ssl ;; not maintained wp-gdpr-compliance ;; exploitable, bloated wp-gmail-smtp ;; blacklist risk (smtp) wp-google-analytics-events ;; hijacks wp admin (By PineWise) wp-google-plus-connect ;; deprecated /wp-google-translate/ ;; spyware company, poor coding, serious errors, better options exist (MyThemeShop) wp-gzip ;; ss conflicts, not maintained wp-hide-dashboard ;; not maintained wp-hide-post ;; not maintained, serious errors (by ScriptBurn) wp-hide-security-enhancer ;; ss conflicts, creates instability wp-hosting-performance-check ;; resource intensive wp-hotmail-smtp ;; smtp blacklist risk wp-html-page-sitemap ;; not maintained, bad practice (HTML sitemaps unnecessary) wp-hummingbird ;; bloated, ss conflicts wp-image-lazy-load ;; not maintained wp-inline-js-converter ;; ss conflicts, not maintained /wp-inspect/ ;; serious errors, not maintained, not for production sites wp-instagram-widget ;; deprecated (by @scottsweb on GitHub) wp-jquery-lightbox ;; not maintained /wp-js/ ;; not maintained wp-last-modified ;; not maintained free-sales-funnel-squeeze-pages-landing-page-builder-templates-make ;; exploitable (per Wordfence), spammy, pointless (WP Lead X Plus) wp-letsencrypt-ssl ;; ss conflicts, hijacks wp admin (by Go Web Smarty) wp-limit-login-attempts ;; excessive logging wp-live-chat-support ;; injects malware, exploitable wp-login-delay ;; ss conflicts wp-login-recaptcha ;; not maintained wp-logo-showcase-responsive-slider-slider ;; exploitable (by WP Online Support?) wp-mail-bank ;; smtp blacklist risk wp-mail-booster ;; smtp blacklist risk ;; /wp-mail-smtp/ ;; smtp blacklist risk (WPForms) wp-mail-smtp-mailer ;; not maintained, smtp blacklist risk wp-mail-smtp-sendgrid-edition ;; smtp blacklist risk wp-mailgun-smtp ;; exploitable, bad practice, smtp blacklist risk /wp-maintenance/ ;; exploitable, bloated, better options exist wp-maximum-execution-time-exceeded ;; php hacks /wp-mega-menu/ ;; spyware company, poor coding, serious errors, better options exist (MyThemeShop) wp-memory-db-indicator ;; deprecated wp-meta-and-date-remover ;; exploitable, poor coding wp-meteor ;; ss conflicts wp-minify ;; not maintained wp-minify-fix ;; ss conflicts, not maintained wp-minify-static ;; ss conflicts wp-missed-schedule ;; resource intensive, exists in wp core wp-modula ;; banned vendor (Alex Panagis) wp-most-popular ;; excessive logging, resource intensive wp-native-dashboard ;; deprecated wp-nested-pages ;; resource intensive, exploitable, possible data loss wp-no-category-base ;; better options available wp-no-external-links ;; exploitable, pointless wp-no-taxonomy-base ;; not maintained, serious errors wp-notification-bars ;; spyware company, poor coding, serious errors, better options exist (MyThemeShop) wp-optimize ;; ss conflicts wp-options-editor ;; not maintained wp-options-manager ;; not maintained wp-page-widget ;; bad practice, serious errors, JS conflicts, not maintained /wp-performance/ ;; ss conflicts (By alaca) wp-performance-pack ;; not maintained wp-performance-score-booster ;; ss conflicts wp-performance-security ;; not maintained, bizarre code wp-php-widget ;; deprecated, creates instability wp-phpmyadmin ;; exploitable, creates instability wp-phpmyadmin-extension ;; exploitable, creates instability (By Puvox.software) wp-post-formats ;; deprecated (a.k.a. cf-post-formats by Crowd Favorite) wp-postviews ;; excessive logging, not maintained wp-power-stats ;; excessive logging /wp-quiz/ ;; spyware company, poor coding, serious errors, better options exist (MyThemeShop) wp-rankie ;; resource intensive, excessive logging wp-realtime-sitemap ;; not maintained, bad practice (HTML sitemaps unnecessary) /wp-recaptcha/ ;; deprecated wp-redis ;; ss conflicts wp-redis-cache ;; ss conflicts wp-redis-object-cache-dropin ;; ss conflicts wp-remove-query-strings-from-static-resources ;; ss conflicts wp-remote-site-search ;; pointless, resource intensive (by Brainstorm Force) wp-reset ;; ss conflicts, potential data loss wp-resources-url-optimization ;; not maintained wp-retina-2x ;; ss conflicts (CloudFlare), resource intensive, creates junk files, bad practice (should be done by CDN) wp-retina-2x-pro ;; ss conflicts (CloudFlare), resource intensive, creates junk files, bad practice (should be done by CDN) /wp-review/ ;; spyware company, poor coding, serious errors, better options exist (MyThemeShop) wp-rocket ;; bloated, ss conflicts wp-rocket-static-exclude-defer-js ;; ss conflicts wp-roids ;; ss conflicts, creates instability wp-roilbacks ;; malware wp-rollback ;; bloated wp-scheduled-posts ;; exists in wp core, creates instability, spamware wp-script-optimizer ;; ss conflicts, creates instability wp-security-audit-log ;; excessive logging wp-security-audit-log-for-paid-memberships-pro ;; excessive logging wp-sendgrid-smtp ;; blacklist risk (smtp) wp-seo-html-sitemap ;; not maintained, bad practice (HTML sitemaps unnecessary) wp-server-stats ;; ss conflicts /wp-shortcode/ ;; requires ImageMagick?, spyware company, poor coding, serious errors, better options exist (MyThemeShop) wp-simple-html-sitemap ;; bad practice (HTML sitemaps unnecessary) wp-site-migrate ;; vendor specific (wp engine) wp-sitemap-page ;; bad practice (HTML sitemaps unnecessary) wp-slimstat ;; exploitable, excessive logging /wp-smtp/ ;; blacklist risk (smtp) wp-smtp-config ;; not maintained wp-smtp-mailer ;; blacklist risk (smtp) wp-smush-pro ;; bloated, resource intensive, potential broken file structure, creates instability, vendor specific (WPMUDev) wp-smushit ;; bloated, resource intensive wp-social-importer ;; resource intensive, copyright issues, seo penalties wp-social-networks-widget ;; not maintained wp-socialshareprivacy ;; not maintained wp-spam-fighter ;; not maintained (by Henri Benoit) wp-speed-404 ;; excessive logging wp-ssl-redirect ;; better options exist wp-statistics ;; excessive logging wp-stats ;; excessive logging /wp-subscribe/ ;; spyware company, poor coding, serious errors, better options exist (MyThemeShop) /wp-subscribe-pro/ ;; spyware company, poor coding, serious errors, better options exist (MyThemeShop) wp-super-cache ;; ss conflicts wp-super-cache-clear-cache-menu ;; ss conflicts /wp-symposium/ ;; exploitable, deprecated? /wp-tab-widget/ ;; resource intensive, not maintained, spyware company, poor coding, serious errors, better options exist (MyThemeShop) wp-templator ;; pointless, bloated (by Brainstorm Force) /wp-testimonials/ ;; spyware company, poor coding, serious errors, better options exist (MyThemeShop) wp-themes-plugins-stats ;; pointless (by Brainstorm Force) wp-time-capsule ;; bloated, excessive logging, creates instability wp-time-to-read ;; spyware company, poor coding, serious errors, better options exist (MyThemeShop) wp-user-profile ;; bizarre code, not maintained wp-version-in-query-string-modifier ;; not maintained wp-vi-duplicate-posts ;; cant remember why wp-yahoo-smtp ;; blacklist risk (smtp) /wp1/ ;; deprecated wpa-seo-auto-linker ;; serious errors, creates instability wpb-elementor-addons ;; hacks third-party design products (By wpbean) wp-central ;; remote dashboards, exploitable (By Softaculous) ;; wpcf7-redirect ;; bad practice wpcloaker ;; blackhat seo, bad idea wpdbspringclean ;; not maintained wpe-advanced-cache-options ;; vendor specific wpengine ;; vendor specific wpfeedback ;; bloated wpide ;; idk wplang-lite ;; not maintained wpmerchant ;; political censorship (only supports MailChimp) By WPMerchant wpmudev-updates ;; ss conflicts, does not play nice with other extensions, wp admin hijacking wpo-tweaks ;; ss conflicts wpp-link-social ;; not maintained wpperformancetester ;; resource intensive wpremote ;; remote managers, creates instability, database junk, etc wps-bidouille ;; bizarre code, creates instability wps-hide-login ;; creates instability, ss conflicts (by tabrisrp, WPServeur, nicolaskulka / fork of @ellatrix on GitHub) ws-google-plus-widget ;; deprecated wsecure ;; ss conflicts wpsecureops-bruteforce-protect ;; not maintained wpsecurity ;; not maintained, unclear purpose Wpshop ;; exploitable, not maintained wpvivid-backuprestore ;; unsafe local archives, resource intensive ws-google-webmaster-tools ;; deprecated (By WebShouters) wysiwyg-widgets ;; not maintained, creates instability xcloner-backup-and-restore ;; ss conflicts, resource intensive, unsafe local archives (By watchful.net) xstream-google-analytics ;; not maintained xxx-notices ;; ss conflicts xxx-notices-littlebizzy ;; ss conflicts yakadanda-google-hangout-events ;; deprecated yandex-mail ;; not maintained yellow-pencil ;; exploitable, creates instability, bad practice yet-another-featured-posts-plugin ;; not maintained yet-another-related-posts-plugin ;; resource intensive yith-woocommerce-stripe ;; poor coding, better options exist yith-woocommerce-stripe-premium ;; poor coding, better options exist ;; yith-woocommerce-wishlist ;; exploitable, serious errors, resource intensive ;; did it improve? yoast-seo-search-index-purge ;; ss conflicts, serious errors (worse seo), creates instability, generates sitemap junk yuzo-related-post ;; deprecated, exploitable, resource intensive zendesk-request-form ;; malware company (Pipdig) zilla-likes ;; deprecated, possible excessive cookies, better options exist ( By ThemeZilla / Pixel Union) /zoomph/ ;; not maintained zox-alp ;; resource intensive, no public docs, not maintained (Zox Auto Load Posts) zzz-notices ;; ss conflicts zzz-notices-littlebizzy ;; ss conflicts ;; match exact class names (case sensitive) [classes] Cloudways cloudways WooCommerceWholeSalePrices WooCommerceWholeSalePricesPremium WooCommerce_Wholesale_Lead_Capture WooCommerce_WholeSale_Order_Form wphp_init FacebookForWordpress ;; serious errors, poor coding, poor maintenance, better options exist (Official Facebook Pixel via GitHub) wfWAF ;; WordFence