blacklist.txt

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; author: SlickStack ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; link: https://slickstack.io ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; mirror: littlebizzy/slickstack/blob/master/modules/wordpress/blacklist.txt ;;;;;;;;;;;;;;;;;;;;
;;;; path: /var/www/html/wp-content/blacklist.txt ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; destination: n/a (not a boilerplate) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; purpose: Plugin Blacklist configuration file (with related comments by LittleBizzy) ;;;;;;;;;;;
;;;; module version: Plugin Blacklist 2.0.x + WordPress 6.7.x ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; sourced by: n/a ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; bash aliases: n/a ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;; ARE YOU A WEB HOST USING SLICKSTACK? DEFINE A CUSTOM PLUGIN BLACKLIST IN SS-CONFIG! ;;

;; In most cases, plugins will be added by LittleBizzy to the Future blacklist first to give ;;
;; webmasters time to find alternatives (typically several months or longer). However, in ;;
;; cases of malware, crashing, thrashing, or other serious issues, plugins are banned ;;
;; immediately via the Active blacklist (rare, but sometimes necessary). ;;

;; The goal of SlickStack is to maximimize speed, stability, and security, along with ;;
;; championing the open web and competition -- and thus, inter-compatibility. We frown on ;;
;; page builder plugins or themes (etc) that try to lock-in webmasters to using ;;
;; their own proprietary frameworks or sister products. It is always better to avoid ;;
;; page builder plugins entirely, in fact, and rely only on themes. That said, if you want ;;
;; to use one, always choose a page builder that offers an open source (free) version ;;
;; in order to avoid as much lock-in and licensing as possible. ;;

;; Recommended page builders: Gutenberg, SiteOrigin, Beaver Builder, Elementor. ;;

;; BEWARE PROPRIETARY / LOCK-IN PAGE BUILDERS: Oxygen, Qards, Thrive Architect, Divi Builder, ;;
;; Fusion (Avada) Builder, Ebor (Aqua), WP Bakery (Visual Composer), etc. ;; 

;; Avoid plugins more than "2 levels" deep... any plugin you install should only affect the ;;
;; open source CMS or micro-platform above it; do not rely on plugins that alter or customize ;;
;; proprietary or nonintuitive themes or plugins, or those released by other vendors. For ;;
;; example, a plugin that modifies WordPress or WooCommerce is a good idea, but a plugin that ;;
;; modifies another vendor's product e.g. Elementor, Divi theme, or Yoast SEO is generally ;;
;; a bad idea and often results in code conflicts and maintenance issues later. ;;

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; Blacklist.txt: Glossary Of Terms ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;; we try hard to avoid making this blacklist a judgement of moral or political leanings ;;
;; however we do blacklist extreme cases of fraud, cronyism, and repeat abuses ;;

;; ss conflicts = conflicts with SlickStack (default MU plugins or LEMP stack modules)
;; hacks third-party design products = alters frontend layout products from other vendors
;; bloated = extremely heavy or slow scripts beyond what should be necessary
;; excessive logging = abuses the MySQL database for logging in ways that are bad practice
;; excessive api calls = abusive amount of external API calls (i.e. bloated API)
;; ransomware = illegally blocks access to scripts in violation of the GPL license
;; spyware = tracks WP or traffic analytics without opt-in or in otherwise deceitful ways
;; creates instability = foolish or bad practice scripts that hurt WP stability
;; poor coding = history of very bad quality or careless coding practices
;; poor maintenance = rarely releases patches or updates that would otherwise be expected
;; hijacks wp functions = tries to replace (stable) WP Core functions with their own
;; hjacks wp admin = repeat or long-term abuse of the WP Admin backend (e.g. spam, etc)
;; serious errors = repeat or long-term errors that seriously hurt functionality
;; database thrashing = abusive SQL queries that result in CPU spikes, RAM exhaustion, etc
;; code theft = illegally steals code from other GPL products without credits
;; death threats = authors sent death threats to SlickStack or other WP developers
;; brand abandoned = the company no longer updates or maintains their various products
;; deprecated = the script has been officially shut down by the original author
;; consumer fraud = repeat and long-term deceptive marketing practices that confuse users
;; exploitable = current or repeated instances of hackable code (security holes)
;; potential data loss = functions that could result in the mass loss of files or data
;; better options exist = several other similar scripts exist with better functions
;; smtp risks = risks getting your server/domain blacklisted as an email spammer
;; resource intensive = uses too many server resources than should typically be needed
;; theme-specific custom post types = generates CPTs that only support their own WP themes
;; theme-specific code ;; generates data/code that cannot be used by other WP themes
;; no public changelog = no public documentation of code/version changes or patches
;; wp cronyism = regularly abuses influence by trying to acquire unfair market advantage
;; violates GPL terms = illegally breaks the guidelines required by the GPL license
;; requires api validation = design/content will disappear if api credentials unaccepted
;; political censorship = products that arbitrarily deplatform or censor non-violent speech

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; 1. Long-Term Disallowed Vendors (Recurring Technical Or Ethical Reasons) ;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;; Alex Panagis ;; consumer fraud, harassment, slander ;;
;; Astra Theme (Brainstorm Force) ;;
;; Awesome Motive ;; dmca fraud, WP Admin spam, cronyism, breaks the rules of WP.org without consequences, too many reasons to list
;; BeSquares ;; brand abandoned ;;
;; Bhanu Ahluwalia ;; consumer fraud, spyware, ransomware ;;
;; Brainstorm Force ;; bloated, creates instability, hacks third-party design products, lock-in issues ;;
;; Brian Lee Jackson ;; consumer fraud, code theft ;;
;; bringthepixel (Bimber theme) ;; poor coding, bloated, theme-specific code, no public changelog ;;
;; Crocoblock ;; poor coding, serious errors, hacks third party design products ;;
;; Jetpack ;; bloated, spammy, hijacks wp admin, lacks transparency, resource intensive, wp cronyism ;;
;; Joost de Valk ;; bloated, spammy, hijacks wp admin, poor coding, wp cronyism
;; Kinsta (Brian Jackon, Alex Panagis, Jon Penland, Mark Gavalda) ;;
;; Kodemann ;; brand abandoned ;;
;; Lumin Apps ;; brand abandoned ;;
;; Macho Themes (Alex Panagis) ;; consumer fraud ;;
;; MailChimp ;; political censorship
;; Monster Insights ;; bloated, spammy, hijacks wp admin, bad practice ;;
;; MyThemeShop (Bhanu Ahluwalia, Suraj Vibhute) ;; consumer fraud, spyware, ransomware, violates GPL terms, death threats ;;
;; OneTone theme ;; exploitable (via Sucuri), brand abandoned
;; Noah Kagan ;; bloated, excessive API calls, poor maintenance, illegal email spam
;; OptimizePress ;;
;; Qode Themes ;; poor coding, errors, poor maintenance
;; Rank Math SEO (Bhanu Ahluwalia, Suraj Vibhute) ;; consumer fraud, spyware, ransomware, violates GPL terms, death threats
;; PerfMatters (Brian Lee Jackson) ;; code theft ;;
;; Pipdig (Phil Clothier) ;; spyware ;;
;; Phil Clothier ;; spyware ;;
;; RadiantThemes ;; breaks all kinds of best practices, creates instability, poor coding, locked-in CPTs
;; Samuel "Otto" Wood ;; wp cronyism, consumer fraud
;; ShortPixel ;; bloated, resource intensive, spammy, generates junk files
;; Smart Slider (Alex Panagis) ;;
;; snapCX.io ;; brand abandoned ;;
;; Social Actions ;; brand abandoned ;;
;; SumoMe ;; bloated, excessive API calls, poor maintenance
;; Suraj Vibhute ;; consumer fraud, spyware, ransomware ;;
;; Swift Ideas ;; bloated, bad practices (bundles theme-specific custom post types, etc) ;;
;; Syed Balkhi ;; spammy, bloated, wp cronyism, better options exist ;;
;; Team Yoast ;; spammy, deceptive
;; The Web Design Hub ;; brand abandoned ;;
;; Themeco ;; serious conflicts, hijacks wp core, no public changelogs, theme-specific page builder
;; ThemeFusion (Avada) ;; bloated, everything is proprietary
;; ThemePunch (Revslider) ;; bloated, history of exploits
;; Thrive Themes ;; bloated, poor coding, excessive logging, serious errors, hijacks wp core functions
;; Vafour (Vafpress Framework) ;; brand abandoned, not maintained ;;
;; Warfare Plugins, etc (Dustin W. Stout, Jason T. Wiser, Nicholas Z. Cardot) ;;
;; WebFactory Ltd ;; history of exploits, history of poor coding ;;
;; Yotpo ;; ransomware

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; 2. Short-Term Disallowed Vendors (Resolvable Critical Issues) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;; Rymera Web ;; WP-Cron abuse, database thrashing
;; Josh Kohlbach (Rymera Web) ;; blames SlickStack for his poor code instead of fixing it

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; 3. Not Recommended Vendors (Possibly Long-Term Disallowed In The Future) ;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;; BestWebSoft ;;
;; Bootstrapped Ventures ;; conflicts with Nginx caching, overuse of REST API, etc
;; Contempo Themes (Chris Robinson) ;; exploitable, poor coding, poor maintenance, many plugins are theme-specific, no public changelogs
;; Course Cats ;; excessive API calls, poor coding
;; Divi Life ;; all products hack third-party design products
;; Drfuri ;; not maintained, no public changelogs, hacks third-party design products
;; Eric Turnnessen (MemberMouse) ;; 
;; Elegant Themes (Divi) ;;
;; Elfsight ;; poor coding, database thrashing, serious errors, resource intensive
;; Future Design Group ;; poor coding, poor maintenance
;; Genesis Framework ;; proprietary frameworks
;; Gijo Varghese ;;
;; IntellyWP ;; bloated, poor coding, serious errors, violates GPL terms
;; Leadpages ;; bloated, poor maintenance, creates instability
;; MemberMouse ;; poor coding, MySQL data loss, does not use their own software, blames SlickStack for their errors
;; Mikado Themes ;; theme-specific CTPs and plugins, etc
;; Nextend (Roland Soos, Daniel David) ;; consumer fraud
;; NicheAddons ;; hacks third-party design products
;; Om Ak Solutions (Ankit Singla, Nikhil Khokhar, Savi Goyal) ;;
;; OnTheGoSystems (WPML, Toolset) ;; bloated, poor coding, security issues
;; Photocrati (Imagely / NextGen Gallery) ;;
;; PixelYourSite ;; spammy, hijack WP Admin ;;
;; Redux Framework + Dovy Paukstys ;; has drastically shifted from a general theme options framework to Gutenberg middleman/spammy
;; SmartDataSoft ;; poor coding, bad practices (e.g. theme-specific plugins, etc) ;;
;; Sridhar Katakam ;;
;; StudioPress ;; proprietary frameworks
;; TagDiv ;; various bad practices, excessive logging, history of exploits
;; ThemeGoods ;; bundles theme-specific custom post types plugins
;; WP Desk ;; poor coding, tracking (spyware)
;; WPClever.net ;;
;; WPDeveloper ;; poor coding
;; WpIndeed ;; poor coding, serious errors
;; WPMU DEV ;;
;; YITH ;; spammy, security issues, poor coding
;; Upsolution / Us Theimes ;; poor coding
;; Zendesk ;; poor maintenance, sues anyone who users the ancient Chinese term "zen"

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; Blacklist.txt: Active Blacklist (Currently Disallowed Plugins) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;; match any path (case insensitive)
;; for exact directory matches use slashes e.g. /revslider/

