Blocking wordpress plugins


#1

I noticed that godaddy does block some wordpress plugins because of various reasons. https://nl.godaddy.com/help/blacklisted-plugins-8964?ci=97106 My biggest question is how do they do this? Anyone got a clue? Also any other tips to improve wordpress sites on cpanel?


#2

Looks like it’s (only) for their managed Wordpress offerings, they probably blacklisted the plugins in the code itself?

They also mention and if we detect them installed on your account, they will be removed., so they are probably scanning the wp-plugins folder for those plugins as well.


#3

My kimsufi got infected because of a shit WordPress plugin. I stopped using WordPress because of that. GoDaddy sucks but that’s a decent safety precaution.


#4

No correct its only for there wordpress hosting, But since im hosting some wordpress sites aswell, and already got a few people hacked because of bad plugins, im looking todo something like that aswel… Just block the unsupported plugins


#5

While not really on the topic of blocking plugins, there are some things you can do:

  • Litespeed’s cPanel allows you to have a WAF that can drop or throttle brute force traffic on Wordpress login pages
  • Litespeed’s cPanel lets you mass install and update LS Cache. Also lets you know if they’re already using another caching plugin.
  • I don’t use them currently, but I’m sure there’s some Modsecurity vendors (maybe through CXS) that can add more WAF rules for keeping down Wordpress abuse

#6

Seems they block all common caching plugins. That’s stupid


#7

They’re probably using their own. It makes sense.

We want people to use our provided caching plugin (LS Cache) because the web server (Litespeed) has features that can work directly with the plugin for improved caching and reduced load. That’s better than using another PHP level cache.


#8

Correct. Any managed WP platform will have their own deeply integrated caching solution, and using a third party plugin is likely to break that.


#9

Litespeed sounds pretty cool, right now I’m use nginx as cache en then Apache with mod security. And the comodo rules. Cxs any good rules?