ITSEC_Core ;; iThemes Security ;; match exact function names (case sensitive) [functions] itsec_load_textdomain ;; iThemes Security ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; Blacklist.txt: Future Blacklist (Pending Disallowed Plugins) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; Message for soon to be disallowed plugins (multiple lines allowed) ;; This message will appear in the WordPress admin notices section [message future] The following plugins will (likely) be disallowed before December 2023 due to abandonment, performance issues, and/or bad practices... please consider finding alternatives: ;; match any path (case insensitive) ;; for exact directory matches use slashes e.g. /revslider/ [path future] themeisle-companion ;; bloated, hacks third-party design products (By ThemeIsle) conditional-fields-for-elementor-form ;; hacks third-party design products (By Cool Plugins) aweber-web-form-widget ;; political censorship (by Aweber) fusion-core ;; bloated, spinning, database thrashing, horrible in almost every way (by Avada theme) fusion-builder ;; bloated, lock-in (proprietary page builder) by Avada theme ;; wordpress-seo ;; spyware, spammy, cronyism, hijacks WP Admin, history of poor coding, bloated, excessive logging, excessive API calls (aka Yoast SEO) product-catalog-feed-pro ;; no public changelog, potential database thrashing? baw-login-logout-menu ;; not maintained (By Juliobox) dps-columns-extension ;; not maintained (By Bill Erickson on GitHub) houzez-login-register ;; feature exists in WP Core, no public changelog, bad practice (hijacks user registration) powr-pack ;; spyware, bad practice (major lock-in issues, antithetic to FOSS software) By Power.io thegem-elements ;; theme-specific design plugin (By Codex Themes) ;; elementor-pro ;; no support for Nginx servers (fatal errors if htaccess files not found) :: By Elementor mega-addons-for-visual-composer ;; hacks third-party design products (By Topdigitaltrends) /gleam/ ;; not maintained (By Crowd9) uk-cookie-consent ;; not maintained (By termly) genesis-simple-hooks ;; serious errors, potential data loss (activate/reactivate), causes lock-in (use normal shortcodes instead), not maintained (By StudioPress) genesis-simple-edits ;; deprecated (By StudioPress) wp-no-tag-base ;; not maintained, serious errors (seems to cause soft 404 errors) By Devin Walker wp-no-category-base ;; not maintained, better options exist (By iDope) wishlist-member ;; hijacks wp-login, exploitable wishlist-dashboard ;; no public changelog contact-form-to-email ;; only supports MailChimp (political censorship) By CodePeople getwid ;; only supports MailChimp (political censorship) By MotoPress shopmagic-for-woocommerce ;; only supports MailChimp (political censorship) By WP Desk wp-members ;; only supports MailChimp (political censorship) By Chad Butler wdv-mailchimp-ajax ;; political censorship (By wdvillage) miniorange-login-openid ;; only supports MailChimp (political censorship) By miniOrange proteusthemes-mailchimp-widget ;; political censorship (By ProteusThemes) wp-chimp ;; political censorship (By Thoriq Firdaus) download-after-email ;; only supports MailChimp (political censorship) By MK-Scripts igniteup ;; only supports MailChimp (political censorship) By Ceylon Systems responsive-contact-form-mailchimp-extension ;; political censorship (By August Infotech) chimpbridge ;; political censorship (By ChimpBridge) form-maker ;; only supports MailChimp (political censorship) By 10Web Form Builder Team quick-contact-form ;; only supports MailChimp (political censorship) By Fullworks /user-registration/ ;; only supports MailChimp (political censorship) By WPEverest chatbot ;; only supports MailChimp (political censorship) By QuantumCloud fluentform ;; only supports MailChimp (political censorship) By Contact Form - WPManageNinja LLC pagerestrict ;; not maintained (By Matt Martz & Andy Stratton) um-mailchimp ;; political censorship (for Ultimate Member) guten-forms-mailchimp ;; political censorship (By munirkamal) send-emails-with-mandrill ;; political censorship, By Miller Media (Matt Miller) aka MailChimp API eu-opt-in-compliance-for-mailchimp ;; political censorship (By YIKES) mailchimp-as-a-registration ;; political censorship (By PressPage Entertainment) mailster-mailchimp ;; political censorship (By EverPress) mailchimp-for-formcraft ;; political censorship (By nCrafts) nmedia-mailchimp-widget ;; political censorship (By Par nmedia) woo-mailchimp-crm-perks ;; political censorship (By CRM Perks) simple-email-mailchimp-subscriber ;; By WP Monkey's testimonial-rotator ;; not maintained, bad practice (schema abuse now considered gray-hat by Google) By Hal Gatewood designthemes-core-features ;; possibly not maintained, theme-specific CPTs (By DesignThemes) quform-mailchimp ;; political censorship (By ThemeCatcher) mail-chimp-add-on-for-restrict-content-pro ;; political censorship (By Sandhills Development) yith-woocommerce-mailchimp ;; political censorship (By YITH) mailchimp-subscribe-sm ;; political censorship (By PluginOps) cf7-mailchimp ;; political censorship (By CRM Perks) woo-mailchimp-newsletter-discount ;; political censorship (By zetamatic) another-mailchimp-widget ;; political censorship (By MotoPress) mcpopup-popup-form-for-mailchimp ;; political censorship (By Alobaidi) mailchimp-for-woocommerce ;; political censorship (By Mailchimp) mailchimp-forms-by-mailmunch ;; political censorship (By ibericode) mailchimp-for-wp ;; political censorship (By ibericode) yikes-inc-easy-mailchimp-extender ;; political censorship (By YIKES, Inc) mailchimp-top-bar ;; political censorship (By ibericode) mailchimp-wp ;; political censorship (By Fatcat Apps) woocommerce-mailchimp ;; political censorship (By Saint Systems) contact-form-7-mailchimp-extension ;; political censorship (By Renzo Johnson) simple-membership-mailchimp-integration ;; political censorship (By smp7, wp.insider) pmpro-mailchimp ;; political censorship (By Stranger Studios) ;; ml-slider ;; spyware bridge-core ;; no public changelog, history of bad practices (By Qode Themes) easy-tables-vc ;; no public changelog, better options exist (By WP Bakery) ajax-campaign-monitor-forms ;; not maintained (By Lee Willis) seo-ultimate ;; not maintained (By SEO Design Solutions) ;; wp-add-custom-css ;; bad practice (loads per-page custom CSS instead of site-wide) By Daniele De Santis ;; contact-form-7 ;; bloated, bad practice (creates /js/ folder and ignores WP best practices, etc) will not blacklist for a long while tho formstack ;; not maintained, serious errors featured-sprout-grid ;; hacks third-party design products (By Chelsey Hansson) responsive-maps-plugin ;; bloated, poor coding, better options exist (By greenline) single-post-template ;; not maintained (By Nathan Rice), bad practice (should be in a theme) wp-recipe-maker ;; bad practice (CPTs only support their own plugin), bloated, excessive API calls, no query strings (bad SEO/usability) ;; By Bootstrapped Ventures wp-recipe-maker-premium ;; bad practice (CPTs only support their own plugin), excessive API calls, no query strings (bad SEO/usability) ;; By Bootstrapped Ventures wp-ultimate-recipe-premium ;; bad practice (CPTs only support their own plugin), excessive API calls, no query strings (bad SEO/usability) ;; By Bootstrapped Ventures wp-ultimate-post-grid ;; bad practice (breaks up web design into various plugins, Essential Grid clone) ;; By Bootstrapped Ventures wp-ultimate-post-grid-premium ;; bad practice (breaks up web design into various plugins, Essential Grid clone) ;; By Bootstrapped Ventures martfury-addons ;; not maintained, no public changelog, hacks third-party design products (By DrFuri) woocommerce-deals ;; not maintained, no public changelog (By DrFuri) variation-swatches-for-woocommerce-pro ;; not maintained, no public changelog (By DrFuri) /post-grid/ ;; bad practice (breaks up web design into various plugins, Essential Grid clone) ;; By PickPlugins flexible-posts-widget ;; not maintained (By DPE WS&D LLC) featured-video-plus ;; not maintained (By Alexander Höreth) recommendwp-widgets ;; not maintained recommendwp-shortcodes ;; not maintained us-header-builder ;; hacks third-party design products, creates instability, no public changelog, poor coding (By Upsolution / Us Themes) getsitecontrol ;; requires api validation, creates instability saaspik-addons ;; no public changelog, hacks third-party design products e.g. Elementor upload-url-path-enabler ;; ss conflicts, creates instability, potential data loss, not maintained (By Grégory Viguier) essential-grid ;; bloated, creates instability, bad practice (sets cookies, caching, etc), resource intensive (By ThemePunch) sober-addons ;; hacks third-party design products, theme-specific page builder (By UIX Themes) photography-custom-post ;; theme-specific custom post types (By ThemeGoods) easy-google-fonts ;; bloated, not maintained, bad practice (too many selectors, etc) (By Titanium Themes) oauth-twitter-feed-for-developers ;; not maintained (but appears to work okay for now, by Liam Gladdy (Storm Consultancy)) divi_extended_column_layouts ;; hacks third-party design products, no public changelog (By Sean Barton, Tortoise IT) ;; ao-content-upgrades ;; no public changelog (By contentupgrades.io) ;; ao-landing-pages ;; no public changelog (By contentupgrades.io) genesis-title-toggle ;; hacks third-party design products (By Bill Erickson) optin-lock ;; deprecated, no public changelog (By Boris Beo) elegant-themes-icons ;; not maintained, hacks third-party design products (By Mayur Somani, threeroutes media) jet-menu ;; hacks third-party design products (By Crocoblock) oh-add-script-header-footer ;; poor coding, spammy, not maintained, better options exist (By orenhav (SOGO)) ;; pretty-link ;; resource intensive, poor coding, hijacks