[blacklist]
10web-manager ; vendor specific, no public changelog (By 10Web)
2-click-socialmedia-buttons ; not maintained
/301-redirects/ ; not maintained
/404s/ ; excessive logging
404-error-monitor ; excessive logging, not maintained
404-notifier ; excessive logging, not maintained
404-redirected ; excessive logging, not maintained (by Remkus de Vries)
404-redirection-manager ; excessive logging, serious errors, not maintained
404-solution ; excessive logging, bad practice (By Aaron J)
404-to-301 ; excessive logging
6scan-backup ; ss conflicts, not maintained, resource intensive
6scan-protection ; ss conflicts, not maintained, resource intensive
a2-optimized-wp ; vendor specific
a2-w3-total-cache ; ss conflicts, vendor specific, bloated
above-the-fold-optimization ; deprecated
accesspress-social-auto-post ; resource intensive, bad practice
aceide ; feature exists in wp core
/actifend/ ; not maintained, ss conflicts
acf-content-analysis-for-yoast-seo ; blacklisted dependent plugin
acf-yith-woocommerce-compare-support ; not maintained (by YITH Themes)
activity-reactions-for-buddypress ; bloated, not maintained
add-category-to-pages ; bad practice, creates instability, poor coding
add-expires-headers ; ss conflicts, bad practice (By Passionate Brains)
add-index-to-autoload ; ss conflicts, feature exists in WP Core 5.3+ already
add-social-share ; not maintained
/add-to-any/ ; adware, spyware, bloated
addon-elements-for-elementor-page-builder ; hacks third-party design products
addons-for-beaver-builder ; hacks other vendor products, creates instability, bad practice (buy the Pro version)
addons-for-elementor ; hacks third-party design products (By Livemesh)
addfreestats ; excessive logging
addthis-follow ; not maintained
addthis ; not maintained
addthis-all ; not maintained
admin-management-xtended ; resource intensive, pointless
admin-menu-editor ; creates instability
adminer ; exploitable, creates instability
adsense-click-fraud-monitoring ; deprecated
Advanced-Custom-Fields-Multilingual ; possible thrashing, not maintained
advanced-database-cleaner ; ss conflicts
advanced-menu-widget ; serious errors, not maintained (by Ján Bočínec)
advanced-speed-increaser ; ss conflicts
advanced-wp-reset ; ss conflicts, potential data loss
advanced-wpperformance ; ss conflicts, creates instability
aioseo-redirects ; lock-in (Requires AIOSEO Pro to manage 301 redirects), better options exist
airlift ; ss conflicts
ajax-load-more ; resource intensive, creates instability (by Darren Cooney)
ajax-store-locator-wordpress ; not maintained, exploitable, resource intensive
ajax-thumbnail-rebuild ; database thrashing
akeebabackupwp ; unsafe local archives
all-404-redirect-to-homepage ; spammy, better options exist
all-in-one-redirection ; excessive logging
all-in-one-seo-pack ; disabling other SEO plugins in violation of WP.org guidelines because Matt is cronies with Syed
all-in-one-webmaster ; pointless, better options exist
all-in-one-wp-security-and-firewall ; bloated
all-social-fw-style-widget ; not maintained
allow-php-execute ; php hacks
alinks ; deprecated, serious errors
Alinks ; deprecated, serious errors
alpine-photo-tile-for-instagram ; not maintained, better options exist, no public changelog
amazon-s3-and-cloudfront ; ss conflicts, potential data loss
amazon-s3-and-cloudfront-pro ; ss conflicts, potential data loss
/amp/ ; bad practice, spyware (By Google)
amp-html-sitemap ; not maintained, bad practice (HTML sitemaps unnecessary)
amp-plugin-manager ; ss conflicts (creates MU plugins) By Ahmed Kaludi, Mohammed Kaludi
analyticator-google-analytics ; not maintained
analytics-code ; not maintained
analytics-counter ; deprecated (By WPAdm.com)
analytify-analytics-dashboard-widget ; bloated, resource intensive (By Analytify)
/antivirus/ ; resource intensive, ss conflicts
anywhere-elementor ; database thrashing, hacks third-party design products (By WP Vibes)
anywhere-elementor-pro ; database thrashing, hacks third-party design products (By WP Vibes)
apex-digital-toolbox ; bloated, bizarre code, not maintained
/apikey/ ; known malware
app-for-cf ; bad practice these days
aqua-page-builder ; not maintained (By Syamil MJ)
ari-adminer ; serious errors, potential data loss (adminer better used as standalone script)
artbees-captcha ; not maintained, no public changelog, better options exist (By José Rodríguez) a.k.a. Cool PHP Captcha
aryo-activity-log ; excessive logging
askapache-debug-viewer ; php hacks
askapache-google-404 ; serious errors, not maintained
aspexi-login-audit ; excessive logging, not maintained
asta-html-minifier ; ss conflicts
astra-addon ; spyware
astra-pro-sites ; spyware, vendor specific
astra-sites ; requires blacklisted plugins by Brainstorm Force that hack third party design products (By Brainstorm Force)
astra-pro-sites ; requires blacklisted plugins by Brainstorm Force that hack third party design products (By Brainstorm Force)
async-javascript ; creates instability
async-social-sharing ; not maintained
asynchronous-javascript ; not maintained
attachment-pages-redirect ; ss conflicts, bad practice
authentication-and-xmlrpc-log-writer ; not maintained, bad practice, pointless
/authorizer/ ; ss conflicts, excessive logging
/authors-page/ ; not maintained
authorizenet-payment-gateway-for-woocommerce ; serious errors, poor coding, better options exist
authorsure ; deprecated
auto-clean-url-seo ; pointless, many conflicts, not maintained
auto-install-free-ssl ; ss conflicts
/auto-link/ ; not maintained, creates instability
auto-link-genius ; not maintained, creates instability
auto-tag-links ; not maintained, creates instability
/auto-updates/ ; ss conflicts, creates instability (By Michal Novak)
autoloader ; ss conflicts
autologin-links ; exploitable, pointless
/automatewoo/ ; thrashing, bloated, excessive logging, resource intensive
automatic-copyright-year ; pointless, not maintained
automatic-wordpress-backup ; ss conflicts, resource intensive, not maintained
autoupdater ; vendor specific (WP Engine)
backlink-rechecker ; not maintained, resource intensive
/backup/ ; ss conflicts, unsafe local archives
backup-scheduler ; unsafe local archives, resource intensive
backup-wd ; ss conflicts, unsafe local archives
backupbuddy ; resource intensive, unsafe local archives
backupwordpress ; unsafe local archives
; backwpup ; unsafe local archives, resource intensive
bad-behavior ; deprecated
barbwire-security ; ss conflicts
baw-post-views-count ; excessive logging, bloated, not maintained
bb-addons ; hacks other vendor plugins
bb-bootstrap-alerts ; hacks third-party design products (by Brainstorm Force)
bb-bootstrap-cards ; hacks third-party design products (by Brainstorm Force)
bb-header-footer ; hacks third-party design products (by Brainstorm Force)
; bb-plugin ; hacks third-party design products, bad practice (overrides theme settings)
bb-ultimate-addon ; creates instability, hacks third-party design products, no public changelog (By Brainstorm Force)
bb-theme-builder ; hacks third-party design products, no public changelog, creates instability, bad practice (overrides theme settings) aka Beaver Themer
bdthemes-element-pack ; hacks third-party design products (by BdThemes)
beautiful-social-widget ; not maintained
beaver-builder-addons ; hacks other vendor plugins
; beaver-builder-lite-version ; hacks third-party design products, bad practice (overrides theme settings)
before-and-after-slider-for-vc ; not maintained
best-wp-smtp-email ; blacklist risk (smtp)
better-analytics ; not maintained
/better-related/ ; not maintained, resource intensive
better-rss-widget ; not maintained
better-wordpress-minify ; ss conflicts
better-wp-security ; bloated
bfi-thumb ; deprecated
biagiotti-core ; theme-specific CPTs (By Mikado Themes)
bj-lazy-load ; not maintained (by Bjørn Johansen, Aron Tornberg, angrycreative)
black-studio-tinymce-widget ; not maintained, similar feature exists in wp core, bloated, creates instability (By Black Studio)
blizhost-cache-purge ; vendor specific
block-bloglovin-iframe ; malware company (Pipdig)
blog-manager-light ; bloated, serious errors, creates instability, bad practices (conflicting features) By OTWthemes 
blog-manager ; bloated, serious errors, creates instability, bad practices (conflicting features) By OTWthemes
block-wp-login ; ss conflicts
blogger-importer-extended ; malware company (Pipdig)
bloglovin-button ; malware company (Pipdig)
bloglovin-widget ; malware company (Pipdig)
blogvault ; ss conflicts, resource intensive
bluehost-site-migrator ; vendor specific
BoosterPage ; deprecated, poor code, no public docs (Smart Marketer)
bottom-of-every-post ; not maintained (By Corey Salzano)
bounce-handler-mailpoet ; ss conflicts, bad practice (smtp, php mail)
brave-payments-verification ; not maintained, pointless, bad practice (should be done via SFTP etc)
/breeze/ ; vendor specific (Cloudways cache plugin)
breezing-forms ; poor maintenance, political censorhip (only supports MailChimp) By Crosstec
broken-link-checker ; resource intensive, not maintained, excessive logging
brute-force-login-protection ; excessive logging, ss conflicts, not maintained
bruteprotect ; not maintained
bs-input ; brand abandoned, bloated, excessive API calls (By BeSquares)
bsf-changelog ; pointless (by Brainstorm Force)
bsf-docs ; pointless (by Brainstorm Force)
buddypress-google-plus ; deprecated
bugherd ; ss conflicts?
bulk-image-alt-text-with-yoast ; spammy, bad practice, creates instability
business-badges ; deprecated
businesspress ; bizarre code, creates instability
buttonizer-multifunctional-button ; spyware, adware
bv-cloudways-automated-migration ; vendor specific
bwp-google-xml-sitemaps ; not maintained, resource intensive
bwp-minify ; not maintained, creates instability
bws-smtp ; blacklist risk (smtp)
cache-cleaner ; ss conflicts
cache-control ; ss conflicts
cache-enabler ; ss conflicts
cache-images ; resource intensive, bizarre code, bad practice, not maintained
cache-performance ; creates instability, ss conflicts, bad idea
/cachify/ ; not maintained
/captcha/ ; deprecated
car-repair-services-core ; theme-specific custom post types (By SmartDataSoft)
/carla/ ; bizarre code, ss conflicts
casals-online-seo ; not maintained
category-color ; bad practice (not a good way to adjust CSS colors) By Zayed Baloch
category-for-pages ; not maintained, creates instability
cf-image-resizing ; bad practice
cf-littlebizzy ; ss included
cf-post-formats ; deprecated (a.k.a. WP Post Formats by Crowd Favorite)
change-table-prefix ; ss conflicts, bad practice, creates instability
change-password-protected-message ; malware company (Pipdig)
change-wp-admin-login ; ss conflicts (By Nuno Morais Sarmento)
check-and-enable-gzip-compression ; ss conflicts (apache)
cimy-swift-smtp ; blacklist risk (smtp)
clean-up-booster ; bloated, excessive logging
clear-cache-for-widgets ; vendor specific
clearfy ; bloated, ss conflicts
/clickfunnels/ ; not maintained, serious errors, creates instability, landing page imports, private page builder (by Etison, LLC)
/clicky/ ; fatal errors, better options exist (by Team Yoast)
clink ; not maintained, better options exist
cloudbric-basic-ssl ; not maintained
/cloudflare/ ; bloated
cloudflare ; ss conflicts
cloudflare-cache-purge ; ss conflicts
cloudflare-flexible-ssl ; ss conflicts
cloudflare-littlebizzy ; ss conflicts
cloudflare-rocket-loader-manual-settings ; not maintained, ss conflicts
cloudflare-threat-management ; not maintained, ss conflicts
cloudguard ; malware company (Pipdig)
cloudinary-image-management-and-manipulation-in-the-cloud-cdn ; poor code, creates instability, ss conflicts
cloudways ; vendor specific
cms-tree-page-view ; creates instability, potential data loss, resource intensive
co-authors-plus ; serious errors, creates instability, not maintained
codeguard ; ss conflicts, unstable
codepress-admin-columns ; creates instability
collapsing-categories ; serious errors, not maintained, creates instability
column-separator-for-beaver-builder ; hacks third-party design products (by Brainstorm Force)
comet-cache ; ss conflicts
comment-engine-pro ; not maintained
/comment-images/ ; deprecated (By talspotim)
/comments-ratings/ ; not maintained
companion-sitemap-generator ; bad practice (HTML sitemaps unnecessary)
compressed-emoji ; bloated, not maintained
connect-polylang-elementor ; hacks third-party design products (By Creame)
contact-form-7-datepicker ; exploitable (per Wordfence), deprecated (By Aurel Canciu)
contact-form-7-datepicker-fix ; not maintained (By Benjamin Klein)
contact-form-7-to-database-extension ; deprecated (Contact Form DB)
contempo-real-estate-custom-posts ; exploitable, theme-specific CPTs (By Contempo Themes)
ct-compare-listings ; exploitable, theme-specific, no public changelog (By Contempo Themes)
ct-membership-packages ; exploitable, theme-specific, bad practice (should be split into various independent plugins), no public changelog (By Contempo Themes)
ct-mortgage-calculator ; exploitable, theme-specific, no public changelog (By Contempo Themes)
ct-real-estate-7-extensions-loader ; exploitable, theme-specific, no public changelog (By Contempo Themes)
ct-real-estate-7-payment-gateways ; exploitable, theme-specific, no public changelog (By Contempo Themes)
contempo-saved-searches-email-alerts ; exploitable, theme-specific, no public changelog (By Contempo Themes)
/content-links/ ; deprecated (By WPAdm.com)
/content-locker/ ; spyware company, poor coding, serious errors, political censorship (only supports MailChimp) better options exist (MyThemeShop)
control-xml-rpc-publishing ; deprecated
constant-contact-forms ; serious errors, poor maintainance
constant-contact-signup-form-widget ; not maintained
copy-delete-posts ; hijacks wp core, spammy, serious errors, better options exist
cookies-for-comments ; ss conflicts, bad practice, not maintained
cool-php-captcha ; not maintained, no public changelog, better options exist (By José Rodríguez) a.k.a. Artbees Captcha
counterize ; excessive logging, not maintained
counterize-ii ; excessive logging, not maintained
country-caching-extension-for-wp-super-cache ; ss conflicts
creative-clans-embed-script ; better options exist, not maintained (by Guido Tonnaer)
cred-frontend-editor ; deprecated
crudlab-google-plus ; deprecated
css-above-the-fold ; not maintained
css-js-query-string-remover ; ss conflicts
css-share-buttons ; not maintained
ct-child-theme ; no public changelog, better options exist (By Contempo Themes)
ctw-ssl-for-cloudflare ; ss conflicts
current-date-time-widget ; not maintained
custom-404-error-page ; not maintained
custom-typekit-fonts ; creates instability, bad practice, hacks third-party design products (by Brainstorm Force)
custom-facebook-and-google-thumbnail ; deprecated
/custom-fonts/ ; bloated, creates instability, bad practice (use CSS instead) (By Brainstorm Force)
custom-functions ; ss conflicts (installed as an MU plugin already) By LittleBizzy
custom-functions-littlebizzy ; ss conflicts (installed as an MU plugin already) By LittleBizzy
custom-css-js ; bad practice, creates instability, ransomware, better options exist (Simple Custom CSS And JS)
custom-links-in-wp-toolbar ; pointless, ss conflicts (by Brainstorm Force)
custom-link-widget ; not maintained
custom-my-account-for-woocommerce ; bad practice (should be done using theme template files), not maintained, poor coding, bloated (By phoeniixx)
custom-one-click-seo-sitemap ; not maintained, bad practice (HTML sitemaps unnecessary)
custom-registration-form-builder-with-submission-manager ; bloated, exploitable, excessive logging, creates instability (a.k.a. Registration Magic)
custom-script-integration ; not maintained, better options exist
custom-searchable-data-entry-system ; exploitable (via WordFence), deprecated (by Ghazale Shirazi)
custom-share-buttons-with-floating-sidebar ; excessive logging, better options exist
custom-sidebars ; exploitable (malware found), bad practice, resource intensive, errors/conflicts, spamware (WPMU lock-in)
custom-taxonomy-order-ne ; potential data loss, bad practice (By Marcel Pol)
custom-template-learndash ; hacks third-party design products (by Brainstorm Force)
custom-user-profile-photo ; not maintained, serious errors, bad practice (enables externally hosted profile photos) By VincentListrani
custom-vc-column-layout ; not maintained, hacks third party design products (By Cenemil Jones Sumbalan)
customizer-reset-by-wpzoom ; ss conflicts, potential data loss
customizer-search ; pointless
cute-slider ; deprecated (Envato product)
cuteslider ; deprecated (Envato product)
CuteSlider ; deprecated (Envato product)
cw-image-optimizer ; not maintained, better options exist
cwis-antivirus-malware-detected ; ss conflicts, resource intensive
cyclone-slider ; company deprecated, not maintained, better options exist (By Nico Amarilla / CodeFleet.net)
dante-framework ; theme-specific custom post types, serious errors, deprecated (By Swift Ideas)
database-browser ; not maintained, ss conflicts, creates intability, potential data loss
date-exclusion-seo-plugin ; not maintained, pointless
/db-cache/ ; deprecated
db-cache-reloaded ; not maintained
db-cache-reloaded-fix ; not maintained
