WordPress Plugin Usage

To keep our managed WordPress hosting service running as fast and safe as possible, we actively scan WordPress websites to identify threats and potential problems.

WordPress boasts almost 40,000 free, commercial, and community-supported plugins. Most are great! Some are not. Like other managed WordPress hosting providers, we maintain a “no-no” list of certain plugins that do not play nice with our hosting service, such as interfere with its operation or slow it down.

We’ve put together this page to explain our position on various plugins. Please note, those mentioned on this page are by no means comprehensive, and we may add plugins here as we deem fit.

In some cases, we will notify you that your installation is out of date, for example, or that we found a script exploit that could render your website hackable. In the case of known “trouble” plugins, we may deactivate or remove the plugin without further notice.

Backup Plugins

These should be avoided. We make daily, weekly, and monthly backups, and use of WordPress-based backup plugins are redundant and needlessly add to server load. We reserve the right to deactivate or remove backup plugins.

Caching Plugins

Most caching plugins are okay. While Canvas Host offers free use of CloudFlare to all customers, that should be used as a safety net. You can use both.

We recommend:

  • W3 Total Cache
  • WP Super Cache

Learn more about CloudFlare

Email / Mass Mail Plugins

These should be avoided. Our WordPress hosting environment limits the volume of email that can be sent per hour. Mass mail plugins can blacklist a server. Canvas Host offers a great alternative service for large quantity sending, called Canvas.Email. We reserve the right to deactivate or remove mail mail plugins.

Learn more about Canvas.Email

Statistics Plugins

These should be avoided. We offer built-in statistics software with all WordPress hosting plans, available via the hosting account’s cPanel control panel. If you feel you must use a statistics plugin, please limit it to Google Analytics. Beyond this, we reserve the right to deactivate or remove statistics plugins.

We recommend:

  • Google Analytics

Security Plugins

These are mostly okay, with the exception of WordFence. It tends to cause incur MySQL transactions that can impact server performance. We reserve the right to deactivate or remove security plugins if they cause high server load.

MySQL Management / Remote Access Plugins

These plugins, such as the PHPMyAdmin plugin, are completely banned. They are dangerous as they offer direct access to database functions. They are also redundant, as we offer built-in PHPMyAdmin support within all hosting account’s cPanel control panel. We will deactivate or remove all PHPMyAdmin and remote MySQL plugins of this nature.

Related Post Plugins

These have caused a number of issues throughout our hosting environments. We reserve the right to deactivate or remove related post plugins.


This is blocked in our standard shared hosting plan, in part because of use of outdated WordPress installations that still exist.

In our WordPress hosting service line, XMLRPC is currently permitted, as we enforce use of the latest WordPress version. We reserve the right to block this if it becomes an issue in the future due to denial of service attempts.

Please contact us if you have any questions about our policies on the use of these and related WordPress plugins.