wp admin, randomly removes free features to PRO, spammy ;; (By Blair Williams and cartpauj) ;; ontrapages ;; serious errors, poor coding (By Ontraport) events-addon-for-elementor ;; hacks third-party design products (By NicheAddons) ;; custom-order-statuses-woocommerce ;; hijacks WooCommerce Core features (By Tyche Softwares) seems better now vafpress-framework ;; not maintained (By Vafour) vafpress-framework-plugin ;; not maintained (By Vafour) vafpress-post-formats-ui ;; not maintained (By Vafour) vafpress-post-formats-ui-develop ;; not maintained (By Vafour) ad-ace ;; no public changelog, theme-specific code (By Bimber / bringthepixel) memberful-wp ;; bloated, spyware (By Memberful) adrotate ;; bloated, excessive logging (By Arnan de Gans) adrotate-pro ;; bloated, excessive logging (By Arnan de Gans) tracking-code-manager ;; bloated, violates GPL terms (blocks access without license renewal), history of poor coding, history of serious errors (by IntellyWP) elf-links ;; not maintained, no public changelog, by Success Elf legal-pages ;; bloated, hijacks wp admin, function exists in wp core, By WPLegalPages Team whats-your-reaction ;; By bringthepixel coschedule-by-todaymade ;; bloated, excessive API calls, bad practice (does not belong inside WordPress), By CoSchedule make-column-clickable-elementor ;; hacks third-party design products (By Fernando Acosta) native-ads-adnow ;; abandoned (By Adnow) responsive-welcome-bar ;; bloated, excessive API/resource calls, bad practice (external header bar?) by Zotabox loom-extras ;; theme-specific custom post types (by TommusRhodus) radiantthemes-addons ;; theme-specific custom post types (by RadiantThemes) radiantthemes-custom-post-type ;; theme-specific custom post types (by RadiantThemes) pt-theme-addon ;; theme-specific custom post types (Promenade Theme) wp-login-customize ;; not maintained (By Anowar Anik) sprout-shortcodes ;; theme-specific shortcodes (By Envirra Theme / Envato) dt-the7-core ;; theme-specific custom post types (By Dream-Theme) ns-facebook-pixel-for-wp ;; improper code (limits to header), limited options, better options exist (by NSThemes) addfunc-head-footer-code ;; not maintained, better options exist, bad practice (hides snippets on page editor), anonymous /disable-title/ ;; not maintained, better options exist (by Frank Staude) /zendesk/ ;; poor coding, not maintained, better options exist (by Zendesk) wens-responsive-column-layout-shortcodes ;; not maintained (by Bhuwan Roka) hgr_essentials ;; not maintained, hacks other design products (Visual Composer) by HighGrade Themes hgr_megafooter ;; not maintained, hacks other design products (Visual Composer) by HighGrade Themes hgr_megamenu ;; not maintained, hacks other design products (Visual Composer) by HighGrade Themes ;; kayako-messenger-live-chat ;; not maintained ;; radcontrol ;; requires Jetpack, not maintained ;; popdom-themes-backup ;; unknown purpose /easy-table/ ;; deprecated (by Takien) hgr_vc_extender ;; hacks other design products (by HighGrade Themes) sociallocker-next-premium ;; not maintained, serious errors (By OnePress) helios-solutions-woocommerce-hide-price-and-add-to-cart-button ;; pointless, bad practice (use "out of stock" or draft?) be-subpages-widget ;; not maintained yith-woocommerce-zoom-magnifier ;; serious errors, history of poor coding (by YITH Themes) super-socializer ;; possible excessive logging, bloated /frontend-reset-password/ ;; pointless, possible exploitable, bad practice (function exists in WP Core) fullwidth-templates ;; creates instability, hacks third-party design products (by Brainstorm Force)(by Brainstorm Force) /upscribe/ ;; slow CDN, bloated, better options exist conditional-menus ;; bad practice (horrrible for SEO and usability) ;; geo-multi-location-map ;; not maintained (by Omex Infotech) ;; wp-less ;; abandoned (By Oncle Tom) ;; google-maps-widget ;; poor maintenance, agency history of exploits and poor code (by WebFactory Ltd) ;; yith-woocommerce-order-tracking ;; scamware (does not send tracking unless you upgrade) by YITH Themes ;; nex-forms ;; no public changelog, better options exist woocommerce-digital-download-free-shipping ;; serious errors, not maintained ;; /google-remarketing/ ;; not maintained (but appears to work okay for now) ;; comment-form-shortcode ;; not maintained /landing-pages/ ;; serious errors, creates instability, poor coding js_convertible_addons ;; deprecated (Convertible Premium Theme Add-ons by Iman G.M. a.k.a. ThemeWisdom) woocommerce-pretty-emails ;; not maintained, abandoned /posts-by-tag/ ;; bloated, bizarre code, serious errors, poor maintenance dynamic-featured-image ;; poor coding, bad practice /gallery-plugin/ ;; serious errors, poor coding, better options exist (by BestWebSoft) custom-menu-wizard ;; pointless, creates instability /cornerstone/ ;; not maintained, better options exist flynsarmy-iframe-shortcode ;; not maintained