There are more than 54,000 plugins for WordPress out in the universe and most of them are going to work splendidly on Flywheel. However, there are a few categories of plugins that either duplicate functionality that Flywheel already provides, or are known performance-killers on sites.
Flywheel believes that users shouldn’t have to “fiddle” with their site to get the best performance and security. As a managed WordPress host, our goal is to make sure you’re starting out with a site that just works.
Backups are included in every Flywheel plan. We back up your sites every 24 hours on external servers, and we allow you to easily restore and download backups from the Flywheel dashboard.
Backup plugins, on the other hand, can be incredibly resource-hungry. When running, they can take a big bite out of the resources needed to deliver content to visitors, which could slow your site down at an inopportune time. For larger sites, some of the MySQL queries can even take your site offline. Backup plugins also often create large files which can unnecessarily fill up a site’s allotted disk space.
Examples of unsupported Backup plugins:
If you’d like to keep your own backups in additions to the ones Flywheel keeps, we recommend downloading a backup from the Flywheel dashboard.
Flywheel handles caching at the server level, eliminating the need for caching plugins. Server-side caching is significantly more efficient and scalable than any plugin-based caching, since it doesn’t rely on PHP. In addition, caching plugins run the risk of interfering with server-side caching, resulting in uncached server requests and degraded performance.
Examples of unsupported caching/performance plugins:
Flywheel servers are configured specifically with WordPress security best practices. We help prevent brute force attacks, lock down core WordPress files (including xmlrpc.php), and take many other security measures for you.
Security plugins may provide additional features, but in many cases can slow down sites by over-utilizing server resources, interfering with Flywheel’s caching, bloating the site’s database, and/or interfering with our native security software.
While we discourage the use of these plugins, we don’t block them – you are able to install any security plugin you like. That said, we have found these plugins in particular can degrade performance:
In general, if you aren’t manually assigning related posts, any plugin that is automatically showing related posts is going to be doing so via a barrage of MySQL queries that happen on each and every page load. The end result is often a devastating hit on your site’s performance and substantial damage to your database.
Examples of unsupported Related Posts plugins:
Like some of the other listed plugin categories here, the ongoing jobs run by these plugins can be really taxing on your server and steal resources that your visitors need to view your site in a timely fashion.
Examples of unsupported Link Checker plugins:
.htaccesswill not work on Flywheel, since
.htaccessis an Apache file and we run NGINX.
wp-config.phpfile will be unable to do so, although in most cases you can contact Flywheel support and we’ll be happy to work with you to put whatever you need in place.
The TimThumb image resizing script is embedded in lots of older themes and plugins built from about 2000–2014, but it is no longer supported or updated, so it’s a vulnerability. Besides, it tends to break things on Flywheel anyway. Stick with the image optimization plugins recommended here.
Along with TimThumb, Sucuri reports that outdated versions of Gravity Forms and RevSlider contribute to a high number of security incidents and vulnerabilities with WordPress sites. This is largely because these plugins are frequently embedded in themes and aren’t updated. As long as your theme is kept up-to-date and you are running the latest versions of these plugins, you shouldn’t have issues, but it’s worth double-checking.
Note that certain plugins run database queries to work, and these interfere with caching, which will slow down a site. These include (but are not limited to) Broken Link Checker (which also doesn’t play well with Staging/cloning) and some “related posts” plugins.
This is by no means an exhaustive list, but gives you a sense for the types of plugins that we strongly discourage and/or don’t allow. If you have any questions about a particular plugin and whether it is allowed, don’t hesitate to contact Flywheel support.
New to Flywheel? Start here, we've got all the information you'll need to get started and launch your first site!
Migrate your site to Flywheel using Flywheel Migrations
How do I go live on Flywheel?
What is a demo site?
Learn all about managing your Flywheel user account, Teams and integrations.View all
Everything about billing, invoices and payments can be found here.View all
Flywheel hosting plans include a ton of great features. Learn about how to get a free SSL certificate, set up a staging site, and more!
Deploy to Flywheel via SSH and GitHub Actions
How do I get started with Staging?
Backups on Flywheel
All the server and setting info you'll need to help you get the most out of your Flywheel hosting plan!View all
Tips and tricks for managing your sites on Flywheel, including going live, troubleshooting issues and migrating or cloning sites.View all
Learn how to connect, deploy, and more with SSH on Flywheel's platform.View all
Learn more about Growth Suite, our all-in-one solution for freelancers and agencies to grow more quickly and predictably.
Getting started with Growth Suite
Growth Suite: What are invoice statuses?
Growth Suite: What do client emails look like?
Learn more about Managed Plugin Updates, and how you can keep your sites up to date, and extra safe.
Managed Plugin Updates: Database upgrades
Managed Plugin Updates: How to pause plugin updates for a site
Managed Plugin Updates: Plugin Security Alerts