Code snippets / File management / database plugins should be avoided

Don't use Code Snippet plugins, or plugins that allow you to modify PHP code on the server, or allow you to browse the database from within wp-admin. 

If you use code snippet plugins or file modification plugins in production, because they allow running arbitrary PHP code - you get no benefit from Code Freeze and are leaving your site open for abuse. Imagine if a malicious user got your login, or your session cookie what damage they can do! 

We've had numerous occasions where we have found code in the plugins directory that doesn't show up in the Wordpress admin, maliciously created via the ability to add code through the wp-admin. 

Storing code in the database and then eval'ing it is a terrible idea from a security & performance perspective.

Code that you need to add to the header / footer or to perform another task should be added in your theme or your functions.php and uploaded via sFTP. 

Likewise a plugin that allows you to directly make database modifications via the Wordpress admin should be avoided. 

Note that any of these plugins installed on your site will void our fix it for free hack guarantee. 

To install Google Analytics, Linkedin/Facebook pixels etc - best practice is to utilise Google Tag Manager we recommend the very good GTM4WP Plugin.