dbc-backup ; ss conflicts, resource intensive, not maintained
dd-list-subpages ; no public docs, better options eixst
de-updraftplus-backup-exclude-image-thumbnails ; ss conflicts
default-to-gd ; deprecated (By Mike Schroder)
defensio-anti-spam ; not maintained
defensio-wordpress ; not maintained
defer-css-addon-for-bwp-minify ; ss conflicts
/debug/ ; ss conflicts
/debug-info/ ; ss conflicts
defender-security ; ss conflicts, bloated (by WPMU Dev)
degutenizer ; malware company (Pipdig)
/delete-all-comments/ ; deprecated, exploitable, potential data loss
delete-all-comments-of-website ; potential data loss
delightful-downloads ; deprecated, exploitable (By Ashley Rich)
designmodo-social-count ; deprecated, better options exist
desktopserver ; xml-rpc, ss conflicts
digg-digg ; deprecated
digiautolinks ; blackhat seo, bad idea
digiproveblog ; pointless
/digits/ ; creates instability, serious errors, resource intensive
disable-jquery-migrate ; exists in wp core (after version 5.5+)
disable-jquery-migrate-littlebizzy ; exists in wp core (after version 5.5+) By LittleBizzy
disable-real-mime-check ; exploitable, not maintained
disable-rss ; deprecated
/disable-site/ ; not maintained, better options exist
disable-woocommerce-reviews ; malware company (Pipdig)
disable-wordpress-updates ; ss conflicts, creates instability
disable-wp-emoji-icons ; ss conflicts
disabler ; better options available
disk-space-usage ; ss conflicts
display-html-sitemap ; bad practice (HTML sitemaps unnecessary)
display-php-version ; ss conflicts, not maintained, better options exist
/display-widgets/ ; active malware
displet-pop ; not maintained
divi-alt-text ; hacks third-party design products, no public changelog, bad practice (should not be theme-specific) By Yan Thiaudière
divi-booster ; bloated, serious errors, bad practice
divi-footer-editor ; hacks third-party design products
divi-overlays ; hacks third-party design products, no public changelog, bad practice (should not be theme-specific) By Divi Life / Tim Strifler
dnui-delete-not-used-image-wordpress ; serious errors, not maintained, potential data loss (By Nicearma)
do-shortcodes-for-rank-math-seo ; add-on to blacklisted plugin
domain-sharding ; deprecated
download-button-for-elementor ; hacks third-party design products, not maintained (By clicklabs Medienagentur)
dreamhost-panel-login.php ; vendor specific
dreamobjects ; vendor specific
/dropbox-backup/ ; deprecated (By WPAdm.com)
ds-divi-extras ; hacks third-party design products
dts-simple-share ; not maintained
dukapress ; exploitable
duplicate-page ; exploitable, ss conflicts (Gutenberg), better options exist
/duplicate-post/ ; spamware (acquired by Yoast), bloated, better options exist (By Enrico Battocchi & Team Yoast)
dvk-social-sharing ; not maintained
dw-social-share ; not maintained
dynamic-related-posts ; resource intensive
dynamic-widgets ; ridiculous
easy-googles-widget ; deprecated
easy-hide-login ; ss conflicts, creates instability
easy-html-sitemap ; bad practice (HTML sitemaps unnecessary)
easy-image-sizes ; not maintained, pointless, creates instability
easy-sitemap-page ; not maintained, bad practice (HTML sitemaps unnecessary)
/easy-social-share-buttons/ ; excessive logging
easy-social-share-buttons-for-wordpress ; bloated, excessive logging
/easy-social-sharing/ ; excessive logging
easy-text-links ; blackhat seo
easy-theme-and-plugin-upgrades ; creates instability
easy-webmaster-tools ; deprecated, pointless
easy-wp-smtp ; blacklist risk (smtp)
easyalttext ; not maintained, pointless (By Rasmus Nørskov (RHNorskov))
easy2map ; exploitable (per WOrdfence), deprecated (ak.a. wp-easy2map)
Ebor-Framework ; deprecated, poor maintenance, no public changelog (By Tom Rhodes)
ebor-framework ; deprecated, poor maintenance, no public changelog (By Tom Rhodes)
eborframework ; deprecated, poor maintenance, no public changelog (By Tom Rhodes)
ebor-page-builder ; deprecated (By TommusRhodus) based on aqua-page-builder
echbay-admin-security ; ss conflicts, pointless
ecommerce-store-optimizer ; vendor specific (By StudioPress / WP Engine)
edgemesh ; ss conflicts, bloated, pointless, bad practice (tries to overrule server cache rules)
/edit-flow/ ; abandoned (by Automattic)
ele-custom-skin ; hacks third-party design products (By Dudaster.com)
elegant-themes-support ; exploitable
elementor-extras ; hacks third-party design products (By Namogo)
elementskit ; hacks third-party design products (By Wpmet)
elementskit-lite ; hacks third-party design products (By Wpmet)
elementskit-pro ; hacks third-party design products (By Wpmet)
elfsight-instagram ; serious errors, resource intensive, database thrashing, poor coding, no public docs
elfsight-instagram-feed-cc ; serious errors, resource intensive, database thrashing, poor coding, no public docs
email-customizer-woocommerce ; serious errors, not maintained
emoji-settings ; ss conflicts
emoji-shortcode ; bloated, not maintained
emojics-wp ; bloated
enable-shortcode-and-php-support-in-text-widget ; deprecated, bad practice
enable-gzip-compression ; ss conflicts (apache)
enhanced-custom-permalinks ; creates instability, potential seo penalties, bad practice, not maintained
envato-wordpress-toolkit ; deprecated
eps-301-redirects ; exploitable, history of poor coding, excessive logging, better options exist (by WebFactory Ltd)
error-log-monitor ; ss conflicts
error-log-viewer ; ss conflicts
essential-addons-elementor ; hacks third-party design products (By WPDeveloper)
essential-addons-for-elementor ; bloated, hacks third-party design products (By WPDeveloper)
essential-addons-for-elementor-lite ; bloated, hacks third-party design products (By WPDeveloper)
essential-addons-for-elementor-pro ; bloated, hacks third-party design products (By WPDeveloper)
essential-blocks ; illegal email spam, selling private data, bloated, hacks third-party design products (By WPDeveloper)
et-safe-mode ; ss conflicts, creates instability, exploitable (Elegant Themes)
evolution-google-analytics-code ; not maintained
execution-time ; php hacks
expandable-row-for-beaver-builder ; hacks third-party design products (by Brainstorm Force)
/expander/ ; deprecated (By Ciprian Popescu)
exploit-scanner ; not maintained
export-all-urls ; malware, resource intensive, not maintained
exec-php ; php hacks
/expander/ ; not maintained, deprecated (by Ciprian Popescu)
extend-bundle-widgets ; not maintained, no public docs, possibly exploitable
extended-categories-widget ; not maintained, creates instability
ewww-image-optimizer ; bloated, resource intensive, generates junk files
ewww-image-optimizer-cloud ; 
ezpz-one-click-backup ; deprecated, ss conflicts, resource intensive
facebook-for-woocommerce ; serious errors, history of poor coding (By Facebook via WooCommerce.com)
facebook-google-twitter-share ; not maintained
facebook-like-box ; deprecated (by Marcos Esperon)
facebook-like-button ; deprecated
/falcon/ ; ss conflicts
fancier-author-box ; not maintained (by ThematoSoup)
/fancy-box/ ; not maintained
faq-schema-block-to-accordion ; blacklisted dependent plugin
fast-easy-social-sharing ; not maintained
fast-indexing-api ; pointless and add-on to blacklisted plugin (By Rank Math)
fast-user-switching ; not maintained, exploitable, creates instability, creates junk files (cookies, SQL) (By Tikweb)
fast-velocity-minify ; ss conflicts
fast-wp ; not maintained, ss conflicts
/favorite-post/ ; serious errors, not maintained (by Tareq Hasan)
fb-instant-articles ; poor coding, serious errors, not maintained (by Facebook and Automattic)
/fb-messenger/ ; deprecated
featherlight-html-minify ; ss conflicts
/feature-policy/ ; ss conflicts (by Google)
featured-image-admin-thumb-fiat ; wp core hacks, poor coding, resource intensive, bad practice
feedburner-email-subscription ; deprecated
feedburner-setting ; deprecated (By Jiayu (James) Ji)
file-away ; creates instability, not maintained
file-changes-monitor ; resource intensive, excessive logging, pointless (by nicolly)
filebird ; creates instability, potential data loss (By Ninja Team)
filebrowser ; deprecated
/flare/ ; serious errors, not maintained (By dtelepathy)
flexible-shipping-pro ; fatal errors, poor coding (by WP Desk)
floating-social-media-icon ; bloated, bad practice, spammy, hijacks WP Admin
fluid-video-embeds ; deprecated (By jamie3d)
flying-pages ; resource intensive, better options exist
follow-subscribe ; not maintained
font-awesome-4-menus ; not maintained, deprecated, better options exist
/fonts/ ; bad practice, creates instability; several conflicts with page builders etc
footer-javascript ; not maintained, creates instability
force-ssl-everywhere ; not maintained
/frame-buster/ ; ss conflicts, not maintained (by Warfare Plugins)
free-social-media-with-whatsapp ; not maintained
freshizer ; not maintained, generates junk files (image optimization)
full-screen-menu-for-elementor ; hacks third-party design products
full-site-editing ; ss conflicts, not ready for production sites (Gutenberg full site editing)
fuzzy-seo-booster ; thrashing
g1-socials ; deprecated, no public changelog (By bringthepixel)
g-file-merge-minify ; ss conflicts
g-meta-keywords ; bad practice (keyword stuffing), not maintained (By Sinan Yorulmaz)
/ga-in/ ; bloated, better options exist (copycat by IntelligenceWP)
gator-cache ; ss conflicts
genesis-favicon-uploader ; not maintained, hacks third-party design products
genesis-featured-page-extras ; not maintained, hacks third-party design products (By David Decker)
genesis-layout-extras ; not maintained, hacks other vendor design products (By David Decker / DECKERWEB)
getbowtied-tools ; vendor specific
giphypress ; serious errors, not maintained
global-site-tag-tracking ; better options exist
glue-for-yoast-seo-amp ; soon to be deprecated (By Yoast SEO) 
gmail-smtp ; blacklist risk (smtp)
gna-google-analytics ; not maintained
go_pricing ; serious errors, abandoned (by Granth Web)
godaddy ; vendor specific
google-1-shortcodes ; deprecated
google-adwords-remarketing ; deprecated
google-analyticator ; serious errors, history of poor code, poor maintenance, better options exist (By SumoMe)
google-analytics-dashboard-for-wp ; spammy, bloated, serious conflicts, poor coding, tracking, spamware (acquired by WPBeginner)
google-analytics-for-mymail ; not maintained
google-analytics-for-wordpress ; spyware, history of spam/hijacking WP Admin, history of poor code, bloated (Monster Insights)
google-analytics-post-pageviews ; pointless
google-author-link ; deprecated
google-authorship ; deprecated
/google-captcha/ ; scamware, dashboard hijacking, better options exist (BestWebSoft)
google-comments ; deprecated
google-content-experiments ; not maintained, pointless
google-for-page ; deprecated
google-importer ; deprecated
google-language-translator ; exploitable, not maintained, pointless
google-listings-and-ads ; Jetpack honeypot, Automattic propaganda, not necessary to setup Google Merchant center, horrible design, absolutely pointless
google-page-badge ; deprecated
google-per-page-tracking-code ; deprecated (a.k.a. Awords Tracking Code)
google-plus-author ; deprecated
google-plus-authorship ; deprecated (By Martin Lazarov)
google-plus-badge ; deprecated
google-plus-badge-widget ; deprecated, spyware company, poor coding, serious errors, better options exist (MyThemeShop)
google-plus-comments ; deprecated
google-plus-google ; deprecated
google-plus-name-link-popup-badge ; deprecated
google-plus-page-badge ; deprecated
google-plus-share-and-plusone-button ; deprecated
google-plus-stream-for-wordpress ; deprecated
google-plus-stream-widget-plugin-for-wordpress ; deprecated
google-plus-widget ; deprecated
google-privacy-policy ; not maintained
google-publisher ; deprecated
google-site-kit ; bloated, excessive API calls (by Google)
google-site-verification-using-meta-tag ; bad practice, not maintained
google-webfont-optimizer ; not maintained
/googleanalytics/ ; poor maintenance, bloated, excessive API calls, better options exist, spyware (By ShareThis)
googleplus-multi-authorship ; deprecated
gonzales ; ss conflicts
gosquared ; bloated, excessive api calls
gosquared-official ; bloated, excessive api calls, excessive logging
gosquared-wordpress-plugin ; deprecated
/gp/ ; deprecated
gpltimes ; seems to cause spinning/thrashing (also, secretive plugin repo that does not disclose ownership) ... might enable again later
gppro-export-css ; not maintained
gplus-author-profile ; deprecated
graceful-pull-quotes ; deprecated (by By Stephen Rider)
gravatar-widget ; deprecated
gravatarlocalcache ; not maintained
gregs-high-performance-seo ; not maintained
grisha-gplus-gallery ; deprecated
growmap-anti-spambot-plugin ; deprecated
gumlet ; ss conflicts
gunner-technology-authorship ; deprecated
/gutenberg/ ; ss conflicts, bloated
gwconditionalpricing ; deprecated (bundled into Gravity Perks plugin)
gwtermsofservice ; deprecated (bundled into Gravity Perks plugin)
gzip-ninja-speed-compression ; deprecated
/hammy/ ; not maintained, better options exist
hc-custom-wp-admin-url ; not maintained, ss conflicts, poor coding, serious errors
header-and-footer-scripts ; poor maintenance, poor code, better options exist
header-footer-elementor ; hacks third-party design products
headers-security-advanced-hsts-wp ; ss conflicts, also better to manipulate headers via Cloudflare
health-check ; pointless, creates instability, history of poor coding, potential data loss, now included in wp core
heartbeat-control ; ss conflicts
hello-dolly ; pointless
heroic-social-widget ; not maintained
hide-jetpack-promotions ; dependency blacklisted
hide-login-page ; ss conflicts, creates instability
hide_my_wp ; ss conflicts, creates instability, deprecated (By AUB Media)
hide-my-wp ; ss conflicts, creates instability
hide-wp-urls ; ss conflicts, creates instability
hierarchical-html-sitemap ; bad practice (HTML sitemaps unnecessary)
hitsteps-visitor-manager ; bloated, excessive api calls
holler-box ; serious errors, resource intensive, admin-ajax abuse, not maintained
host-analyticsjs-local ; pointless, creates instability (caos analytics)
host-webfonts-local ; pointless, creates instability (caos web fonts)
hostinger ; vendor specific
/hsts-ready/ ; ss conflicts, unclear purpose
htaccess ; ss no support (apache)
html-javascript-adder ; exploitable, bad practice (adds Flash, etc) ...(by Aakash Chakravarthy)
/html-minify/ ; ss conflicts, not maintained
html-sitemap ; bad practice (HTML sitemaps unnecessary)
html-sikistir-basit-html-sikistirici ; ss conflicts
http-headers ; ss conflicts
https-image-fixer ; not maintained, better options exist
https-redirection ; ss conflicts (By Tips and Tricks HQ)
hyper-cache ; ss conflicts
hyper-cache-extended ; ss conflicts
hyperdb ; ss conflicts
icon-moon-font-add ; no public changelog
iire-social-icons ; not maintained
imagefocuspoint ; not maintained
imagemagick-engine ; ss conflicts
images-lazyload-and-slideshow ; not maintained
image-optimizer-for-google-lighthouse ; deprecated
image-optimizer-wd ; resource intensive, creates database junk
image-optimization ; potential data loss, bad practice, resource intensive
resize-image-after-upload ; feature exists in WP Core, acquired by ShortPixel to spam (by ShortPixel)
/image-widget/ ; exists in wp core, not maintained
imagify ; generates junk files
import-xml-csv-settings-to-rank-math-seo ; add-on to blacklisted plugin
improve-pagespeed-today ; ss conflicts
improved-variable-product-attributes ; bloated, serious errors, bad practice (By XforWooCommerce)
inactive-user-deleter ; data loss
inboundio-marketing ; exploitable
/infogram/ ; pointless
index-autoload ; ss conflicts
index-autoload-littlebizzy ; ss conflicts
/infolinks/ ; not maintained
inline-html-css-javascript-minifier ; ss conflicts
insert-google-analytics-tracking-code ; not maintained
insert-php ; php hacks
inspectlet-heatmaps-and-user-session-recording ; abandoned, utility
instant-feedback ; bloated, not maintained
instant-gzip-compression ; ss conflicts (apache)
/intelligence/ ; excessive API calls, bloated, bad practice (using WP Admin as analytics dashboard) (by LevelTen)
intuitive-custom-post-order ; resource intensive, creates instability
ip-blacklist-cloud ; not maintained, ss conflicts, resource intensive
ip-geo-block ; bloated, excessive logging
iq-block-country ; bloated, excessive logging, bad practice (should be done at DNS level these days) By Pascal / Webence
ithemes-sync ; ss conflicts
itr-popup ; not maintained
itro-popup ; not maintained
iwp-client ; ss conflicts, creates instability (remote managers)
jamie-social-icons ; not maintained
jawn-alp ; previously zox-alp
jch-optimize ; ss conflicts
