MODX Cloud provides a high-performance, secure hosting environment optimized for WordPress sites. While our platform supports most WordPress plugins, we maintain a list of disallowed plugins that may compromise performance, security, or stability.
These disallowed plugins aren't inherently flawed - many function well in self-managed environments. However, as your managed WordPress hosting provider, we've identified these specific plugins as potentially problematic within our optimized infrastructure.
Our restrictions exist solely to maintain the performance, security, and reliability standards you expect from MODX Cloud. To not adhere to these restrictions is a violation of our Acceptable Use Policy.
If you have questions about a specific disallowed plugin or believe recent updates have resolved previous concerns, please reach out to our Support team for assistance.
CDN and Security Plugins
MODX Cloud includes (and requires) CloudEdge (powered by Cloudflare) for all WordPress production sites. This provides enterprise-grade CDN and WAF (Web Application Firewall) protection automatically. The following plugins are disallowed as they may conflict with or duplicate this built-in functionality:
- Cloudflare
- Sucuri Security
- CDN Enabler
- Simple CDN
- CloudFlare Flexible SSL
- WP Fastest Cache
Since CloudEdge is already integrated at the platform level, there's no need for separate proxy solutions or CDN plugins. Your site already benefits from Cloudflare's global network for content delivery and security protection.
Backup Plugins
We discourage the use of backup plugins as they can unnecessarily use server resources and may store files in a way that compromises security. Many backup plugins also run jobs at inopportune times, causing database slowdowns or timeouts.
The following backup solutions are disallowed:
- WP DB Backup
- WP DB Manager
- BackupWordPress
- VersionPress
- All-in-One WP Migration
- BackupBuddy
- BackWPup
- Duplicator Pro
- Snapshot
- UpdraftPlus
MODX Cloud takes automatic daily backups of all WordPress sites hosted with us. These backups are performed efficiently and stored securely on separate servers from your WordPress installation. Our automated backups can be restored in one click or restored to a different Cloud in a few more.
If you need to migrate a site to MODX Cloud, we recommend requesting assistance from the MODX Cloud support team. If you do want to migrate by yourself, we recommend using the free version of Duplicator or Migrate Guru, which are specifically designed for migration rather than ongoing backups.
Resource-Intensive Plugins
These plugins are disallowed because they cause high server load or create excessive database queries, which can significantly impact your site's performance:
- MyReviewPlugin
- LinkMan
- Fuzzy SEO Booster
- WP PostViews
- Tweet Blender
- P3 Profiler
- JCH Optimize
- Better WordPress Minify
- Optimize Database after Deleting Revisions
For tracking visitor analytics, we recommend using Google Analytics, Matomo, Fathom, Plausible or similar services that process data off-site.
Related Posts Plugins
Many "Related Posts" plugins use intensive database queries and inefficient indexing methods that can severely impact performance as your content grows:
- Dynamic Related Posts
- SEO Auto Links & Related Posts
- Similar Posts
- Contextual Related Posts
As alternatives, consider using:
- Related Posts for WordPress
- Outbrain
- Contextly
These services offload the processing to external servers rather than taxing your WordPress database.
Duplicate Functionality Plugins
The following plugins duplicate functionality that MODX Cloud already provides in a more efficient, scalable manner:
- No Revisions — We disable revisions for all customers by default
- Force Strong Passwords — Password strength requirements are enforced at the platform level
- Bad Behavior — We already implement these security measures at the server level
- WordPress GZIP Compression — GZIP is already enabled on all MODX Cloud servers
Email Plugins
While WordPress allows you to send emails directly, we recommend using dedicated email services for optimal deliverability and management. Specialized services like MailChimp, Constant Contact, and AWeber offer complete email solutions with better deliverability rates.
If your domain's email provider offers its own SMTP server, you can configure that as your outgoing server. Check with your email provider about their bulk mail, opt-in mail, and anti-spam policies before doing so.
Security Plugins
Many security plugins cause performance issues due to their continuous scanning and monitoring operations. With CloudEdge (powered by Cloudflare) integrated into all WordPress production sites on MODX Cloud, you already benefit from:
- Enterprise-grade WAF protection
- DDoS mitigation
- Bot protection
- IP-based access controls
- Advanced rate limiting
Some security plugins are allowed with limitations:
- Wordfence is allowed, but the Traffic Logging feature is disabled as it causes high IOPS
Since CloudEdge provides comprehensive security at the edge (before traffic even reaches your WordPress application), there's no need for additional proxy-based security solutions.