indeed-my-logos-vc ;; not maintained, no public docs js_composer_salient ;; not maintained, creates instability (Salient Visual Composer) js_composer ;; bloated, history of fatal errors, codebase and branding constantly changing, private page builder (Visual Composer a.k.a. WP Bakery Page Builder a.k.a. Avada Builder) sitepress-multilingual-cms ;; bloated, exploitable, poor code (a.k.a. WPML) wpml-string-translation ;; bloated, exploitable, poor code (wpml) wpml-media-translation ;; bloated, exploitable, poor code (wpml) wpml-translation-management ;; bloated, exploitable, poor code (wpml) /genesis-grid-loop/ ;; not maintained /featured-video/ ;; not maintained, serious errors ;; contentad ;; possibly abandoned (By ContentAd) ;; youtube-embed-plus ;; excessive api calls, bloated, poor coding (e.g. many api calls on every page) By Embed Plus ;; youtube-embed-plus-pro ;; excessive api calls, bloated, poor coding (e.g. many api calls on every page) By Embed Plus wp-masonry-layout ;; not maintained acf-image-crop-add-on ;; serious errors, not maintained (by Anders Thorborg) tfm-google-product-feed ;; not maintained, better options exist /slider-image/ ;; deprecated (Huge IT Slider) creativ-shortcodes ;; deprecated, better options exist (by Jonathan Atkinson) flexi-quote-rotator ;; not maintained, serious errors wp-user-frontend ;; bloated, bad practice (too many functions), poor coding, hijacks wp admin ;; category-country-aware ;; not maintained (but still seems to work fine) by Andrew Wrigley ;; ld-visual-customizer ;; not maintained, changes other plugins, creates instability ;; woocommerce-social-checkout ;; possibly abandoned (by Lee Willis) ;; woocommerce-ajax-add-to-cart-for-variable-products ;; creates instability (by Rishi Mehta - Rcreators Websolutions) ;; /instapage/ ;; landing page imports, private page builder, creates instability ;; /instapage/ ;; serious errors (curl error 28), excessive api calls ;; unbounce ;; creates instability, closed source page builder, poor coding ;; wp-better-emails ;; not maintained ;; export-featured-images ;; abandoned but still seems to work ;; /wp-less/ ;; not maintained ;; pixproof ;; not maintained ;; genesis-connect-woocommerce ;; creates instability, bad practice, tries to replace native WC functions ;; rel-nofollow-checkbox ;; not maintained ;; social-media-builder ;; possible excessive logging ;; contact-form-maker ;; possible forced/secret tracking/spyware ;; simple_click_tracker ;; possibly not maintained, excessive logging, no public docs (by NAMS Toolkit) ;; convertplug ;; exploitable (WordFence report), no public docs, better options exist ;; good-reviews-wp ;; not maintained (by Theme of the Crop) ;; just-in-time-sales-offers ;; not maintained, author probation (by Rymera Web) ;; just-in-time-sales-offers-premium ;; not maintained, author probation (by Rymera Web) ;; simple-file-downloader ;; not maintained but seems still working well ;; menu-buttons ;; not maintained but seems still working well ;; /slider/ ;; better options exist (Huge IT Slider) ;; indeed-social-media ;; bad for seo/usability (content lockers) ;; infusedwooPRO ;; potential issues? ;; custom-functions ;; ss conflicts (don't add until Custom Functions MU plugin working perfectly) ;; 7up-core ;; possibly abandoned ;; activemember360 ;; needs to stop hijacking/redirecting WP Admin backend, seems to be other issues too ;; advanced-responsive-video-embedder ;; bloated, poor code, serious errors ;; amp-plugin-manager ;; possible ss conflicts (create MU plugin for another AMP plugin?) by Ahmed Kaludi, Mohammed Kaludi ;; booster-plus-for-woocommerce ;; bloated ;; /clean-options/ ;; not maintained (still kinda works) ;; divi-builder ;; bloated ;; clickcease-click-fraud-protection ;; poor coding, resource intensive, possibly not maintained ;; divi_woo_layout_injector ;; possible thrashing ;; email-notification-on-admin-login ;; excessive logging, pointless ;; enable-media-replace ;; dashboard hijacking (shortpixel) ;; front-end-pm ;; potential security nightmare ;; /export-user-data/ ;; not maintained (but still works for the moment) ;; formlift-individual-styling ;; deprecated (wrong, its been converted to private repo) ;; forums-censure-pro ;; possible resource intensive, no public docs (gVectors Team) ;; geotargeting-pro ;; possible resource intensive, possible database thrashing ;; /jilt-for-edd/ ;; fatal errors, excessive logging, possible excessive API usage ;; clickcease-click-fraud-protection ;; poor code, poor maintenance, better options exist (embed code directly) ;; klaviyo ;; not maintained, serious errors ;; tiled-gallery-carousel-without-jetpack ;; not maintained ;; /linker/ ;; not maintained ;; /monarch/ ;; possible excessive logging (elegant themes) ;; nextgen-gallery ;; bloated ;; social-media-builder ;; possible excessive logging ;; single-post-template ;; bad practice, not maintained ;; pressapps-document ;; no public docs ;; sb-rss-feed-plus ;; not maintained ;; s2member ;; serious errors, bloated ;; reveal-ids-for-wp-admin-25 ;; possible resource intensive ;; /reviewer/ ;; not maintained (Reviewer by Michele Ivani on CodeCanyon) ;; flexible-shipping-ups ;; poor coding, serious errors (may have been confused with another plugin, whitelist for now) ;; voting-platform-feelbacks ;; bloated, serious errors ;; /taboola/ ;; not maintained ;; bsa-pro-scripteo ;; serious errors, poor coding ;; buddypress-media ;; possibly serious errors, possibly not maintained ;; title-and-nofollow-for-links ;; creates instability, serious errors (by WPKube) ;; tawkto-live-chat ;; bloated ;; td-composer ;; not maintained, better options exist (TagDiv Composer) ;; woo-permalink-manager ;; creates instability ;; woocommerce-side-cart ;; ajax overload, creates instability ;; wp-image-size-limit ;; not maintained ;; wufoo-shortcode ;; not maintained (still working okay) ;; /wp125/ ;; not maintained ;; category-country-aware ;; possibly not maintained, possibly excessive API calls ;; simple-social-buttons ;; possible excessive logging ;; simple-social-buttons-pro ;; possible excessive logging ;; image-source-control-isc ;; pointless, creates instability, bad practice ;; /wp-subtitle/ ;; bizarre code (focused on Yoast SEO?), not maintained, better options exist ;; us-header-builder ;; deprecated ;; wufoo-shortcode ;; not maintained ;; multipurpose-sliders ;; mcw_fullpage (js_composer) ;; /accelerated-mobile-pages/ ;; amp, exploitable ;; new-royalslider ;; no public docs ;; option-tree ;; not maintained ;; https://github.com/valendesigns/option-tree/ ;; wp-live-chat-support ;; resource intensive ;; wp-staging ;; creates junk files, creates database junk, exploitable ;; wp-staging-pro ;; creates junk files, creates database junk, exploitable ;; yotpo-social-reviews-for-woocommerce ;; lock-in ware, poor performance (loads third party scripts) ;; gp-premium ;; possible bloated (GeneratePress Premium, GP theme add-on modules) ;; woocommerce-customizer ;; possibly abandoned (by SkyVerge) ;; truconversion-connect ;; possible abandoned, better options exist ;; image-source-control-isc ;; creates instability (should use WP Core or other approach for this e.g. caption) ;; widget-logic ;; not maintained ;; single-post-template ;; not maintained ;; myworks-woo-sync-for-quickbooks-online ;; possible excessive api calls, possible resource intensive ;; pdfembedder-premium-secure ;; possibly not maintained ;; /menu-icons/ ;; bad practice, creates instability, bloated ;; /spacer/ ;; creates instability ;; gravityperks ;; bloated, hacks other plugins, creates instability (by Gravity Wiz) ;; digiproveblog ;; pointless ;; commercegurus-toolkit ;; no public docs, possibly not maintained (Envato vendor add-on plugin) ;; match exact class names (case sensitive) [classes future] ;; match exact function names (case sensitive) [functions future] ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; Blacklist.txt: Pause Blacklist (Plugins You Should Deactivate When Not In Use) ;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; Message for plugins that should be deactivated when not in use (multiple lines allowed) ;; This message will appear in the WordPress admin notices section [message pause] The following utility plugins should be deactivated when not in use for better performance and security: ;; match any path (case insensitive) ;; for exact directory matches use slashes e.g. /revslider/ [path pause] post-type-switcher ;; utility (previously blacklisted but seems fine now) wp-crontrol ;; utility enable-jquery-migrate-helper ;; utility (By Automattic) aka jQuery Migrate library all-in-one-wp-migration ;; import/export /batchmove/ ;; utility bulk-delete ;; utility (By Sudar) bulk-move ;; utility bulk-page-creator ;; utility better-search-replace ;; utility child-theme-configurator ;; utility coming-soon-maintenance-mode-from-acurax ;; maintenance crazyegg-heatmap-tracking ;; testing tools custom-field-bulk-editor ;; utility customer-import-export-for-woocommerce ;; import/export (WebToffee) customizer-export-import ;; import/export /debug-bar/ ;; utility debug-bar-console ;; utility ;; dev4press-updater ;; vendor updates ;; nex-forms ;; non-dismissable admin hijacking ads download-plugin ;; utility download-theme ;; utility easy-theme-and-plugin-upgrades ;; import/export ;; elegant-themes-updater-master ;; vendor updates export-categories ;; import/export (By Shambhu Prasad Patnaik) enable-media-replace ;; utility export-media-with-selected-content ;; import/export export-all-urls ;; import/export export-database ;; import/export export-user-data ;; import/export export-woocommerce ;; import/export export-woocommerce-pro ;; import/export file-manager ;; utility file-manager-advanced ;; utility force-regenerate-thumbnails ;; utility ggpkg-import ;; import/export heatmap-for-wp ;; utility