WordPress is an incredibly diverse tool for building blogs and websites. Not only that, functionality can be expanded by a huge array of third party plugins. These can add features ranging from online shops, payment gateways, bulletin boards, booking software and backup tools. I doubt that there is a WordPress site out there that does not use a plugin to add some other feature.
At Hipposerve, our main website is built using WordPress, and we happily use plugins to build great online forms and to provide knowledge base functionality.
The Downside to WordPress Plugins
However, there is a downside to plugins. One can get carried away with the implementation, and as a web host, I would say about 80% of our support queries are related to a plugin not working as expected on a WordPress site. It can be tempting to add a plugin for everything. I think the record for one particular website we saw was 65 different plugins (including 4 different caching plugins). Needless to say, the website performed like a sick old man, and was generating multiple plugin conflict errors.
As plugins are usually produced by third party providers, the quality can sometimes be suspect. Even the best software houses, sometimes release an update that contains a new bug or security flaw! And of course, the more plugins you have, the more likely you are too be exposed to these things.
Blocking Plugins
There is an increasing trend for web hosting companies to block certain plugins for their WordPress sites. One common plugin type to be blocked are backup plugins. Hosting companies cite the reason for this, is that they are resource heavy and the files generated take up a lot of web hosting space. The cynic in me, however, wonders if it is more to do with the fact that they offer their own paid for backup solutions!
Other plugins that are blocked are plugins which are out of date and those which have known security flaws. This is in addition to plugins know to use a lot of web server resources.
Legitimate Use
At Hipposerve we believe that the customer should have a choice as to which plugins they should use. There are many legitimate reasons to install certain older plugins, for legacy purposes or even development purposes. Why should a client be forced to pay for a backup solution, when there are many plugins that can perform this important task for free. For this reason, we allow all plugins, but with the following caveat. Should a plugin, breach our “fair usage policy”, in terms of resources used or security, that could impact on our other customers. We will request that they upgrade to one of our Hippo Business Pro or VPS plans, where they can use these without any impact on other services.
This said, it is always important that users understand good plugin practice, which is why we have created this knowledge base – WordPress Plugins—Everything You Need to Know.
We also recommend that before one installs any plugin, they check out the WordPress Vulnerability Database, which lists all plugins that have any known security issues. You can even view the details of each plugin to see if the issue has been fixed and which version it affects.
Backup Plugins – A Special Case
Backup plugins are a little bit different – just to say, that we don’t block these, either. However, these are different due to the way that people use them.
We all know backups are important, right! It’s like an insurance for your website. It’s a bit of a pain having to set up these backups, but the day you break your website, or the server fails, they become a lifesaver!
Useless Backups
However, WordPress backup plugins use a lot of server resources. Whilst they are running, your website can grind to a halt. If lots of people on shared hosting are taking lots of backups all the time, the whole server can fall over. We need to be careful. If you choose to use a backup plugin for your website, you should always schedule it to run just once a day. This is enough for most websites on shared hosting. Always make sure it runs at an off-peak time (3am, for example).
High Resources
The next problem with backup plugins is there is no point in storing your backup files on the same server as your website. This is known as incestuous backups and is largely pointless. If the server fails, or your webspace becomes corrupted, the backup files will be lost anyway. You MUST store your backup files elsewhere. Many backup plugins include features to allow you to upload your backup files to an external service, such as Google Drive or Amazon AWS – or you can manually download the backup files and store them locally.
The second reason why you should not store your backup files on the same server as your website is they take up a lot of space. Even on unmetered services such as Hipposerve, disk space is at a premium, and multiple backup files can fill it up quickly. By overusing the server’s file system, you will breach the “fair usage” policy for most hosts. In our case, backup files are banned on our shared hosting services, and we have an automated system that checks regularly and removes backup files, without notification. This is common practice amongst web hosts to ensure that all customers have a fair use of the servers resources.
If you must store backup files on your webspace, we recommend that you upgrade to a Hippo Business Pro or VPS Plan.
In Summary
Should specific WordPress plugins be blocked? We believe that the customer has a right to choose which plugins they need for a particular application, provided that they do not impact on the services of other users. We therefore do not believe in blocking these plugins, but to monitor and educate our customers about their choice of plugin. Furthermore, we also need to inform our customers that not all plugins are suitable for all types of Hosting Plan. Some are much better suiting for VPS Plans or dedicated servers, rather than shared hosting.
To find out more, visit our knowledge base – WordPress Plugins—Everything You Need to Know.
