There are more than 54,000 plugins for WordPress out in the universe and most of them are going to work splendidly on Flywheel. However, there are a few categories of plugins that either duplicate functionality that Flywheel already provides, or are known performance-killers on sites.
Flywheel believes that users shouldn’t have to “fiddle” with their site to get the best performance and security. As a managed WordPress host, our goal is to make sure you’re starting out with a site that just works.
Flywheel already has you covered on the backup front. We back up every site each and every night on external servers. We allow you to easily restore and download backups from the Flywheel dashboard.
Backup plugins, on the other hand, are incredibly resource-hungry. When running, they can take a big bite out of the resources you need to deliver content to your visitors and really slow your site down at inopportune times. For larger sites, some of the MySQL queries can even take your site offline. These plugins also often store large backup files on your server, which can unnecessarily fill up your disk space.
Examples of disallowed Backup plugins:
If you’d like to keep your own backups in additions to the ones Flywheel keeps, we recommend downloading a backup from the Flywheel dashboard.
Note: If you do want a regular backup in addition to Flywheel’s nightly backup, try choosing a plugin which allows you to store backups offsite like VaultPress. Your site’s performance will still take a hit while the process is running. In an attempt to keep data usage to a minimum, we’d advise you only allow the plugin to store of one day’s backup on the site itself.
Flywheel handles caching at the server level, eliminating the need for caching plugins. Server-side caching is significantly more efficient and scalable than any plugin-based caching, as it doesn’t rely on PHP at all. This aside, caching plugins run the risk of interfering with the caching we already have in place.
In addition, plugin-based caching solutions tend to cause serious issues when used in tandem with Flywheel features that move or duplicate sites, including Blueprints, cloning, and Staging.
Examples of disallowed Caching plugins:
Note: Some caching plugins also handle other tasks, like JavaScript and CSS file minification and concatenation. W3 Total Cache is among these, as is WP Rocket. These are tasks which are ideally handled at the site development level, but if you would prefer to use a plugin, that’s fine. We just recommend not using the caching features of the plugins and leaving that to our servers instead.
Flywheel servers are configured specifically with WordPress security best practices. We help prevent brute force attacks, lock down core WordPress files (including xmlrpc.php), and take many other security measures for you.
Security plugins duplicate this, and in many cases significantly slow down sites by interfering with our caching, bloat the site’s database, and/or interfere with our native security software.
Examples of disallowed Security plugins:
Note: We provide a solid baseline of security for all sites on Flywheel. For customers who want to go the extra mile, we always recommend keeping all plugins and themes up to date as older code has had more time to get cracked by the bad guys. Additionally, hiding your WordPress login, requiring a CAPTCHA or single-sign-on, having strong usernames and passwords all will help keep your site safe from the unsavory types on the web.
In general, if you aren’t manually assigning related posts, any plugin that is automatically showing related posts is going to be doing so via a barrage of MySQL queries that happen on each and every page load. The end result is often a devastating hit on your site’s performance and substantial damage to your database.
Examples of disallowed Related Posts plugins:
Like some of the other listed plugin categories here, the ongoing jobs run by these plugins can be really taxing on your server and steal resources that your visitors need to view your site in a timely fashion.
Examples of disallowed Link Checker plugins:
Note: For most users, checking broken links is only needed for one-off audits. For this, we recommend an external service like Free Broken Link Checker which will crawl your site for broken links.
.htaccess
will not work on Flywheel, since .htaccess
is an Apache file and we run NGINX.wp-config.php
file will be unable to do so, although in most cases you can contact Flywheel support and we’ll be happy to work with you to put whatever you need in place.The TimThumb image resizing script is embedded in lots of older themes and plugins built from about 2000–2014, but it is no longer supported or updated, so it’s a vulnerability. Besides, it tends to break things on Flywheel anyway. Stick with the image optimization plugins recommended here.
Along with TimThumb, Sucuri reports that outdated versions of Gravity Forms and RevSlider contribute to a high number of security incidents and vulnerabilities with WordPress sites. This is largely because these plugins are frequently embedded in themes and aren’t updated. As long as your theme is kept up-to-date and you are running the latest versions of these plugins, you shouldn’t have issues, but it’s worth double-checking.
Note that certain plugins run database queries to work, and these interfere with caching, which will slow down a site. These include (but are not limited to) Broken Link Checker (which also doesn’t play well with Staging/cloning) and some “related posts” plugins.
This is by no means an exhaustive list, but gives you a sense for the types of plugins that we strongly discourage and/or don’t allow. If you have any questions about a particular plugin and whether it is allowed, don’t hesitate to contact Flywheel support.
New to Flywheel? Start here, we've got all the information you'll need to get started and launch your first site!
How to migrate your site to Flywheel using Flywheel Migrations
How do I go live on Flywheel?
What is a demo site?
Learn all about managing your Flywheel user account, Teams and integrations.
Your role as a collaborator
How do I transfer a subscription to/from an Organization?
What is a collaborator in Flywheel?
Flywheel hosting plans include a ton of great features. Learn about how to get a free SSL certificate, set up a staging site, and more!
Deploying to Flywheel via SSH and GitHub Actions
How do I get started with Staging?
Backups on Flywheel
All the server and setting info you'll need to help you get the most out of your Flywheel hosting plan!
Connecting to Flywheel’s SSH Gateway
Can I access my Flywheel site via SSH?
Can I get access to my database?
Tips and tricks for managing your sites on Flywheel, including going live, troubleshooting issues and migrating or cloning sites.
View allLearn how to connect, deploy, and more with SSH on Flywheel's platform.
Using SSH tunneling to access your site’s database
Deploying to Flywheel via SSH and GitHub Actions
Connecting to Flywheel’s SSH Gateway
We can help! Check out our Brand Resources page for links to all of our brand assets.
Brand Resources