hotjar ;; testing ;; ignitewoo-updater ;; vendor updates ;; mythemeshop-connect ;; vendor updates ld-content-cloner ;; utility (learndash) media-cleaner ;; utility (By Jordy Meow) memberpress-importer ;; import/export (By MemberPress) one-click-child-theme ;; utility one-click-demo-import ;; import/export order-import-export-for-woocommerce ;; import/export product-import-export-for-woo ;; import/export pw-bulk-edit ;; utility query-monitor ;; utility regenerate-thumbnails ;; utility (now maintained by Automattic, R.I.P. Alex Mills) regenerate-thumbnails-advanced ;; utility (by ShortPixel) replace-image ;; utility /search-replace/ ;; utility (By manu225) seo-data-transporter ;; import/export (By StudioPress) ... might need to blacklist soon as no longer maintained show-current-template ;; utility simple-301-redirects-addon-bulk-uploader ;; import/export (By Webcraftic, Ash Durham) string-locator ;; utility tls-1-2-compatibility-test ;; utility truconversion-connect ;; utility update-theme-and-plugins-from-zip-file ;; import/export users-customers-import-export-for-wp-woocommerce ;; import/export (By WebToffee) vc-templates-import-export ;; import/export ;; vendidero-helper ;; vendor updates (germanized pro for woocommerce vendidero.de) ;; video-user-manuals ;; utility what-the-file ;; utility widget-importer-exporter ;; import/export /wordpress-reset/ ;; utility wordpress-users-woocommerce-customers-import-export ;; import/export (By WebToffee) woo-bulk-editor ;; utility woo-order-export ;; import/export woo-order-export-lite ;; import/export woocommerce-advanced-bulk-edit ;; utility woocommerce-bulk-editor ;; utility woocommerce-exporter ;; import/export WooCommerce-order-export ;; import/export WooCommerce-order-export-pro ;; import/export woocommerce-product-csv-import-suite ;; import/export woocommerce-simply-order-export ;; import/export woocommerce-store-toolkit ;; utility (By Visser Labs) woocommerce-subscriptions-importer-exporter ;; import/export wow-media-library-fix ;; utility (By WowPress.net) wp-all-export ;; import/export wp-all-import ;; import/export wp-export-menus ;; import/export wp-file-manager ;; utility wp-migrate-db ;; import/export ;; wp-staging ;; staging ;; wpstagecoach ;; staging wp-store-locator-csv ;; import/export wp-sweep ;; utility wp-test-email ;; utility (By Boopathi Rajan) wp-ultimate-csv-importer ;; import/export wp-ultimate-exporter ;; import/export wordpress-importer ;; import/export yoast-seo-settings-xml-csv-import ;; import/export ;; dev4press-updater ;; updaters ;; ignitewoo-updater ;; updaters ;; elegant-themes-updater ;; updaters ;; match exact class names (case sensitive) [classes pause] ;; match exact function names (case sensitive) [functions pause] ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;; SlickStack: External References Used To Improve This Script (Thanks, Interwebz) ;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; Ref: wpvulndb.com, wordfence.com, sucuri.net, ait-pro.com, plugintests.com ;; Ref: exploit-db.com, packetstormsecurity.com, vulners.com, fortiguard.com, checkpoint.com ;; Ref: acunetix.com, rapid7.com, wpblacklistedplugins.com ;; Ref: https://wpvulndb.com/vulnerabilities/9223 ;; Ref: https://wpfixit.com/improve-wordpress-speed/ ;; Ref: https://wpengine.com/support/disallowed-plugins/ ;; Ref: https://www.godaddy.com/help/blacklisted-plugins-8964 ;; Ref: https://www.templatemonster.com/blog/40-wordpress-plugins-avoid-moving-managed-hosting/ ;; Ref: https://www.knownhost.com/wiki/wordpress-hosting/plugin-blacklist ;; Ref: https://support.hostgator.com/articles/pre-sales-policies/optimized-wordpress-disallowed-plugins ;; Ref: https://www.wpintense.com/performance-old/wordpress-plugin-blacklist/ ;; Ref: https://gowebsite.com/article/blacklisted-plugins.html ;; Ref: https://guide.hosting.aruba.it/hosting/hosting-wordpress-gestito/gestione-servizio-configurazione-spazio-web/lista-plugin-in-blacklist.aspx ;; Ref: https://www.crazydomains.com.au/help/wordpress-hosting-blacklisted-plugins/ ;; Ref: https://getflywheel.com/wordpress-support/what-plugins-are-not-allowed/ ;; Ref: https://support.pagely.com/hc/en-us/articles/201255990-Which-plugins-and-themes-are-allowed- ;; Ref: https://mediatemple.net/community/products/wordpress/204405734/which-plugins-and-activities-are-not-allowed-with-my-managed-wordpress-service ;; Ref: https://support.getshifter.io/faqs/unrecommended-wordpress-plugins ;; Ref: https://www.inhousegraphicsinc.com/blacklisted-wordpress-plugins-to-avoid/ ;; Ref: https://simplenet.io/wordpress-plugins/ ;; Ref: https://wp.cs.ucl.ac.uk/guidelines/disallowed-plugins/ ;; Ref: https://www.hmeaworld.com/knowledgebase/10/WordPress-plugins-we-do-not-recommend.html?language=portuguese-pt ;; Ref: https://toshost.com/a/harmful-wordpress-plugins-for-your-website-which-we-do-not-recommend ;; Ref: https://www.jeffbullas.com/attacked-wordpress-plugins/ ;; SS_EOF