jet-blocks ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jet-blog ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jet-booking ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jet-compare-wishlist ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jet-elements ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jet-engine ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jet-menu ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jet-popup ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jet-reviews ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jet-search ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jet-smart-filters ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jet-style-manager ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jet-tabs ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jet-theme-core ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jet-tricks ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jet-woobuilder ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jetappointment ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jetgridbuilder ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jetformbuilder ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jetproductgallery ; serious errors, no public changelog, hacks third party design products (By Crocoblock)
jetpack ; bloated
jm-live-blog ; not maintained, resource intensive
jonimo-simple-redirect ; not maintained, better options exist (by Jonimo ?? anonymous)
jquery-image-lazy-loading ; not maintained
jr-referrer ; deprecated, exploitable
js-css-script-optimizer ; creates instability
js_composer_theme ; modified (nulled?) version of WP Bakery
js-composer-qtranslate-x ; not maintained, database thrashing
jsm-force-ssl ; better options exist
jumpple ; active malware (Sweet Captcha plugin under new name)
just-image-optimizer ; creates junk files
kd-google-plus-badge ; deprecated
kn-social-slide ; not maintained
kocuj-sitemap ; bad practice (HTML sitemaps unnecessary)
kv-send-email-from-admin ; not maintained, bad practice
last-modified-timestamp ; ss conflicts
/launcher/ ; spyware company, poor coding, serious errors, better options exist (MyThemeShop)
laravel-dd ; ss conflicts, not maintained
LayerSlider ; bloated, error prone, history of poor code, exploitable
/lazy-load/ ; not maintained
lazy-widget-loader ; not maintained
ldw-clean ; not maintained
/leadpages/ ; database thrashing, deprecated, creates instability, no public changelog, bad practice (new version but same folder name? impossible to know version?)
leverage-browser-caching ; ss conflicts, bad practice (By Rinku Yadav)
lh-sitemaps ; bad practice (HTML sitemaps unnecessary)
/lightbox-gallery/ ; serious errors, poor coding, not maintained (Lightbox Gallery by Hiroaki Miyashita)
lightboxkiller ; not maintained, no public docs
lightweight-html-minify ; ss conflicts
/likes/ ; bloated, no public docs
/limit-attempts/ ; ss conflicts, resource intensive
limit-heartbeat ; ss conflicts
limit-heartbeat-littlebizzy ; ss conflicts
limit-login-attempts ; not maintained, excessive logging
limit-login-attempts-reloaded ; excessive logging, ss conflicts
link-first-image-to-post ; malware company (Pipdig)
link-to-telegram ; abandoned
link-to-url-post ; not maintained, bizarre code
linkman ; blackhat seo, deprecated
linkpatrol ; resource intensive, no public changelog
litespeed-cache ; ss conflicts (litespeed)
live-weather-station ; pointless, resource intensive
loading-page ; bloated, bad idea
local-emoji ; pointless, ss conflicts
loco-translate ; pointless, creates instability, potential data loss
logbook ; excessive logging
login-lockdown ; excessive logging
login-recaptcha ; pointless, bloated, ss conflicts (By Robert Peake)
login-security-solution ; creates instability, excessive logging, not maintained
login-wall ; exploitable
loginizer ; ss conflicts
loginpress ; bloated, exploitable, bad practice (e.g. requires license for login page to work), hijacks wp core (By WPBrigade)
loginwall-for-wp-beta ; exploitable
/log-viewer/ ; ss conflicts
luminpop ; deprecated (a.k.a. Lumin Popover by Lumin Apps)
/machete/ ; ss conflicts
/mailchimp/ ; deprecated, political censorship
mailchimp-for-woocommerce ; serious errors, resource intensive, poor coding, better options exist, political censorship
mailchimp-forms-by-mailmunch ; spyware, political censorship, bloated (By Mailmunch)
mailster-multi-smtp ; blacklist risk (smtp)
/maintenance-mode/ ; ss conflicts
mainwp ; ss conflicts, creates instability (MainWP)
mainwp-child ; ss conflicts, creates instability (MainWP)
manual-image-crop ; cant remember why
mashshare-fblikebar ; bloated, third-party cookies (By René Hermenau)
mashshare-google-analytic ; pointless
mashshare-pageviews ; excessive logging, resource intensive (By René Hermenau)
mashshare-likeaftershare ; bloated, third-party cookies (By René Hermenau)
maven-algolia ; not maintained
mavis-https-to-http-redirect ; bad idea, not maintained
max-file-size ; php hacks
maxblogpress-subscribers-magnet ; deprecated (a.k.a. sbmg)
mayo-login-screen ; hijacks wp core, bad practice, creates instability, not maintained (By Passion In Design)
mc-w3tc-minify-helper ; ss conflicts
mcafee-secure ; ss conflicts, copyright issues, pointless
media-file-manager ; creates instability, no public docs
media-file-renamer ; creates instability, resource intensive, bad practice
media-from-ftp ; bad practice (caters to poorly configured servers, risks conflict with wp core) By Katsushi Kawamori
/memcached/ ; ss conflicts
merge-minify-refresh ; ss conflicts
merge-minify-refresh-clear-caches ; ss conflicts
meta-generator-and-version-info-remover ; ss conflicts, bizarre code
meta-tag-manager ; pointless, not maintained
metronet-embed-google-plus ; deprecated
metronet-reorder-posts ; creates instability, potential data loss, resource intensive
micropoll ; not maintained
migrate-guru ; vendor specific
mihan-wp-cache ; ss conflicts
mime-types-plus ; ss conflicts, exploitable, pointless
minify-html ; ss conflicts
minify-html-littlebizzy ; ss conflicts
minimal-coming-soon-maintenance-mode ; exploitable, political censorship (only accepts MailChimp), history of poor code (by WebFactory)
miniorange-2-factor-authentication ; no public changelog, poor coding
miniorange-2-factor-authentication-premium ; no public changelog, poor coding
miniorange-limit-login-attempts ; excessive logging
miwoftp ; exploitable
mixpanel-integration ; not maintained
mobius-conversion-tracker ; not maintained
mojo-marketplace-wp-plugin ; vendor specific
monsterinsights-performance ; excessive logging
moon-phases ; not maintained (Joe's Web Tools)
mouseflow-for-wordpress ; bloated, excessive api calls, bad practice (login to their site instead) by Mouseflow 
/mp6/ ; deprecated, exists in wp core
mts-url-shortener ; spyware company, poor coding, serious errors, better options exist (MyThemeShop)
multi-google-analytics ; bloated, not maintained, bad practice
multipurpose-sliders ; deprecated, serious errors, no public docs (a.k.a. iWorks Sliders by Marcin Pietrzak)
my-custom-css ; serious errors, not maintained, better options exist
my-custom-functions ; ss conflicts (alternative one exists as MU plugin already), bad practice (PHP functions should not be stored as SQL queries) By Space X-Chimp
my-database-admin ; bad practice, creates instability, likely exploitable
my-simple-space ; ss conflicts
my-smtp-wp ; blacklist risk (smtp)
my-wp-backup ; ss conflicts, spyware company, poor coding, serious errors, better options exist (MyThemeShop)
my-wp-fast ; ss conflicts
my-wp-translate ; spyware company, poor coding, serious errors, better options exist (MyThemeShop)
mycurator ; pointless, spammy, bad practice, resource intensive
mymail-multi-smtp ; blacklist risk (smtp)
myreviewplugin ; deprecated
mythemeshop-connect ; spyware company, serious errors, poor coding, extortion ware, better options exist (MyThemeShop)
mythemeshop-theme-customizer ; spyware company, serious errors, poor coding, better options exist (MyThemeShop)
mywebtonet-performancestats ; resource intensive
native-lazyload ; serious errors, creates instability, experimental software (By Google)
native-emoji ; bloated
nazy-load ; creates instability (overwrites paths), ss conflicts (By Gijo Varghese)
nc-extendify-lc ; vendor specific
new-google-plus-badge ; deprecated
new-google-plus-badge-widget ; deprecated
news-ticker-tj ; not maintained, serious errors
newstatpress ; excessive logging, resource intensive
nginx-cache-optimizer ; ss conflicts
nginx-champuru ; ss conflicts
nginx-compatibility ; ss conflicts, not maintained
nginx-helper ; ss conflicts
nginx-mobile-theme ; ss conflicts
nifty-backups ; unsafe local archives, resource intensive, not maintained (By NickDuncan)
nitropack ;; ss conflicts, bloated
nm404 ; creates instability
no-external-links ; pointless
no-revisions ; not maintained, pointless (after WP 4.x)
no-self-ping ; ss conflicts
/nofollow/ ; serious errors, creates instability, not maintained
nofollow-for-external-link ; bad practice, not maintained, serious errors
nxs-snap-pro-upgrade ; serious errors, no longer relevant (NextScripts: SNAP Pro Upgrade Helper)
o3-social-share ; not maintained
ocean-elementor-widgets ; hacks third-party design products (By OceanWP)
odihost-easy-redirect-301 ; not maintained, potential serious errors (does not remove data on deactivation)
official-facebook-pixel ; serious errors, history of poor coding, better options exist (Official Facebook Pixel via GitHub)
ol_scrapes ; blackhat seo, copyright issues, no public docs
one-click-child-theme ; deprecated
onesignal-free-web-push-notifications ; spyware, history of exploits, bad for reputation, soon blocked by default in Chrome/Firefox/etc
onlywire ; idk
onlywire-bookmark-share-button ; not maintained, serious errors
/opcache/ ; ss conflicts, not maintained
optimize-javascript ; ss conflicts
optimize-scripts-styles ; ss conflicts
optimizely ; not maintained
optimizely-x ; not maintained
optimizemember ; alt spelling
optimizeMember ; requires OptimizePress (banned)
optimizepress ; bloated, serious errors, creates instability, potential data loss
optimizePressPlugin ; bloated, serious errors, creates instability, potential data loss
optimizePress ; bloated, serious errors, creates instability, potential data loss
optimole-wp ; excessive api calls, bloated
optimus ; resource intensive, poor coding
optinmonster ; bloated, cronyism, dashboard spam, etc (By Awesome Motive)
/options-manager/ ; not maintained
outtatimr ; deprecated
/oxygen/ ; creates instability, content lock-in, theme-specific page builder, hijacks wp core
p3-profiler ; not maintained, serious errors
page-bundle ; database thrashing, no public changelog (By Pablo Cruz Digital)
page-links-to ; not maintained, poorly coded, bad practice (redirects should not conflict with permalink system/database)
page-or-post-clone ; not maintained, better options exist
page-sitemap ; not maintained, bad practice (HTML sitemaps unnecessary)
page-speed ; ss conflicts, not maintained
page-tagger ; not maintained, pointless
page-views-count ; excessive logging
pagefrog ; not maintained
pageloader-by-bonfire ; bad practice
/pageviews/ ; pointless, resource intensive
pantheon-advanced-page-cache ; vendor specific
parallelize-downloads ; deprecated
parallel-loading-system ; deprecated
parrallelize ; deprecated
PartnerPal ; poor coding, not maintained, no public docs (Google Tag Manager, etc)
pb-responsive-images ; not maintained
pc-google-analytics ; deprecated
pdf-viewer-for-wordpress ; not maintained (ThemeNcode)
pdf-viewer-for-wordpress-visual-composer-addon ; not maintained (ThemeNcode)
pegasaas ; ss conflicts
pegasaas-accelerator-wp ; ss conflicts
per-page-add-to ; bad practice, not maintained, creates instability
perfectdashboard ; ss conflicts, bad practice
perfmatters ; bloated, stolen code, ss conflicts
performance-optimization-order-styles-and-javascript ; not maintained
performance-tester ; not maintained, resource intensive
permalink-finder ; creates instability, bad practice
permalink-manager ; creates instability, bad practice (overwrites permalinks in database even when disabled) By Maciej Bis
permalink-manager-pro ; creates instability, bad practice (overwrites permalinks in database even when disabled) By Maciej Bis
permalink-modifier ; deprecated, exists in wp core already
performance-lab ; not suitable for production sites
peters-literal-comments ; not maintained, possible database thrashing (By Peter Keung)
peters-login-redirect ; exploitable, bad practice (By Peter Keung)
phastpress ; ss conflicts
photo-express-for-google ; deprecated
photomix ; resource intensive
php-code-for-posts ; deprecated, php hacks
php-code-widget ; php hacks
php-settings ; php hacks
php-text-widget ; php hacks, not maintained
phpmyadmin ; exploitable, creates instability
picasa-express-x2 ; deprecated
piio-image-optimization ; bloated, creates junk files
pilotpress ; serious errors, poor coding (By Ontraport)
pinterest-pin-it-button ; not maintained (by Phil Derksen)
pipdig ; malware company (Pipdig)
pipdig-cookie-banner ; malware company (Pipdig)
pipdig-custom-credit ; malware company (Pipdig)
pipdig-snapcode-widget ; malware company (Pipdig)
pipdisqus ; malware company (Pipdig)
pirate-forms ; not maintained, spamware (WPForms), smtp blacklist risk
pj-object-cache-red ; ss conflicts (Reids Object Cache by PressJitsu)
pj-page-cache-red ; ss conflicts (Redis Page Cache by PressJitsu)
platinum-seo-pack ; excessive logging (By Techblissonline.com (Rajesh))
plugin-output-cache ; not maintained
/postie/ ; ss conflicts, post via email
pods-alternative-cache ; ss conflicts
/poll-plugin/ ; serious errors, no public docs (Responsive Poll by Weblator)
/popup-manager/ ; not maintained
popups-for-divi ; hacks third-party design products (By Divimode)
portable-phpmyadmin ; deprecated, exploitable, creates instability
post-expirator ; not maintained
post-grid-elementor-addon ; hacks third-party design products (By WP Concern)
post-types-order ; creates instability, pointless, resource intensive, creates instability, potential data loss
post-hit-counter ; excessive logging
post-views-counter ; excessive logging
post-views-for-jetpack ; dependency blacklisted
/postman-smtp/ ; deprecated
posts-analysis ; bloated, excessive logging
posts-by-tag ; abandoned, serious errors (by Sudar)
powered-cache ; ss conflicts
powerpack-elements ; hacks third-party design products (By IdeaBox)
premium-addons-for-elementor ; hacks third-party design products (By Leap13)
pre-publish-checklist ; pointless (by Brainstorm Force)
pressbackup ; deprecated, resource intensive, ss conflicts
pro-elements ; hacks third-party design products (By proelements.org)
propellerads-official ; serious errors, possible malware/spyware
publishvault ; remote managers, creates instability, generates database junk
purge-cache-for-cloudflare ; not maintained, ss conflicts
purge-cloud-flare ; ss conflicts
purge-varnish ; ss conflicts
pushlive ; not maintained (By 1 Squared, Jamin Szczesny)
/premise/ ; deprecated (merged to rainmaker platform)
psn-pagespeed-ninja ; ss conflicts
pt-instant ; deprecated
purchased-items-column-woocommerce ; malware company (Pipdig)
pushengage ; resource intensive
qards ; closed-source page builder, serious errors, bad practice (only supports its own custom post types?)
qode-instagram-widget ; not maintained, serious errors, no public docs
query-string-remover-from-static-resources ; ss conflicts
quick-pagepost-redirect-plugin ; not maintained, bizarre code, bad practice, better options exist
/quick-sharing/ ; better options exist
qtranslate-x ; database thrashing, deprecated, serious errors
simple-image-sizes ; not maintained, creates instability, potential resource intensive (By Rahe)
rank-checker-by-surfing-panda ; not maintained
/raptor/ ; malware company (Pipdig)
rc-site-map ; bad practice (HTML sitemaps unnecessary)
reachedge ; serious errors (404 errors), poor coding, not maintained
/react/ ; not maintained
react-and-share ; bloated
read-meter ; pointless (by Brainstorm Force)https://reclaimthenet.org/twitter-locked-out-grabien-media-account-for-quoting-a-congressman-andy-briggs/
real-time-find-and-replace ; thrashing, js hacks
really-simple-ssl ; bloated, ss conflicts, better options exist
really-simple-twitter-feed-widget ; deprecated
recaptcha-in-wp-comments-form ; serious errors, not maintained (By Joan Miquel Viadé)
/recent-tweets-widget/ ; poor coding, serious errors, better options exist
redirect-to-404 ; not maintained
/redirection/ ; excessive logging, better options exist
redis-cache ; ss conflicts (By Till Kruss)
redis-http-cache ; ss conflicts
redis-https-cache ; ss conflicts
redis-object-cache ; ss conflicts
Redis-Object-Cache ; ss conflicts
redis-wp-cache ; ss conflicts
related-posts-by-zemanta ; deprecated, resource intensive
related-posts-for-wp ; resource intensive
related-ways-to-take-action ; deprecated (By Social Actions)
remove-author-pages ; not maintained, better options exist
remove-category-url ; poor coding (By Valerio Souza, Сreativemotion)
remove-google-analytics-comments ; pointless, not maintained
/remove-ip/ ; not maintained
remove-yoast-seo-comments ; pointless, better options exist (e.g. minify HTML plugins)
rename-wp-login ; ss conflicts, creates instability, not maintained
rename-xml-rpc ; ss conflicts
/replyme/ ; not maintained
/reporting-api/ ; excessive logging, pointless (by Google)
/repress/ ; deprecated
reset-wp ; ss conflicts, potential data loss, deprecated
resmushit-image-optimizer ; creates instability, potential data loss, resource intensive, better options exist
