"Less is More" is the principle you always should have in mind when considering what plugins you should use in your WordPress installation. Any experienced developer knows that fewer lines of code means fewer bugs, fewer security holes.
Managed Hosting Providers like Servebolt, Kinsta and WP Engine already have highly optimised server setups, that take care of aggregation, optimization, gzip, caching and a lot more. Any alterations to this setup by plugins in WordPress is very likely to have a negative performance impact. Apart from this list, you can also review Kinsta Banned Plugins and WP Engine Disallowed Plugins - most of these recommendations are common for all Managed Hosting providers.
There is no need to install any form of Security plugin in WordPress. These plugins are often very large in code size, touch central parts of the WordPress core that should be left untouched, add logging, bad .htacess practices etc etc.
If you use strong passwords and your WordPress plugins are maintained and kept up-to-date, your site will be safe. Robots, crawlers and scripts will continuously probe your site for weaknesses, or test logins, but this is not dangerous or something you need to spend time on preventing.
If you want to prevent probing or secure parts of your application, external services like Cloudflare or Sucuri's Web Application Firewall (WAF) are much better options.
- All In One WP Security & Firewall
- iThemes Security
- Wordfence Security
- WP Hide & Security Enhancer
Any plugin that alters and adds to your .htaccess file is likely doing things it should not do. Servebolt's servers are already finely tuned for performance, static caching of elements and gzip - and if a plugin modifies Servebolt's default policies, it is guaranteed to doing either duplicate work, or changing something for the worse.
For example gzip should always be turned off in your WordPress, because Servebolt's servers gzip everything in nginx. If gzip is enabled in apache, nginx will have to unzip the file before re-zipping it, which will cause added latency and resource wasteing.
- fast-velocity-minify (doubles TTFB on many installations)
- Cache Enabler
- WP Fastest Cache
- WPML (This multi language plugin will destroy the structure of your database, and has a major performance degrading impact)
Complete list with Plugin Folder Names