Image & Media Processing Plugins
Server-based image processing and video conversion can consume excessive resources. The following are not allowed:
- Server-based image optimization plugins (those that perform processing on our servers)
- Video conversion plugins requiring FFmpeg or similar server packages
We recommend using cloud-based image optimization services like EWWW Image Optimizer (which processes images on external servers) or pre-optimizing images before uploading them to your site.
Miscellaneous Disallowed Plugins
Other plugins we've decided to proactively restrict include:
- Hello Dolly!
- WP phpMyAdmin
- Sweet Captcha
- Digital Access Pass (DAP)
- Pipdig Power Pack (P3)
- WP RSS Multi Importer
- WordPress Popular Posts
- Inactive User Deleter
- Allow PHP Execute
- Dynamic Widgets
- Exec-PHP
Disallowed Scripts
Some frequently used scripts are known to contain security vulnerabilities:
- TimThumb (older versions)
- Uploadify
Complete List of Disallowed WordPress Plugins
Below is a comprehensive list of disallowed plugins on MODX Cloud. You can compare this against your wp-content/plugins/ directory to check for conflicts:
adminer all-in-one-wp-migration allow-php-execute async-google-analytics backup backup-scheduler backupbuddy backupwordpress backwpup bad-behavior better-wordpress-minify bwp-minify cloudflare cloudflare-flexible-ssl content-molecules contextual-related-posts duplicator duplicator-pro dynamic-related-posts dynamic-widgets exec-php ezpz-one-click-backup facebook-instant-articles-google-amp-pages-by-pagefrog facebook-open-graph-google-twitter-card-tags file-commander fuzzy-seo-booster gd-system-plugin gd-system-plugin.php google-xml-sitemaps-with-multisite-support hc-custom-wp-admin-url hcs.php hello.php inactive-user-deleter jch-optimize jr-referrer jumpple missed-schedule no-revisions ozh-who-sees-ads p3 p3-profiler pagefrog pipdig-power-pack pluginsamonsters pluginsmonsters portable-phpmyadmin recommend-a-friend rvg-optimize-database seo-alrp si-captcha-for-wordpress simple-cdn similar-posts snapshot spamreferrerblock ssclassic sspro sucuri-scanner super-post superslider sweetcaptcha-revolutionary-free-captcha-service text-passwords the-codetree-backup toolspack ToolsPack tweet-blender updraft updraftplus versionpress wonderm00ns-simple-facebook-open-graph-tags wordpress-database-abstraction wordpress-gzip-compression wordpress-popular-posts wp-database-optimizer wp-db-backup wp-db-backup-made wp-dbmanager wp-engine-snapshot wp-phpmyadmin wp-postviews wp-rss-multi-importer wp-slimstat wp-symposium-alerts wpengine-migrate wpengine-migrate.tar.gz wpengine-migrate.zip wpengine-snapshot wpengine-snapshot.tar.gz wponlinebackup wpsmilepack
Nulled Plugins
Nulled plugins (premium plugins obtained without proper licensing) are strictly prohibited on MODX Cloud. These plugins often contain modified code designed to cause harm or collect information. Using nulled plugins violates our Terms of Service and may compromise the security of your site.
Disabled Functions and Extensions
Some plugins may be technically allowed but will not function properly due to disabled PHP functions or server modules. These restrictions are necessary to maintain performance and security across all MODX Cloud servers.
What To Do If You Need a Disallowed Plugin
If you believe you need functionality provided by a disallowed plugin, please contact our Support team. We may be able to suggest alternatives or work with you to find a solution that meets your needs without compromising platform stability.
Remember that MODX Cloud's managed environment is designed to handle many common WordPress requirements without additional plugins, including:
- Server-level caching
- Daily backups with one-click restore
- CloudEdge (powered by Cloudflare) for CDN and security
- Performance optimization
We're continuously working with WordPress plugin developers to improve compatibility with our platform. Our disallowed list is regularly reviewed and updated as plugins evolve.