Skip to content
English
  • There are no suggestions because the search field is empty.

Why Can't I Install My Own WordPress Plugins?

Can you install any WordPress plugin you find online? Not on our managed hosting platform, and here's why: it's a deliberate safety decision, not a limitation we take lightly.

The Short Answer

As a managed hosting provider, we restrict direct plugin installation because the vast majority of WordPress plugin and theme issues we see, and the vast majority of hacked, blacklisted, or destroyed websites we're asked to help recover, trace back to a plugin that was installed without being vetted, tested, or kept up to date. We control plugin and update installation so that every change is checked and deployed safely, protecting your site, your customers, and your business.

Details

What's actually out there

WordPress's open ecosystem is one of its biggest strengths, but it's also its biggest risk. Anyone can publish a plugin or theme, and once it's live, there's no guarantee it will ever be maintained. Across the plugins and themes available online, it's common to find:

  • Known security vulnerabilities that let attackers inject malware, steal data, or take over a site entirely
  • Deprecated or abandoned code that hasn't been updated in years and no longer works safely with current WordPress versions
  • Unsupported software with no active developer to patch issues when they're discovered
  • Little or no documentation, making it hard to know what a plugin actually does or how it was built
  • Memory leaks and performance bugs that slow sites down or cause server resource issues affecting all customers on shared infrastructure
  • Theme incompatibilities that break layouts, checkout flows, or core functionality when combined with other plugins

Any one of these can quietly compromise a site long before there's a visible symptom.

How managed hosting handles this differently

Instead of installing plugins and updates directly on your live site, our team pushes changes to a secure staging environment first. There, we can:

  • Test the plugin or update against your live site's exact configuration
  • Check for conflicts with your theme and other active plugins
  • Catch security or stability issues before they ever reach your visitors
  • Confirm the change works as expected before it goes live

Only after a change passes this process does it get deployed to your production site. This adds a short amount of time to any plugin request, but it removes the guesswork, and the risk, of installing unvetted code directly on a live business website.

What happens when this step is skipped

We've seen it firsthand with sites migrated to us from other hosts: a single outdated or malicious plugin can lead to a site being fully compromised, sometimes to the point where it can't be restored to a clean state. In many of these cases, the damage doesn't stop at the site itself. Search engines can flag a compromised site as unsafe, which can result in it being removed from search results or flagged with a warning to visitors, badly damaging traffic and trust that took years to build.

Recovering from that kind of compromise is far more costly, in both time and money, than the short review process a new plugin goes through on our platform.

Why this matters for you specifically

Cheaper or unmanaged hosting plans often allow unrestricted plugin installation because they aren't set up to review, test, or take responsibility for what gets installed. That flexibility can feel convenient, but it shifts all of the security risk onto you. As a managed provider, we take that risk on ourselves by controlling the update and installation process. It's a core part of what "managed" means with us.

Want a specific plugin installed?

You're not stuck without options. If there's a plugin or feature you need, reach out to our support team with the name of the plugin (or what you're trying to accomplish) and we'll:

  1. Review it for security, maintenance status, and compatibility with your site
  2. Test it in staging
  3. Deploy it to your live site once it's confirmed safe

Most requests are reviewed and, if approved, deployed within 48 hours.