responsive-add-ons ; exploitable, hacks third-party design products (by CyberChimps)
responsive-video-shortcodes ; deprecated (by Felix Arntz)
/rest-api/ ; exists in wp core, not maintained
restricted-site-access ; excessive logging
revslider ; bloated, poor code, history of exploits
/rewrite/ ; not maintained, ss conflicts (By takien)
ricg-responsive-images ; not maintained
rich-reviews ; exploitable, deprecated
rich-text-excerpts ; not maintained, creates instability
robin-image-optimizer ; creates junk files, bad practice (small CDN team) By Webcraftic
rocket-lazy-load ; ss conflicts
rollback-update-failure ; confusing, pointless
root-cookie ; not maintained
royal-elementor-addons ; hacks third party design products
rs-head-cleaner-lite ; deprecated
rs-social-sidebar ; not maintained
rss-post-importer ; resource intensive, copyright issues, seo penalties
rsvpmaker ; bad practice (tries to do too much e.g. billing), political censorship (only supports MailChimp) By David F. Carr
rvg-optimize-database ; ss conflicts
rw-quick-page-and-post-redirects ; bad practice
saksh-wp-smtp ; blacklist risk (smtp)
salt-shaker ; ss conflicts
sar-friendly-smtp ; blacklist risk (smtp)
scripts-n-styles ; not maintained, bad practice (no central settings to manage assets) By unFocus Projects
scripts-to-footerphp ; creates instability, bad practice
search-by-algolia-instant-relevant-results ; deprecated
search-console ; excessive API calls, bad practice (login to GSC instead) ; By Tropicalista
secupress ; excessive logging
secure-html5-video-player ; serious errors, not maintained
/seed-social/ ; not maintained
/segmentio/ ; deprecated, serious errors
selfhost-google-fonts ; pointless, creates instability, several conflicts with page builders etc
sem-author-image ; not maintained, better options exist
semrush-seo-writing-assistant ; poor coding, database thrashing, resource intensive, excessive API calls, pointless
send-email-from-admin ; not maintained, possibly exploitable
sendgrid-email-delivery-simplified ; does not work as of Jan 2021, serious errors, not maintained (By SendGrid)
SenestreGDPR ; better options exist, no public changelog
seo-advicer ; pointless (By ScorpionGod Lair)
seo-auto-links ; not maintained
seo-automated-link-building ; resource intensive, bad practice
seo-automatic-links ; not maintained
seo-alrp ; blackhat seo, pointless, not maintained
seo-booster ; excessive logging, resource intensive
seo-by-rank-math ; poor coding, serious errors, no public docs
seo-images-that-work ; pointless, not maintained
seo-monitor ; excessive logging
seo-optimized-images ; pointless, too limited
seo-optimized-share-buttons ; excessive logging, not maintained
seo-rank-analyser ; not maintained
/seo-redirection/ ; bloated, excessive logging (By Fakhri Alsadi)
seo-redirection-premium ; spammy, better options exist (by Clogica)
servebolt-optimizer ; vendor specific
sftp-details ; ss conflicts, insecure
sftp-details-littlebizzy ; ss conflicts, insecure
sg-cachepress ; vendor specific, ss conflicts
sg-security ; vendor specific, ss conflicts, bloated
/share-button/ ; excessive logging
share-center-pro ; not maintained
shareaholic ; adware, spyware, excessive logging
sharebar ; not maintained
/sharify/ ; not maintained, better options exist
sharing-is-caring ; not maintained
shipper ; vendor specific, bloated, requires dependencies, spamware (by WPMU Dev)
shopbop-widget ; database thrashing
shopkeeper-typekit-fonts ; vendor specific, error prone
shortcode-emojis ; bloated
/shortcode-ui/ ; serious errors, better options exist (By Fusion Engineering and community)
shortpixel ; bloated, generates junk files, resource intensive, potential broken file structure
shortpixel-image-optimiser ; bloated, generates junk files, resource intensive, potential broken file structure
show-google-analytics-widget ; pointless
showgplus ; deprecated
si-captcha-for-wordpress ; spamware, deprecated
simple-301-redirects ; exploitable (malware), better options exist (By WPDeveloper)
similar-posts ; database thrashing
simple-adblock-notice ; bloated, not maintained, creates instability (By Shrinivas Naik)
simple-cache ; ss conflicts
simple-chat ; not maintained
simple-custom-post-order ; creates instability, resource intensive
similar-posts ; resource intensive
simple-embed-code ; thrashing, resource intensive, bad practice
simple-emoji-reactions ; bloated, not maintained
simple-google-analytics ; creates instability (hosts web scripts locally)
simple-google-analytics-manager ; not maintained
simple-google-analytics-tracking ; not maintained
simple-google-plus-badge-widget ; deprecated
simple-google-plus-profile-badge-widget ; deprecated
simple-google-recaptcha ; serious errors, history of poor code (By Michal Novák)
simple-include ; not maintained, php hacks
simple-instagram-embed ; deprecated, exists in WP Core (By Mattias Hedman)
simple-ip-ban ; excessive logging, bad practice (should be done in WAF firewall or in front of server) by Sandor Kovacs
simple-login-log ; not maintained, potential excessive logging (not too bad currently) By Max Chirkov
simple-page-ordering ; creates instability
simple-post-thumbnails ; deprecated
simple-share-buttons-adder ; serious errors
simple-site-map-page ; bad practice (HTML sitemaps unnecessary)
/simple-sitemap/ ; pointless, must pay for correct functionality
simple-social-buttons ; exploitable, excessive logging, better options exist
simple-social-share ; not maintained
/simple-urls/ ; not maintained, excessive logging, bad practice (hard-codes URL prefix)
simply-sitemap ; bad practice (HTML sitemaps unnecessary)
simple-stripe-payments ; better options exist (by Brainstorm Force)
simple-taxonomy-ordering ; potential data loss, bad practice (By YIKES, Inc)
simple-wp-sitemap ; bad practice (HTML sitemaps unnecessary)
single-author-g-meta ; deprecated
single-category-permalink ; not maintained, creates instability
site-mailer ; bloated, requires third party SSO, better options exist (by Elementor)
sis-social-share ; not maintained
site-speed-monitor ; pointless
siteground-migrator ; vendor specific
sitelock ; bloated, ss conflicts
/sitemap/ ; deprecated
sitemap-page-embed ; not maintained, bad practice (HTML sitemaps unnecessary)
sitemap-simple ; bad practice (HTML sitemaps unnecessary)
sitemap-with-woocommerce ; bad practice (HTML sitemaps unnecessary)
sitespeed ; malware (as per Sucuri report)
sitewide-message ; not maintained
sitewide-notice-twdh ; deprecated, poor coding, no public changelog, better options exist (By The Web Design Hub)
skype-online-status ; deprecated
skysa-google-1-app ; deprecated
slick-popup ; deprecated, exploitable, authors ignored WordFence reports (by Om Ak Solutions)
slitweb-divi-lightbox-for-jetpack ; dependency blacklisted
sm_rssplugin ; fatal errors, not maintained
sm-google-plus ; deprecated
smooth-page-scroll-updown-buttons ; not maintained
smtp-mail ; blacklist risk (smtp)
smtp-mailer ; blacklist risk (smtp)
smtp-mailing-queue ; not maintained
sn-google-plus ; deprecated
snapshot ; unsafe local archives (by WPMU Dev)
social-discussions ; not maintained
social-fblog ; not maintained
social-glutton ; not maintained
social-impact-widget ; not maintained
social-media-feather ; not maintained, potential excessive logging
social-locker-content ; not maintained
social-network-user-detection ; pointless, not maintained
social-networks-auto-poster ; serious errors, no longer relevant (Nextscripts)
social-networks-auto-poster-facebook-twitter-g ; serious errors, no longer relevant (Nextscripts)
social-networks-facebooktwittergoogle ; not maintained
social-pug ; excessive logging
social-warfare ; exploitable (March 2019), excessive logging
social-warfare-pro ; exploitable (March 2019), excessive logging
SocialBuzz ; excessive logging, not maintained (envato)
socialize-plugin ; serious errors, no public docs
socials-ignited ; not maintained
solid-code-theme-editor ; deprecated, feature exists in WP Core (by Dagan Lev)
sosh-icons ; not maintained
speed-booster-pack ; ss conflicts
speed-up-optimize-css-delivery ; creates instability, bad practice (do not async CSS, use Inline Styles free plugin instead)
speedycache ; ss conflicts
spider_blocker ; no public docs, blackhat seo
squirrly-seo ; bloated, excessive logging, excessive api calls
sr-wp-minify-html ; ss conflicts, not maintained
st-social-links ; not maintained
stars-smtp-mailer ; blacklist risk (smtp)
statcounter-popular-posts ; pointless, not maintained
static-html-output-plugin ; ss conflicts
statify ; excessive logging
statpress ; deprecated, excessive logging
statpress-reloaded ; deprecated, excessive logging
statpress-visitors ; deprecated, excessive logging
sticky-header-effects-for-elementor ; hacks third-party design products
/stock-ticker/ ; pointless, resource intensive
stop-user-enumeration ; ss conflicts
storefront-header-picker ; bad practice, hacks third-party design products, poor coding
storefront-product-pagination ; deprecated
storefront-product-sharing ; not maintained, serious errors
storefront-sticky-add-to-cart ; deprecated
/stream/ ; excessive logging
strx-simple-sharing-sidebar-widget ; not maintained
subscribe2 ; spyware (via Appsero), better options exist (By weMail)
sucuri ; ss conflicts, bloated
sucuri-scanner ## ss conflicts, bloated
sumome ; bloated, not maintained, very poor performance, serious errors, history of poor maintenance
/sunny/ ; ss conflicts
super-emoji-plus ; bloated, not maintained
super-simple-social-media-widget ; not maintained
super-static-cache ; ss conflicts
/supersonic/ ; ss conflicts
SupportCenterMUAutoloader.php ; (Elegant Themes)
surbma-smtp ; blacklist risk (smtp)
surbma-yoast-seo-sitemap-to-robotstxt ; bad practice, hacks other vendors
sweetcaptcha ; active malware
sweetcaptcha-revolutionary-free-captcha-service ; active malware
swift-performance ; bloated, ss conflicts
switch-to-astra ; bad practice (by Brainstorm Force)
sx-easy-going-smtp ; blacklist risk (smtp)
syntaxhighlighter ; exploitable, abandoned (by Alex Mills)
target-notifications ; political censorship (only supports MailChimp) By Simple Plugins
/taxonomy-metadata/ ; not maintained (By mitcho)
taxonomy-terms-order ; hijacks wp core, creates instability (By Nsp-Code)
tco-google-analytics ; no public changelog (By ThemeCO)
td-social-counter ; not maintained, possible excessive logging (TagDiv Social Counter)
technoscore-bing-conversion-tracking ; pointless (generic snippet function), not maintained (by Technoscore)
temporary-login-without-password ; exploitable, pointless
tentblogger-optimize-wordpress-database-plugin ; not maintained
tenweb-speed-optimizer ; ss conflicts
term-management-tools ; not maintained, creates instability, potential data loss
/testimonials/ ; poor coding, no public changelog (E2W Plugins whitelabel)
tevik-minimized ; ss conflicts
tfm-google-product-feed ; abandoned, serious errors (by Themes For Me)
thank-me-later ; not maintained, probably a bad idea
the-loading-bar ; not maintained, bad practice
the-open-graph-protocol ; not maintained
the-preloader ; bad practice, serious errors (By Alobaidi)
theme-my-login ; hijacks wp admin, creates instability, history of poor coding, serious errors
themediv-social-widget ; not maintained
themetrust-social ; not maintained, no public changelog, better options exist
thrive-ab-page-testing ; excessive logging, creates instability
thrive-clever-widgets ; exploitable, hijacks wp core, bad practice, poor coding, better options exist
thrive-comments ; excessive logging, creates instability, feature exists in wp core
thrive-headline-optimizer ; excessive logging, pointless (does not take into account Google cache delay, etc)
thrive-intercom-beta ; deprecated, not for production servers
thrive-leads ; exploitable, fatal errors, excessive logging, resource intensive, possibly exploitable
thrive-ovation ; poor coding, serious errors, no public changelog, better options exist (by Thrive Themes)
thrive-product-manager ; all kinds of problems with their plugins for many years
thrive-ultimatum ; exploitable, excessive logging, poor coding, serious errors, no public docs
thrive-visual-editor ; exploitable, fatal errors, private page builder, resource intensive (Thrive Architect a.k.a. Thrive Content Builder)
thrive-quiz-builder ; exploitable, poor coding, hijacks wp admin, excessive logging (By Thrive Themes)
thinkific-uploader ; looks to be exploitable
timed-content-for-beaver-builder ; hacks third-party design products (by Brainstorm Force)
timeline-for-beaver-builder ; hacks third-party design products (by Brainstorm Force)
timthumb ; exploitable
timthumb-vulnerability-scanner ; not maintained
tinymce-custom-styles ; creates instability
title-and-nofollow-for-links ; fatal errors (By WPKube)
title-remover ; deprecated
toolbar-extras-oxygen ; hacks other vendor products
toolkit-for-envato ; serious errors, not maintained
ToolsPack ; active malware
/top-10/ ; excessive logging (By Ajay D'Souza)
total-archive-by-fotan ; not maintained, ss conflicts, resource intensive, unsafe local archives
total-donations ; exploitable, not maintained
totaldonations ; exploitable, not maintained
tracemyip ; ss conflicts, resource intensive, excessing logging
tracemyip-visitor-analytics-ip-tracking-control ; ss conflicts, resource intensive, excessing logging
turbosmtp ; blacklist risk (smtp)
turn-rank-math-faq-block-to-accordion ; add-on to blacklisted plugin
tw-pagination ; not maintained, better options exist (By Igor Vučković)
tweet-blender ; not maintained
/tweet-this/ ; deprecated
/tweetable/ ; not maintained, serious errors
types-access ; deprecated
/twitter/ ; deprecated
uber-login-logo ; not maintained
uji-countdown ; serious errors, not maintained
ultimate-addons-for-beaver-builder ; creates instability, hacks another add-on plugin, no public docs
ultimate-addons-for-beaver-builder-lite ; hacks third-party design products (by Brainstorm Force)
ultimate-carousel-for-elementor ; hacks third-party design products (By Nasir Ahmad)
Ultimate_VC_Addons ; hacks third-party design products (by Brainstorm Force)
ultimate-elementor ; hacks third-party design products (By Brainstorm Force)
ultimate-facebook-comments-email-notify ; not maintained
ultimate-member ; exploitable, hijacks wp core, only supports MailChimp (political censorship) By Ultimate Member
; um-mailchimp
; um-mycred
; um-profile-completeness
; um-social-login
ultimate-security-checker ; not maintained, serious errors, unclear purpose
ultimate-reset ; ss conflicts, potential data loss
ultimate-social-media-icons ; excessive logging
ultimate-social-media-plus ; hijacks wp admin, excessive logging, excessive API calls, bloated (By social share pro)
ultimate-wp-reset ; ss conflicts, potential data loss
unlimited-elements-for-elementor ; hacks third-party design products (By Unlimited Elements)
unlist-posts ; creates instability (by Brainstorm Force)
/unyson/ ; spammy, serious errors, excessive resource usage, better options exist
update-alt-attribute ; not maintained, creates instability (cannot be removed), bad practice
uploadify ; exploitable
upress ; vendor specific
use-any-font ; bad practice, creates instability, several conflicts with page builders etc
use-google-libraries ; creates instability, not maintained
user-login-history ; excessive logging
usm-premium ; excessive logging (ultimate-social-media-icons)
varnish-http-purge ; ss conflicts
vaultpress ; ss conflicts
vc_clipboard ; hacks third-party design products, poor coding (By bitorbit) aka Visual Composer Clipboard
vcaching ; ss conflicts
vcp-events ; deprecated
versionpress ; ss conflicts, resource intensive
/versions/ ; ss conflicts, not maintained
very-simple-password ; not maintained
vevida-optimizer ; ss conflicts, creates instability
viber-spy-pro ; spyware, no public docs
viberspypro ; spyware, no public docs
video-embed-optimizer ; not maintained
vihv-speed-up ; not maintained
visitor-stats-widget ; not maintained, excessive logging
visitors-traffic-real-time-statistics ; bloated, excessive logging
vm-backups ; not maintained, ss conflicts, resource intensive, unsafe local archives
vsf-simple-stats ; deprecated, excessive logging
w3-total-cache ; bloated, ss conflicts, serious errors
warm-cache ; resource intensive, ss conflicts
/wassup/ ; excessive logging, not maintained
way2enjoy-compress-images* ; deprecated, malware?
wc-cancel-order ; creates instability
wc-password-strength-settings ; exploitable, not maintained, serious errors, pointless (should be WP-level)
we-minify-html ; ss conflicts
webcraftic-updates-manager ; creates instability (blocks security updates)
webp-converter-for-media ; creates instability (changes file paths), potential data loss
webp-express ; creates instability (changes file paths), potential data loss
webriti-smtp-mail ; not maintained
website-blacklist-monitor ; pointless, should not be plugin
webzunder ; deprecated, not maintained
wedesin-html-sitemap ; not maintained, bad practice (HTML sitemaps unnecessary)
wesafe ; vendor specific (upress)
whoosh-traffic ; not maintained
white-label-cms ; creates instability, hurts security, better options available
wicked-folders ; creates instability, resource intensive (ajax)
