Understand Managed WordPress security
Managed WordPress is our streamlined, optimized hosting platform for building and managing WordPress sites. The entire hosting environment is built around making your WordPress sites run faster and more securely. As such, some WordPress features and plugins may not be available, just as there are other features specific to Managed WordPress that are not available on a normal WordPress installation.
To help achieve that, we block plugins known to cause security or performance issues. We also block connections to specific mail ports, as well as limit the execution of PHP in certain directories.
Note: WordPress multisite networks are not supported on Managed WordPress plans.
Blocklisted plugins
Blocklisted plugins cannot be installed on your account. The plugins we block fall into several categories.
- Duplicate functionality: These plugins duplicate functionality in various parts of our system. Which includes, but is not limited to backups, caching, alternative access to phpMyAdmin, and alternatives for gzip compression.
- Security issues: These plugins have associated security issues that may pose risks to your site as well as the health of the server your site is hosted on.
- Performance: The plugins in this category don't perform well in general, especially on large sites.
- Related posts: These plugins increase database load by using inefficient queries, poor caching, or poor scaling on large sites (alternatives are available).
- Stats: These plugins negatively impact your websites' performance by sending many requests to your database which can prevent your site from caching properly (alternatives are available).
- Unnecessary/non-functional: These plugins don't add any value and do not work correctly on our system.
See the full list of blocklisted plugins.
Third-party mail connections
While no third-party mail plugins are explicitly blocked, all connections from ports 25, 465, and 587 are blocked for security reasons. Therefore, it is not possible to send mail from your Managed WordPress service using a third-party mail system.
PHP file execution blocked
Attackers can try to use PHP files to inject malware and perform other malicious acts to your website. To help protect you against this, PHP file execution has been blocked on specific sub-directories.