Not recommended plugins

Updated on May 26th, 2023

There are more than 54,000 plugins for WordPress out in the universe and most of them are going to work splendidly on Flywheel. However, there are a few categories of plugins that either duplicate functionality that Flywheel already provides, or are known performance-killers on sites.

Flywheel believes that users shouldn’t have to “fiddle” with their site to get the best performance and security. As a managed WordPress host, our goal is to make sure you’re starting out with a site that just works.


Although they are not disallowed, plugins and themes utilizing ionCube are not compatible with sites on Flywheel running PHP 7.4 or newer. The ionCube Loader module is not available on Flywheel due to the significant performance issues it causes.

Backup plugins

Backups are included in every Flywheel plan. We back up your sites every 24 hours on external servers, and we allow you to easily restore and download backups from the Flywheel dashboard.

Backup plugins, on the other hand, can be incredibly resource-hungry. When running, they can take a big bite out of the resources needed to deliver content to visitors, which could slow your site down at an inopportune time. For larger sites, some of the MySQL queries can even take your site offline. Backup plugins also often create large files which can unnecessarily fill up a site’s allotted disk space.

Examples of unsupported Backup plugins:

If you’d like to keep your own backups in additions to the ones Flywheel keeps, we recommend downloading a backup from the Flywheel dashboard.


If you want to create secondary backups in addition to Flywheel’s nightly backup, try choosing a plugin which allows you to store backups offsite, like VaultPress. Your site’s performance will still take a hit while the process is running, but you can store backups in cloud storage which won’t affect your Flywheel storage.

Caching/Performance plugins

Flywheel handles caching at the server level, eliminating the need for caching plugins. Server-side caching is significantly more efficient and scalable than any plugin-based caching, since it doesn’t rely on PHP. In addition, caching plugins run the risk of interfering with server-side caching, resulting in uncached server requests and degraded performance.

In addition, plugin-based caching solutions tend to cause issues when used in tandem with Flywheel features that move or duplicate sites, including Blueprintscloning, and Staging.

Examples of unsupported caching/performance plugins:


Some caching plugins also handle other tasks, like JavaScript and CSS file minification and concatenation. W3 Total Cache is among these, as is WP Rocket. These are tasks which are ideally handled during site development, but if you would prefer to use a plugin, that’s ok too. We just recommend not using the caching features of the plugins and leaving that to our servers instead.

Security plugins

Flywheel servers are configured specifically with WordPress security best practices. We help prevent brute force attacks, lock down core WordPress files (including xmlrpc.php), and take many other security measures for you.

Security plugins may provide additional features, but in many cases can slow down sites by over-utilizing server resources, interfering with Flywheel’s caching, bloating the site’s database, and/or interfering with our native security software.

While we discourage the use of these plugins, we don’t block them – you are able to install any security plugin you like. That said, we have found these plugins in particular can degrade performance:


We provide a solid baseline of security for all sites on Flywheel. For customers who want to go the extra mile, we always recommend keeping all plugins and themes up to date as older code has had more time to get cracked by the bad guys. Additionally, hiding your WordPress login, requiring a CAPTCHA or single-sign-on, having strong usernames and passwords all will help keep your site safe from the unsavory types on the web.

Related Post Plugins

In general, if you aren’t manually assigning related posts, any plugin that is automatically showing related posts is going to be doing so via a barrage of MySQL queries that happen on each and every page load. The end result is often a devastating hit on your site’s performance and substantial damage to your database.

Examples of unsupported Related Posts plugins:


Since crawling over all your posts and establishing connections automatically requires some a lot of horsepower, we’d recommend one of these external related post services to perform the same function without the performance consequences.

Plugins with known issues

  • When SMTP email plugins are installed, in most cases emails will no longer be routed through Flywheel’s mail servers. While most users can manage their own outgoing mail without issue, Flywheel support is not able to troubleshoot SMTP plugins. Click here for more information on Flywheel’s email limitations.
  • Any plugin that specifically modifies .htaccess will not work on Flywheel, since .htaccess is an Apache file and we run NGINX.
  • Similarly, any plugin that needs to write to the wp-config.php file will be unable to do so, although in most cases you can contact Flywheel support and we’ll be happy to work with you to put whatever you need in place.
  • Any plugin that still requires access to xmlrpc.php, since we block that file by default on Flywheel. (XML-RPC is  vulnerable to abuse, and rarely used by most plugins and themes, since it’s generally considered an outdated way of doing things.)
    • Note that the popular WordPress plugin Jetpack does require access to xmlrpc.php; however, we’re not currently aware of any issues Jetpack has with our block. If you run into troubles with your Jetpack plugin or connection and you’ve tried everything else, please let our support team know and we’ll be happy to help.

Other things to watch out for

The TimThumb image resizing script is embedded in lots of older themes and plugins built from about 2000–2014, but it is no longer supported or updated, so it’s a vulnerability. Besides, it tends to break things on Flywheel anyway. Stick with the image optimization plugins recommended here.

Along with TimThumb, Sucuri reports that outdated versions of Gravity Forms and RevSlider contribute to a high number of security incidents and vulnerabilities with WordPress sites. This is largely because these plugins are frequently embedded in themes and aren’t updated. As long as your theme is kept up-to-date and you are running the latest versions of these plugins, you shouldn’t have issues, but it’s worth double-checking.

Note that certain plugins run database queries to work, and these interfere with caching, which will slow down a site. These include (but are not limited to) Broken Link Checker (which also doesn’t play well with Staging/cloning) and some “related posts” plugins.


We take this issue very seriously and try our best to strike a balance between freedom, security, and performance. If you have any issues, we’re happy to work with you to figure out the best solution for your site!

This is by no means an exhaustive list, but gives you a sense for the types of plugins that we strongly discourage and/or don’t allow. If you have any questions about a particular plugin and whether it is allowed, don’t hesitate to contact Flywheel support.

Need help?

If you have any questions our Happiness Engineers are here to help!

Was this article helpful?

Getting Started

New to Flywheel? Start here, we've got all the information you'll need to get started and launch your first site!

View all

Account Management

Learn all about managing your Flywheel user account, Teams and integrations.

View all


Everything about billing, invoices and payments can be found here.

View all


Flywheel hosting plans include a ton of great features. Learn about how to get a free SSL certificate, set up a staging site, and more!

View all

Platform Info

All the server and setting info you'll need to help you get the most out of your Flywheel hosting plan!

View all

Site Management

Tips and tricks for managing your sites on Flywheel, including going live, troubleshooting issues and migrating or cloning sites.

View all

Developer Hub

Learn how to connect, deploy, and more with SSH on Flywheel's platform.

View all

Growth Suite

Learn more about Growth Suite, our all-in-one solution for freelancers and agencies to grow more quickly and predictably.

View all

Managed Plugin Updates

Learn more about Managed Plugin Updates, and how you can keep your sites up to date, and extra safe.

View all


Flywheel help

Help is just a click away! Log into Flywheel dashboard to instantly chat with an expert, respond to a ticket, or follow along with in-depth documentation. We happily offer support 24 hours a day, 7 days a week, 365 days a year!

Log in

Try Flywheel today

Launch your next WordPress site in minutes.

 Free migrations  24/7/365 support  14 day demo sites