widget-title-links ; not maintained (by @ragulka on GitHub)
widgets-controller ; not maintained, serious conflicts (by IndiaNIC)
widgplus-google-widget ; deprecated
winsite-image-optimizer ; creates instability
wistia-wordpress-oembed-plugin ; serious errors, outdated code, not maintained
wordpress-23-related-posts-plugin ; resource intensive
wordpress-database-reset ; exploitable, history of poor code, not for production (by WebFactory)
wordpress-extended-content-analysis-yoast ; not maintained, resource intensive, hacks other vendors, pointless
wordpress-facebook-like-plugin ; deprecated
wordpress-firewall-2 ; ss conflicts, creates instability
wordpress-gzip-compression ; ss conflicts, not maintained, bad practice (Gzip should be server-level)
wordpress-mu-domain-mapping ; ss conflicts
wordpress-popular-posts ; resource intensive
woo-confirmation-email ; exploitable, poor coding
woo-gutenberg-products-block ; ss conflicts, serious errors
; woo-permalink-manager ; bad practice
woodojo ; deprecated
woocommerce-abandoned-cart ; exploitable, poorly coded, serious errors
woocommerce-admin ; resource intensive, poor coding, serious conflicts with other scripts, not yet stable
woocommerce-ajax-filters ; exploitable (spam links), serious errors, bloated, database thrashing, history of poor coding and exploits (By BeRocket)
woocommerce-checkout-field-modifier ; spyware company, poor coding, serious errors, better options exist (MyThemeShop)
woocommerce-jetpack ; bloated, creates instability, serious errors, bad practice
woocommerce-jquery-cookie-fix ; unstable
woocommerce-login-and-registration ; hijacks wp core functions, creates instability, potentially exploitable (By phoeniixx)
woocommerce-products-already-added-to-cart-or-purchased ; spyware company, poor coding, serious errors (MyThemeShop)
woocommerce-product-archive-customiser ; not maintained, creates instability, serious errors (By jameskoster)
woocommerce-product-mirroring ; database thrashing, no public changelog (By Pablo Cruz Digital)
woocommerce-qtranslate-x ; not maintained, database thrashing
woocommerce-seo ; blacklisted dependencies (Yoast SEO)
woocommerce-services ; ss conflicts, bloatware, spamware
wonderm00ns-simple-facebook-open-graph-tags ; serious errors
woocommerce-social-media-share-buttons ; not maintained
woocommerce-vendor-stores ; serious errors
woocommerce-wholesale-lead-capture ; database thrashing, resource intensive, poor coding (by Rymera Web)
woocommerce-wholesale-prices ; database thrashing, resource intensive, poor coding (by Rymera Web)
woocommerce-wholesale-prices-premium ; database thrashing, resource intensive, poor coding (by Rymera Web)
woocommerce-wholesale-order-form ; database thrashing, resource intensive, poor coding (by Rymera Web)
woocommerce-zoomifier ; deprecated, serious errors, js conflicts, better options exist
woosidebars ; not maintained (By WooCommerce)
woosidebars-sbm-converter ; deprecated
woothemes-updater ; deprecated
wordfence ; bloated, political censorship (disabled security for paying Russian customers)
wordfence-login-security ; ss conflicts
wordpress-extended-content-analysis-yoast ; pointless, not maintained
wordpress-faq-manager ; serious errors, not maintained (by Andrew Norcross)
wordpress-firewall-2 ; deprecated
wordpress-hit-counter ; not maintained, excessive logging
wordpress-https ; better options exist
wordpress-gzip-compression ; ss conflicts
wordpress-ping-optimizer ; pointless
wordpress-popular-posts ; thrashing, resource intensive
wordpress-redis-backend ; ss conflicts
wordpress-rss-multi-importer ; deprecated 
wordpress-seo ; spyware, spammy, cronyism, hijacks WP Admin, history of poor coding, bloated, excessive logging, excessive API calls (aka Yoast SEO)
wordpress-seo-premium ; spyware, exploitable, bad practice (e.g. auto-301), bloated, excessive logging, excessive API calls (aka Yoast SEO Premium)
/wordpress-starter/ ; vendor specific (SiteGround), pointless
wordpresscom-popular-posts ; not maintained, bloated dependencies
work-the-flow-file-upload ; deprecated, exploitable
/worker/ ; resource intensive, ss conflicts, creates instability, vendor specific (GoDaddy ManageWP)
worpit-admin-dashboard-plugin ; ss conflicts
wp-404-auto-redirect-to-similar-post ; serious errors, database junk, creates instability, bad for SEO (By hwk-fr)
wp-add-mime-types ; ss conflicts, not maintained
wp-admin-protection ; ss conflicts, pointless
wp-advanced-importer ; serious errors, not maintained
wp-amazon-ses-smtp ; blacklist risk (smtp)
wp-analytify ; bloated, pointless, excessive api calls
wp-analytify-pro ; bloated, pointless, excessive api calls
wp-asset-clean-up ; creates instability, bad practice (prevents browser pre-loading resources, etc) By Gabriel Livan
wp-author-date-and-meta-remover ; serious errors, bad practice, not maintained
wp-avoid-slow ; not maintained
wp-backitup ; ss conflicts, resource intensive, unsafe archives
wp-backup-bank ; ss conflicts
wp-browser-update ; pointless
wp-cam-tester ; php hacks, ss conflicts, pointless
wp-category-posts-list ; not maintained (by Swashata)
wp-central ; remote dashboards, exploitable (By Softaculous)
wp-cerber ; bloated, creates instability, ss conflicts, excessive logging
wp-clean-up-optimizer ; ss conflicts, bloated, resource intensive, database junk, excessive logging
wp-cleanfix ; serious errors, ss conflicts
wp-cloudflare ; not maintained, ss conflicts
wp-clone-by-wp-academy ; ss conflicts, resource intensive, unsafe local archives
wp-comment-push ; not maintained, serious errors
wp-complete-backup ; deprecated, ss conflicts, resource intensive
wp-config-file-editor ; ss conflicts
/wp-contact-widget/ ; spyware company, poor coding, serious errors, better options exist (MyThemeShop)
wp-content-copy-protector ; pointless
wp-content-copy-protection ; pointless
wp-controls ; deprecated
wp-copysafe-web ; exploitable, pointless, bad for SEO, bad practice
wp-copysafe-pdf ; exploitable, pointless, bad for SEO, bad practice
wp-criticalcss ; creates instability, not maintained
wp-data-access ; bad practice, creates instability, likely exploitable
wp-database-backup ; exploitable, ss conflicts, unsafe local archives
wp-database-optimizer ; not maintained
wp-db-backup ; resource intensive, unsafe local archives
wp-db-backup-made ; resource intensive, unsafe local archives
wp-db-optimizer ; not maintained
wp-db-table-editor ; bad practice, creates instability
wp-dbmanager ; ss conflicts, resource intensive, unsafe local archives
wp-defender ; ss conflicts, bloated (by WPMU Dev)
wp-deferred-javascripts ; not maintained, serious errors, bad practice
wp-denyhost ; not maintained, ss conflicts
wp-easy-contact ; political censorship (only supports MailChimp) By eMarket Design
wp-easy-smtp ; blacklist risk (smtp)
wp-easy2map ; exploitable (per WOrdfence), deprecated
wp-edit ; better alternatives, feature exists in wp core, prone to errors
wp_edit_pro ; better alternatives, feature exists in wp core, prone to errors
wp-editor-widget ; exists in wp core, creates instability
/wp-email/ ; blacklist risk (smtp)
wp-email-delivery ; better options exist
wp-email-smtp ; blacklist risk (smtp)
wp-email-login ; deprecated
wp-embed-facebook ; poor coding, serious errors
wp-emoji-one ; bloated, not maintained
wp-engine ; vendor specific
wp-external-links ; pointless, bizarre code, serious conflicts, bloated (By WebFactory Ltd)
wp-facebook-plugin ; not maintained
wp-fail2ban ; ss conflicts, excessive logging (By Charles Lecklider)
wp-fastest-cache ; ss conflicts
wp-fastest-cache-premium ; ss conflicts
wp-favorite-posts ; not maintained
wp-file-cache ; ss conflicts, not maintained
wp-file-manager ; being used in malware attacks
wp-fontsize ; bad practice, not maintained
wp-force-http ; ss conflicts, bad idea
wp-force-https ; better options exist
wp-force-ssl ; not maintained
wp-gdpr-compliance ; exploitable, bloated
wp-gmail-smtp ; blacklist risk (smtp)
wp-google-analytics-events ; hijacks wp admin (By PineWise)
wp-google-plus-connect ; deprecated
/wp-google-translate/ ; spyware company, poor coding, serious errors, better options exist (MyThemeShop)
wp-gzip ; ss conflicts, not maintained
wp-hide-dashboard ; not maintained
wp-hide-post ; not maintained, serious errors (by ScriptBurn)
wp-hide-security-enhancer ; ss conflicts, creates instability
wp-hosting-performance-check ; resource intensive
wp-hotmail-smtp ; smtp blacklist risk
wp-html-page-sitemap ; not maintained, bad practice (HTML sitemaps unnecessary)
wp-hummingbird ; bloated, ss conflicts
wp-image-lazy-load ; not maintained
wp-inline-js-converter ; ss conflicts, not maintained
/wp-inspect/ ; serious errors, not maintained, not for production sites
wp-instagram-widget ; deprecated (by @scottsweb on GitHub)
wp-jquery-lightbox ; not maintained
/wp-js/ ; not maintained
wp-last-modified ; not maintained
free-sales-funnel-squeeze-pages-landing-page-builder-templates-make ; exploitable (per Wordfence), spammy, pointless (WP Lead X Plus)
wp-letsencrypt-ssl ; ss conflicts, hijacks wp admin (by Go Web Smarty)
wp-limit-login-attempts ; excessive logging
wp-live-chat-support ; injects malware, exploitable
wp-login-delay ; ss conflicts
wp-login-recaptcha ; not maintained
wp-logo-showcase-responsive-slider-slider ; exploitable (by WP Online Support?)
wp-mail-bank ; smtp blacklist risk
wp-mail-booster ; smtp blacklist risk
wp-mail-smtp-mailer ; not maintained, smtp blacklist risk
wp-mail-smtp-sendgrid-edition ; smtp blacklist risk
wp-mailgun-smtp ; exploitable, bad practice, smtp blacklist risk
/wp-maintenance/ ; exploitable, bloated, better options exist
wp-maximum-execution-time-exceeded ; php hacks
/wp-mega-menu/ ; spyware company, poor coding, serious errors, better options exist (MyThemeShop)
wp-memory-db-indicator ; deprecated
wp-meta-and-date-remover ; exploitable, poor coding
wp-meteor ; ss conflicts
wp-minify ; not maintained
wp-minify-fix ; ss conflicts, not maintained
wp-minify-static ; ss conflicts
wp-missed-schedule ; resource intensive, exists in wp core
wp-modula ; banned vendor (Alex Panagis)
wp-most-popular ; excessive logging, resource intensive
wp-native-dashboard ; deprecated
wp-nested-pages ; resource intensive, exploitable, possible data loss
wp-no-category-base ; better options available
wp-no-external-links ; exploitable, pointless
wp-no-taxonomy-base ; not maintained, serious errors
wp-notification-bars ; spyware company, poor coding, serious errors, better options exist (MyThemeShop)
wp-optimize ; ss conflicts
wp-options-editor ; not maintained
wp-options-manager ; not maintained
wp-page-widget ; bad practice, serious errors, JS conflicts, not maintained
/wp-performance/ ; ss conflicts (By alaca)
wp-performance-pack ; not maintained
wp-performance-score-booster ; ss conflicts
wp-performance-security ; not maintained, bizarre code
wp-php-widget ; deprecated, creates instability
wp-phpmyadmin ; exploitable, creates instability
wp-phpmyadmin-extension ; exploitable, creates instability (By Puvox.software)
wp-post-formats ; deprecated (a.k.a. cf-post-formats by Crowd Favorite)
wp-postviews ; excessive logging, not maintained
wp-power-stats ; excessive logging
/wp-quiz/ ; spyware company, poor coding, serious errors, better options exist (MyThemeShop)
wp-rankie ; resource intensive, excessive logging
wp-realtime-sitemap ; not maintained, bad practice (HTML sitemaps unnecessary)
/wp-recaptcha/ ; deprecated
wp-redis ; ss conflicts
wp-redis-cache ; ss conflicts
wp-redis-object-cache-dropin ; ss conflicts
wp-remove-query-strings-from-static-resources ; ss conflicts
wp-remote-site-search ; pointless, resource intensive (by Brainstorm Force)
wp-reset ; ss conflicts, potential data loss
wp-resources-url-optimization ; not maintained
wp-retina-2x ; ss conflicts (CloudFlare), resource intensive, creates junk files, bad practice (should be done by CDN)
wp-retina-2x-pro ; ss conflicts (CloudFlare), resource intensive, creates junk files, bad practice (should be done by CDN)
/wp-review/ ; spyware company, poor coding, serious errors, better options exist (MyThemeShop)
wp-rocket ; bloated, ss conflicts
wp-rocket-static-exclude-defer-js ; ss conflicts
wp-roids ; ss conflicts, creates instability
wp-roilbacks ; malware
wp-rollback ; bloated
wp-scheduled-posts ; exists in wp core, creates instability, spamware
wp-script-optimizer ; ss conflicts, creates instability
wp-security-audit-log ; excessive logging
wp-security-audit-log-for-paid-memberships-pro ; excessive logging
wp-sendgrid-smtp ; blacklist risk (smtp)
wp-seo-html-sitemap ; not maintained, bad practice (HTML sitemaps unnecessary)
wp-server-stats ; ss conflicts
/wp-shortcode/ ; requires ImageMagick?, spyware company, poor coding, serious errors, better options exist (MyThemeShop)
wp-simple-html-sitemap ; bad practice (HTML sitemaps unnecessary)
wp-site-migrate ; vendor specific (wp engine)
wp-sitemap-page ; bad practice (HTML sitemaps unnecessary)
wp-slimstat ; exploitable, excessive logging
/wp-smtp/ ; blacklist risk (smtp)
wp-smtp-config ; not maintained
wp-smtp-mailer ; blacklist risk (smtp)
wp-smush-pro ; bloated, resource intensive, potential broken file structure, creates instability, vendor specific (WPMUDev)
wp-smushit ; bloated, resource intensive
wp-social-importer ; resource intensive, copyright issues, seo penalties
wp-social-networks-widget ; not maintained
wp-socialshareprivacy ; not maintained
wp-spam-fighter ; not maintained (by Henri Benoit)
wp-speed-404 ; excessive logging
wp-speed-of-light ; ss conflicts
wp-ssl-redirect ; better options exist
wp-statistics ; excessive logging
wp-stats ; excessive logging
/wp-subscribe/ ; spyware company, poor coding, serious errors, better options exist (MyThemeShop)
/wp-subscribe-pro/ ; spyware company, poor coding, serious errors, better options exist (MyThemeShop)
wp-super-cache ; ss conflicts
wp-super-cache-clear-cache-menu ; ss conflicts
/wp-symposium/ ; exploitable, deprecated?
/wp-tab-widget/ ; resource intensive, not maintained, spyware company, poor coding, serious errors, better options exist (MyThemeShop)
wp-templator ; pointless, bloated (by Brainstorm Force)
/wp-testimonials/ ; spyware company, poor coding, serious errors, better options exist (MyThemeShop)
wp-themes-plugins-stats ; pointless (by Brainstorm Force)
wp-time-capsule ; bloated, excessive logging, creates instability
wp-time-to-read ; spyware company, poor coding, serious errors, better options exist (MyThemeShop)
wp-user-profile ; bizarre code, not maintained
wp-version-in-query-string-modifier ; not maintained
wp-vi-duplicate-posts ; cant remember why
wp-yahoo-smtp ; blacklist risk (smtp)
/wp1/ ; deprecated
wpa-seo-auto-linker ; serious errors, creates instability
wpb-elementor-addons ; hacks third-party design products (By wpbean)
wpe-configuration ; vendor specific (WP Engine)
wpcf7-redirect ; bad practice
wpcloaker ; blackhat seo, bad idea
wpdbspringclean ; not maintained
wpe-advanced-cache-options ; vendor specific
wpengine ; vendor specific
wpfeedback ; bloated
wpide ; idk
wplang-lite ; not maintained
wpmerchant ; political censorship (only supports MailChimp) By WPMerchant
wpmudev-updates ; ss conflicts, does not play nice with other extensions, wp admin hijacking
wpo-tweaks ; ss conflicts
wpp-link-social ; not maintained
wpperformancetester ; resource intensive
wpremote ; remote managers, creates instability, database junk, etc
wps-bidouille ; bizarre code, creates instability
wps-hide-login ; creates instability, ss conflicts (by tabrisrp, WPServeur, nicolaskulka / fork of @ellatrix on GitHub)
ws-google-plus-widget ; deprecated
wsecure ; ss conflicts
wpsecureops-bruteforce-protect ; not maintained
wpsecurity ; not maintained, unclear purpose
Wpshop ; exploitable, not maintained
ws-google-webmaster-tools ; deprecated (By WebShouters)
wysiwyg-widgets ; not maintained, creates instability
xcloner-backup-and-restore ; ss conflicts, resource intensive, unsafe local archives (By watchful.net)
xstream-google-analytics ; not maintained
xxx-common ; ss conflicts
xxx-notices ; ss conflicts
xxx-notices-littlebizzy ; ss conflicts
yakadanda-google-hangout-events ; deprecated
yandex-mail ; not maintained
yellow-pencil ; exploitable, creates instability, bad practice
yet-another-featured-posts-plugin ; not maintained
yet-another-related-posts-plugin ; resource intensive
yith-woocommerce-stripe ; poor coding, better options exist
yith-woocommerce-stripe-premium ; poor coding, better options exist
yith-woocommerce-wishlist ; exploitable, serious errors, resource intensive ; did it improve?
yoast-seo-search-index-purge ; ss conflicts, serious errors (worse seo), creates instability, generates sitemap junk
yoast-seo-settings-xml-csv-import ; blacklisted dependent plugin
yoast-test-helper ; blacklisted dependent plugin
yuzo-related-post ; deprecated, exploitable, resource intensive
zendesk-request-form ; malware company (Pipdig)
zero-bs-crm ; dependency blacklisted
zilla-likes ; deprecated, possible excessive cookies, better options exist ( By ThemeZilla / Pixel Union)
/zoomph/ ; not maintained
zox-alp ; resource intensive, no public docs, not maintained (Zox Auto Load Posts)
zzz-notices ; ss conflicts
zzz-notices-littlebizzy ; ss conflicts

;; match exact class names (case sensitive)
[blacklist classes]
Cloudways
cloudways
WooCommerceWholeSalePrices
WooCommerceWholeSalePricesPremium
WooCommerce_Wholesale_Lead_Capture
WooCommerce_WholeSale_Order_Form
wphp_init
FacebookForWordpress ; serious errors, poor coding, poor maintenance, better options exist (Official Facebook Pixel via GitHub)
wfWAF ; WordFence
ITSEC_Core ; iThemes Security

;; match exact function names (case sensitive)
[blacklist functions]
itsec_load_textdomain ; iThemes Security

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; Blacklist.txt: Future Blacklist (Pending Disallowed Plugins) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;; match any path (case insensitive)
;; for exact directory matches use slashes e.g. /revslider/

[graylist]
themeisle-companion ; bloated, hacks third-party design products (By ThemeIsle)
conditional-fields-for-elementor-form ; hacks third-party design products (By Cool Plugins)
aweber-web-form-widget ; political censorship (by Aweber)
fusion-core ; bloated, spinning, database thrashing, horrible in almost every way (by Avada theme)
fusion-builder ; bloated, lock-in (proprietary page builder) by Avada theme
product-catalog-feed-pro ; no public changelog, potential database thrashing?
baw-login-logout-menu ; not maintained (By Juliobox)
dps-columns-extension ; not maintained (By Bill Erickson on GitHub)
houzez-login-register ; feature exists in WP Core, no public changelog, bad practice (hijacks user registration)
powr-pack ; spyware, bad practice (major lock-in issues, antithetic to FOSS software) By Power.io
thegem-elements ; theme-specific design plugin (By Codex Themes)
; elementor-pro ; no support for Nginx servers (fatal errors if htaccess files not found) :: By Elementor
mega-addons-for-visual-composer ; hacks third-party design products (By Topdigitaltrends)
/gleam/ ; not maintained (By Crowd9)
uk-cookie-consent ; not maintained (By termly)
genesis-simple-hooks ; serious errors, potential data loss (activate/reactivate), causes lock-in (use normal shortcodes instead), not maintained (By StudioPress)
genesis-simple-edits ; deprecated (By StudioPress)
wp-no-tag-base ; not maintained, serious errors (seems to cause soft 404 errors) By Devin Walker
wp-no-category-base ; not maintained, better options exist (By iDope)
wishlist-member ; hijacks wp-login, exploitable
wishlist-dashboard ; no public changelog
contact-form-to-email ; only supports MailChimp (political censorship) By CodePeople
getwid ; only supports MailChimp (political censorship) By MotoPress
shopmagic-for-woocommerce ; only supports MailChimp (political censorship) By WP Desk
wp-members ;  only supports MailChimp (political censorship) By Chad Butler
wdv-mailchimp-ajax ; political censorship (By wdvillage)
miniorange-login-openid ; only supports MailChimp (political censorship)  By miniOrange
proteusthemes-mailchimp-widget ; political censorship (By ProteusThemes)
wp-chimp ; political censorship (By Thoriq Firdaus)
download-after-email ; only supports MailChimp (political censorship) By MK-Scripts
igniteup ; only supports MailChimp (political censorship) By Ceylon Systems
responsive-contact-form-mailchimp-extension ; political censorship (By August Infotech)
chimpbridge ; political censorship (By ChimpBridge)
form-maker ; only supports MailChimp (political censorship) By 10Web Form Builder Team
quick-contact-form ; only supports MailChimp (political censorship) By Fullworks
/user-registration/ ; only supports MailChimp (political censorship) By WPEverest
chatbot ; only supports MailChimp (political censorship) By QuantumCloud
fluentform ; only supports MailChimp (political censorship) By Contact Form - WPManageNinja LLC
pagerestrict ; not maintained (By Matt Martz & Andy Stratton)
um-mailchimp ; political censorship (for Ultimate Member)
guten-forms-mailchimp ; political censorship (By munirkamal)
send-emails-with-mandrill ; political censorship, By Miller Media (Matt Miller) aka MailChimp API
eu-opt-in-compliance-for-mailchimp ; political censorship (By YIKES)
mailchimp-as-a-registration ; political censorship (By PressPage Entertainment)
mailster-mailchimp ; political censorship (By EverPress)
mailchimp-for-formcraft ; political censorship (By nCrafts)
nmedia-mailchimp-widget ; political censorship (By Par nmedia)
woo-mailchimp-crm-perks ; political censorship (By CRM Perks)
simple-email-mailchimp-subscriber ; By WP Monkey's
testimonial-rotator ; not maintained, bad practice (schema abuse now considered gray-hat by Google) By Hal Gatewood
designthemes-core-features ; possibly not maintained, theme-specific CPTs (By DesignThemes)
quform-mailchimp ; political censorship (By ThemeCatcher)
mail-chimp-add-on-for-restrict-content-pro ; political censorship (By Sandhills Development)
yith-woocommerce-mailchimp ; political censorship (By YITH)
mailchimp-subscribe-sm ; political censorship (By PluginOps)
cf7-mailchimp ; political censorship (By CRM Perks)
woo-mailchimp-newsletter-discount ; political censorship (By zetamatic)
another-mailchimp-widget ; political censorship (By MotoPress)
mcpopup-popup-form-for-mailchimp ; political censorship (By Alobaidi)
mailchimp-for-woocommerce ; political censorship (By Mailchimp)
mailchimp-forms-by-mailmunch ; political censorship (By ibericode)
mailchimp-for-wp ; political censorship (By ibericode)
yikes-inc-easy-mailchimp-extender ; political censorship (By YIKES, Inc)
mailchimp-top-bar ; political censorship (By ibericode)
mailchimp-wp ; political censorship (By Fatcat Apps)
woocommerce-mailchimp ; political censorship (By Saint Systems)
contact-form-7-mailchimp-extension ; political censorship (By Renzo Johnson)
simple-membership-mailchimp-integration ; political censorship (By smp7, wp.insider)
pmpro-mailchimp ; political censorship (By Stranger Studios)
; ml-slider ; spyware
bridge-core ; no public changelog, history of bad practices (By Qode Themes)
easy-tables-vc ; no public changelog, better options exist (By WP Bakery)
ajax-campaign-monitor-forms ; not maintained (By Lee Willis)
seo-ultimate ; not maintained (By SEO Design Solutions)
; wp-add-custom-css ; bad practice (loads per-page custom CSS instead of site-wide) By Daniele De Santis
; contact-form-7 ; bloated, bad practice (creates /js/ folder and ignores WP best practices, etc) will not blacklist for a long while tho
formstack ; not maintained, serious errors
featured-sprout-grid ; hacks third-party design products (By Chelsey Hansson)
responsive-maps-plugin ; bloated, poor coding, better options exist (By greenline)
single-post-template ; not maintained (By Nathan Rice), bad practice (should be in a theme)
wp-recipe-maker ; bad practice (CPTs only support their own plugin), bloated, excessive API calls, no query strings (bad SEO/usability) ; By Bootstrapped Ventures
wp-recipe-maker-premium ; bad practice (CPTs only support their own plugin), excessive API calls, no query strings (bad SEO/usability) ; By Bootstrapped Ventures
wp-ultimate-recipe-premium ; bad practice (CPTs only support their own plugin), excessive API calls, no query strings (bad SEO/usability) ; By Bootstrapped Ventures
wp-ultimate-post-grid ; bad practice (breaks up web design into various plugins, Essential Grid clone) ; By Bootstrapped Ventures
wp-ultimate-post-grid-premium ; bad practice (breaks up web design into various plugins, Essential Grid clone) ; By Bootstrapped Ventures
martfury-addons ; not maintained, no public changelog, hacks third-party design products (By DrFuri)
woocommerce-deals ; not maintained, no public changelog (By DrFuri)
variation-swatches-for-woocommerce-pro ; not maintained, no public changelog (By DrFuri)
/post-grid/ ; bad practice (breaks up web design into various plugins, Essential Grid clone) ; By PickPlugins
flexible-posts-widget ; not maintained (By DPE WS&D LLC)
featured-video-plus ; not maintained (By Alexander Höreth)
recommendwp-widgets ; not maintained
recommendwp-shortcodes ; not maintained
us-header-builder ; hacks third-party design products, creates instability, no public changelog, poor coding (By Upsolution / Us Themes)
getsitecontrol ; requires api validation, creates instability
saaspik-addons ; no public changelog, hacks third-party design products e.g. Elementor
upload-url-path-enabler ; ss conflicts, creates instability, potential data loss, not maintained (By Grégory Viguier)
essential-grid ; bloated, creates instability, bad practice (sets cookies, caching, etc), resource intensive (By ThemePunch)
sober-addons ; hacks third-party design products, theme-specific page builder (By UIX Themes)
photography-custom-post ; theme-specific custom post types (By ThemeGoods)
easy-google-fonts ; bloated, not maintained, bad practice (too many selectors, etc) (By Titanium Themes)
oauth-twitter-feed-for-developers ; not maintained (but appears to work okay for now, by Liam Gladdy (Storm Consultancy))
divi_extended_column_layouts ; hacks third-party design products, no public changelog (By Sean Barton, Tortoise IT)
; ao-content-upgrades ; no public changelog (By contentupgrades.io)
; ao-landing-pages ; no public changelog (By contentupgrades.io)
genesis-title-toggle ; hacks third-party design products (By Bill Erickson)
optin-lock ; deprecated, no public changelog (By Boris Beo)
elegant-themes-icons ; not maintained, hacks third-party design products (By Mayur Somani, threeroutes media)
jet-menu ; hacks third-party design products (By Crocoblock)
oh-add-script-header-footer ; poor coding, spammy, not maintained, better options exist (By orenhav (SOGO))
; pretty-link ; resource intensive, poor coding, hijacks wp admin, randomly removes free features to PRO, spammy ; (By Blair Williams and cartpauj)
; ontrapages ; serious errors, poor coding (By Ontraport)
events-addon-for-elementor ; hacks third-party design products (By NicheAddons)
; custom-order-statuses-woocommerce ; hijacks WooCommerce Core features (By Tyche Softwares) seems better now
vafpress-framework ; not maintained (By Vafour)
vafpress-framework-plugin ; not maintained (By Vafour)
vafpress-post-formats-ui ; not maintained (By Vafour)
vafpress-post-formats-ui-develop ; not maintained (By Vafour)
ad-ace ; no public changelog, theme-specific code (By Bimber / bringthepixel)
memberful-wp ; bloated, spyware (By Memberful)
adrotate ; bloated, excessive logging (By Arnan de Gans)
adrotate-pro ; bloated, excessive logging (By Arnan de Gans)
tracking-code-manager ; bloated, violates GPL terms (blocks access without license renewal), history of poor coding, history of serious errors (by IntellyWP)
elf-links ; not maintained, no public changelog, by Success Elf
legal-pages ; bloated, hijacks wp admin, function exists in wp core, By WPLegalPages Team
whats-your-reaction ; By bringthepixel
coschedule-by-todaymade ; bloated, excessive API calls, bad practice (does not belong inside WordPress), By CoSchedule
make-column-clickable-elementor ; hacks third-party design products (By Fernando Acosta)
native-ads-adnow ; abandoned (By Adnow)
responsive-welcome-bar ; bloated, excessive API/resource calls, bad practice (external header bar?) by Zotabox
loom-extras ; theme-specific custom post types (by TommusRhodus)
radiantthemes-addons ; theme-specific custom post types (by RadiantThemes)
radiantthemes-custom-post-type ; theme-specific custom post types (by RadiantThemes)
pt-theme-addon ; theme-specific custom post types (Promenade Theme)
wp-login-customize ; not maintained (By Anowar Anik)
sprout-shortcodes ; theme-specific shortcodes (By Envirra Theme / Envato)
dt-the7-core ; theme-specific custom post types (By Dream-Theme)
ns-facebook-pixel-for-wp ; improper code (limits to header), limited options, better options exist (by NSThemes)
addfunc-head-footer-code ; not maintained, better options exist, bad practice (hides snippets on page editor), anonymous
/disable-title/ ; not maintained, better options exist (by Frank Staude)
/zendesk/ ; poor coding, not maintained, better options exist (by Zendesk)
wens-responsive-column-layout-shortcodes ; not maintained (by Bhuwan Roka)
hgr_essentials ; not maintained, hacks other design products (Visual Composer) by HighGrade Themes
hgr_megafooter ; not maintained, hacks other design products (Visual Composer) by HighGrade Themes
hgr_megamenu ; not maintained, hacks other design products (Visual Composer) by HighGrade Themes
; kayako-messenger-live-chat ; not maintained 
; radcontrol ; requires Jetpack, not maintained
; popdom-themes-backup ; unknown purpose
/easy-table/ ; deprecated (by Takien)
hgr_vc_extender ; hacks other design products (by HighGrade Themes)
sociallocker-next-premium ; not maintained, serious errors (By OnePress)
helios-solutions-woocommerce-hide-price-and-add-to-cart-button ; pointless, bad practice (use "out of stock" or draft?)
be-subpages-widget ; not maintained
yith-woocommerce-zoom-magnifier ; serious errors, history of poor coding (by YITH Themes)
super-socializer ; possible excessive logging, bloated
/frontend-reset-password/ ; pointless, possible exploitable, bad practice (function exists in WP Core)
fullwidth-templates ; creates instability, hacks third-party design products (by Brainstorm Force)(by Brainstorm Force)
/upscribe/ ; slow CDN, bloated, better options exist
conditional-menus ; bad practice (horrrible for SEO and usability)
; geo-multi-location-map ; not maintained (by Omex Infotech)
; wp-less ; abandoned (By Oncle Tom)
; google-maps-widget ; poor maintenance, agency history of exploits and poor code (by WebFactory Ltd)
; yith-woocommerce-order-tracking ; scamware (does not send tracking unless you upgrade) by YITH Themes
; nex-forms ; no public changelog, better options exist
woocommerce-digital-download-free-shipping ; serious errors, not maintained
; /google-remarketing/ ; not maintained (but appears to work okay for now)
; comment-form-shortcode ; not maintained
/landing-pages/ ; serious errors, creates instability, poor coding
js_convertible_addons ; deprecated (Convertible Premium Theme Add-ons by Iman G.M. a.k.a. ThemeWisdom)
woocommerce-pretty-emails ; not maintained, abandoned
/posts-by-tag/ ; bloated, bizarre code, serious errors, poor maintenance
dynamic-featured-image ; poor coding, bad practice
/gallery-plugin/ ; serious errors, poor coding, better options exist (by BestWebSoft)
custom-menu-wizard ; pointless, creates instability
/cornerstone/ ; not maintained, better options exist
flynsarmy-iframe-shortcode ; not maintained
indeed-my-logos-vc ; not maintained, no public docs
js_composer_salient ; not maintained, creates instability (Salient Visual Composer)
js_composer ; bloated, history of fatal errors, codebase and branding constantly changing, private page builder (Visual Composer a.k.a. WP Bakery Page Builder a.k.a. Avada Builder)
sitepress-multilingual-cms ; bloated, exploitable, poor code (a.k.a. WPML)
wpml-string-translation ; bloated, exploitable, poor code (wpml)
wpml-media-translation ; bloated, exploitable, poor code (wpml)
wpml-translation-management ; bloated, exploitable, poor code (wpml)
/genesis-grid-loop/ ; not maintained
/featured-video/ ; not maintained, serious errors
; contentad ; possibly abandoned (By ContentAd)
; youtube-embed-plus ; excessive api calls, bloated, poor coding (e.g. many api calls on every page) By Embed Plus
; youtube-embed-plus-pro ; excessive api calls, bloated, poor coding (e.g. many api calls on every page) By Embed Plus
wp-masonry-layout ; not maintained
acf-image-crop-add-on ; serious errors, not maintained (by Anders Thorborg)
tfm-google-product-feed ; not maintained, better options exist
/slider-image/ ; deprecated (Huge IT Slider)
creativ-shortcodes ; deprecated, better options exist (by Jonathan Atkinson)
flexi-quote-rotator ; not maintained, serious errors
wp-user-frontend ; bloated, bad practice (too many functions), poor coding, hijacks wp admin
; category-country-aware ; not maintained (but still seems to work fine) by Andrew Wrigley
; ld-visual-customizer ; not maintained, changes other plugins, creates instability
; woocommerce-social-checkout ; possibly abandoned (by Lee Willis)
; woocommerce-ajax-add-to-cart-for-variable-products ; creates instability (by Rishi Mehta - Rcreators Websolutions)
; /instapage/ ; landing page imports, private page builder, creates instability
; /instapage/ ; serious errors (curl error 28), excessive api calls
; unbounce ; creates instability, closed source page builder, poor coding
; wp-better-emails ; not maintained
; export-featured-images ; abandoned but still seems to work
; /wp-less/ ; not maintained
; pixproof ; not maintained
; genesis-connect-woocommerce ; creates instability, bad practice, tries to replace native WC functions
; rel-nofollow-checkbox ; not maintained
; social-media-builder ; possible excessive logging
; contact-form-maker ; possible forced/secret tracking/spyware
; simple_click_tracker ; possibly not maintained, excessive logging, no public docs (by NAMS Toolkit)
; convertplug ; exploitable (WordFence report), no public docs, better options exist
; good-reviews-wp ; not maintained (by Theme of the Crop)
; just-in-time-sales-offers ; not maintained, author probation (by Rymera Web)
; just-in-time-sales-offers-premium ; not maintained, author probation (by Rymera Web)
; simple-file-downloader ; not maintained but seems still working well
; menu-buttons ; not maintained but seems still working well
; /slider/ ; better options exist (Huge IT Slider)
; indeed-social-media ; bad for seo/usability (content lockers)
; infusedwooPRO ; potential issues?
; custom-functions ; ss conflicts (don't add until Custom Functions MU plugin working perfectly)
; 7up-core ; possibly abandoned
; activemember360 ; needs to stop hijacking/redirecting WP Admin backend, seems to be other issues too
; advanced-responsive-video-embedder ; bloated, poor code, serious errors
; amp-plugin-manager ; possible ss conflicts (create MU plugin for another AMP plugin?) by Ahmed Kaludi, Mohammed Kaludi
; booster-plus-for-woocommerce ; bloated
; /clean-options/ ; not maintained (still kinda works)
; divi-builder ; bloated
; clickcease-click-fraud-protection ; poor coding, resource intensive, possibly not maintained
; divi_woo_layout_injector ; possible thrashing
; email-notification-on-admin-login ; excessive logging, pointless
; enable-media-replace ; dashboard hijacking (shortpixel)
; front-end-pm ; potential security nightmare
; /export-user-data/ ; not maintained (but still works for the moment)
; formlift-individual-styling ; deprecated (wrong, its been converted to private repo)
; forums-censure-pro ; possible resource intensive, no public docs (gVectors Team)
; geotargeting-pro ; possible resource intensive, possible database thrashing
; /jilt-for-edd/ ; fatal errors, excessive logging, possible excessive API usage
; clickcease-click-fraud-protection ; poor code, poor maintenance, better options exist (embed code directly)
; klaviyo ; not maintained, serious errors
; tiled-gallery-carousel-without-jetpack ; not maintained
; /linker/ ; not maintained
; /monarch/ ; possible excessive logging (elegant themes)
; nextgen-gallery ; bloated
; social-media-builder ; possible excessive logging
; single-post-template ; bad practice, not maintained
; pressapps-document ; no public docs
; sb-rss-feed-plus ; not maintained
; s2member ; serious errors, bloated
; reveal-ids-for-wp-admin-25 ; possible resource intensive
; /reviewer/ ; not maintained (Reviewer by Michele Ivani on CodeCanyon)
; flexible-shipping-ups ; poor coding, serious errors (may have been confused with another plugin, whitelist for now)
; voting-platform-feelbacks ; bloated, serious errors
; /taboola/ ; not maintained
; bsa-pro-scripteo ; serious errors, poor coding
; buddypress-media ; possibly serious errors, possibly not maintained
; title-and-nofollow-for-links ; creates instability, serious errors (by WPKube)
; tawkto-live-chat ; bloated
; td-composer ; not maintained, better options exist (TagDiv Composer)
; woo-permalink-manager ; creates instability
; woocommerce-side-cart ; ajax overload, creates instability
; wp-image-size-limit ; not maintained
; wufoo-shortcode ; not maintained (still working okay)
; /wp125/ ; not maintained
; category-country-aware ; possibly not maintained, possibly excessive API calls
; simple-social-buttons ; possible excessive logging
; simple-social-buttons-pro ; possible excessive logging
; image-source-control-isc ; pointless, creates instability, bad practice
; /wp-subtitle/ ; bizarre code (focused on Yoast SEO?), not maintained, better options exist
; us-header-builder ; deprecated
; wufoo-shortcode ; not maintained
; multipurpose-sliders
; mcw_fullpage (js_composer)
; /accelerated-mobile-pages/ ; amp, exploitable
; new-royalslider ; no public docs
; option-tree ; not maintained ; https://github.com/valendesigns/option-tree/
; wp-live-chat-support ; resource intensive
; wp-staging ; creates junk files, creates database junk, exploitable
; wp-staging-pro ; creates junk files, creates database junk, exploitable
; yotpo-social-reviews-for-woocommerce ; lock-in ware, poor performance (loads third party scripts)
; gp-premium ; possible bloated (GeneratePress Premium, GP theme add-on modules)
; woocommerce-customizer ; possibly abandoned (by SkyVerge)
; truconversion-connect ; possible abandoned, better options exist
; image-source-control-isc ; creates instability (should use WP Core or other approach for this e.g. caption)
; widget-logic ; not maintained
; single-post-template ; not maintained
; myworks-woo-sync-for-quickbooks-online ; possible excessive api calls, possible resource intensive
; pdfembedder-premium-secure ; possibly not maintained
; /menu-icons/ ; bad practice, creates instability, bloated
; /spacer/ ; creates instability
; gravityperks ; bloated, hacks other plugins, creates instability (by Gravity Wiz)
; digiproveblog ; pointless
; commercegurus-toolkit ; no public docs, possibly not maintained (Envato vendor add-on plugin)

;; match exact class names (case sensitive)
[graylist classes]
DummyGraylistClassForParsing

;; match exact function names (case sensitive)
[graylist functions]
dummy_graylist_function_for_parsing

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; Blacklist.txt: Pause Blacklist (Plugins You Should Deactivate When Not In Use) ;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;; match any path (case insensitive)
;; for exact directory matches use slashes e.g. /revslider/

[utility]
post-type-switcher ; utility (previously blacklisted but seems fine now)
wp-crontrol ; utility
enable-jquery-migrate-helper ; utility (By Automattic) aka jQuery Migrate library
all-in-one-wp-migration ; import/export
/batchmove/ ; utility
bulk-delete ; utility (By Sudar)
bulk-move ; utility
bulk-page-creator ; utility
better-search-replace ; utility
child-theme-configurator ; utility
coming-soon-maintenance-mode-from-acurax ; maintenance
crazyegg-heatmap-tracking ; testing tools
custom-field-bulk-editor ; utility
customer-import-export-for-woocommerce ; import/export (WebToffee)
customizer-export-import ; import/export
/debug-bar/ ; utility
debug-bar-console ; utility
; dev4press-updater ; vendor updates
; nex-forms ; non-dismissable admin hijacking ads
download-plugin ; utility
download-theme ; utility
easy-theme-and-plugin-upgrades ; import/export
; elegant-themes-updater-master ; vendor updates
export-categories ; import/export (By Shambhu Prasad Patnaik)
enable-media-replace ; utility
export-media-with-selected-content ; import/export
export-all-urls ; import/export
export-database ; import/export
export-user-data ; import/export
export-woocommerce ; import/export
export-woocommerce-pro ; import/export
file-manager ; utility
file-manager-advanced ; utility
force-regenerate-thumbnails ; utility
ggpkg-import ; import/export
heatmap-for-wp ; utility
hotjar ; testing
; ignitewoo-updater ; vendor updates
; mythemeshop-connect ; vendor updates
ld-content-cloner ; utility (learndash)
media-cleaner ; utility (By Jordy Meow)
memberpress-importer ; import/export (By MemberPress)
one-click-child-theme ; utility
one-click-demo-import ; import/export
order-import-export-for-woocommerce ; import/export
product-import-export-for-woo ; import/export
pw-bulk-edit ; utility
query-monitor ; utility
regenerate-thumbnails ; utility (now maintained by Automattic, R.I.P. Alex Mills)
regenerate-thumbnails-advanced ; utility (by ShortPixel)
replace-image ; utility
/search-replace/ ; utility (By manu225)
seo-data-transporter ; import/export (By StudioPress) ... might need to blacklist soon as no longer maintained
show-current-template ; utility
simple-301-redirects-addon-bulk-uploader ; import/export (By Webcraftic, Ash Durham)
string-locator ; utility
tls-1-2-compatibility-test ; utility
truconversion-connect ; utility
update-theme-and-plugins-from-zip-file ; import/export
users-customers-import-export-for-wp-woocommerce ; import/export (By WebToffee)
vc-templates-import-export ; import/export
; vendidero-helper ; vendor updates (germanized pro for woocommerce vendidero.de)
; video-user-manuals ; utility
what-the-file ; utility
widget-importer-exporter ; import/export
/wordpress-reset/ ; utility
wordpress-users-woocommerce-customers-import-export ; import/export (By WebToffee)
woo-bulk-editor ; utility
woo-order-export ; import/export
woo-order-export-lite ; import/export
woocommerce-advanced-bulk-edit ; utility
woocommerce-bulk-editor ; utility
woocommerce-exporter ; import/export
WooCommerce-order-export ; import/export
WooCommerce-order-export-pro ; import/export
woocommerce-product-csv-import-suite ; import/export
woocommerce-simply-order-export ; import/export
woocommerce-store-toolkit ; utility (By Visser Labs)
woocommerce-subscriptions-importer-exporter ; import/export
wow-media-library-fix ; utility (By WowPress.net)
wp-all-export ; import/export
wp-all-import ; import/export
wp-export-menus ; import/export
wp-file-manager ; utility
wp-migrate-db ; import/export
; wp-staging ; staging
; wpstagecoach ; staging
wp-store-locator-csv ; import/export
wp-sweep ; utility
wp-test-email ; utility (By Boopathi Rajan)
wp-ultimate-csv-importer ; import/export
wp-ultimate-exporter ; import/export
wordpress-importer ; import/export
yoast-seo-settings-xml-csv-import ; import/export
; dev4press-updater ; updaters
; ignitewoo-updater ; updaters
; elegant-themes-updater ; updaters

;; match exact class names (case sensitive)
[utility classes]
DummyUtilityClassForParsing

;; match exact function names (case sensitive)
[utility functions]
dummy_utility_function_for_parsing

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; SlickStack: External References Used To Improve This Script (Thanks, Interwebz) ;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;; Ref: wpvulndb.com, wordfence.com, sucuri.net, ait-pro.com, plugintests.com
;; Ref: exploit-db.com, packetstormsecurity.com, vulners.com, fortiguard.com, checkpoint.com
;; Ref: acunetix.com, rapid7.com, wpblacklistedplugins.com

;; Ref: https://wpvulndb.com/vulnerabilities/9223
;; Ref: https://wpfixit.com/improve-wordpress-speed/
;; Ref: https://wpengine.com/support/disallowed-plugins/
;; Ref: https://www.godaddy.com/help/blacklisted-plugins-8964
;; Ref: https://www.templatemonster.com/blog/40-wordpress-plugins-avoid-moving-managed-hosting/
;; Ref: https://www.knownhost.com/wiki/wordpress-hosting/plugin-blacklist
;; Ref: https://support.hostgator.com/articles/pre-sales-policies/optimized-wordpress-disallowed-plugins
;; Ref: https://www.wpintense.com/performance-old/wordpress-plugin-blacklist/
;; Ref: https://gowebsite.com/article/blacklisted-plugins.html
;; Ref: https://guide.hosting.aruba.it/hosting/hosting-wordpress-gestito/gestione-servizio-configurazione-spazio-web/lista-plugin-in-blacklist.aspx
;; Ref: https://www.crazydomains.com.au/help/wordpress-hosting-blacklisted-plugins/
;; Ref: https://getflywheel.com/wordpress-support/what-plugins-are-not-allowed/
;; Ref: https://support.pagely.com/hc/en-us/articles/201255990-Which-plugins-and-themes-are-allowed-
;; Ref: https://mediatemple.net/community/products/wordpress/204405734/which-plugins-and-activities-are-not-allowed-with-my-managed-wordpress-service
;; Ref: https://support.getshifter.io/faqs/unrecommended-wordpress-plugins
;; Ref: https://www.inhousegraphicsinc.com/blacklisted-wordpress-plugins-to-avoid/
;; Ref: https://simplenet.io/wordpress-plugins/
;; Ref: https://wp.cs.ucl.ac.uk/guidelines/disallowed-plugins/
;; Ref: https://www.hmeaworld.com/knowledgebase/10/WordPress-plugins-we-do-not-recommend.html?language=portuguese-pt
;; Ref: https://toshost.com/a/harmful-wordpress-plugins-for-your-website-which-we-do-not-recommend
;; Ref: https://www.jeffbullas.com/attacked-wordpress-plugins/

;; SS_EOF