Five Reasons You Should Not Use Pirated WordPress Plugins

Written by

Leo Koo

Written on

17th February 2016

Updated on

17th October 2022
WordPress Plugins

Have you heard of pirated WordPress plugins? If you have not, but are new to WordPress, there will be a point where you would bump into a Google link that points to some cheap WordPress plugin. At times way cheaper than normal prices. But should you purchase a pirated WordPress plugin? Here’s where we at Leokoo come in to help you.

Before we continue our discourse on what makes a WordPress plugin pirated, let me clarify some issues pertaining why we are using the word, “pirated”.1

  • While WordPress plugins fall under the GPL license, the GPL license only covers the code part of the plugin
  • This GPL license enables you to copy, modify, distribute and resell the code as you like
  • However, a plugin also comes with trademark rights for the creators/owners of the plugin. There is also a difference between registered and unregistered trademarks. Both are enforceable but with a different scope
  • Trademark rights enables the creator and owner of the plugin to stop you from reselling a plugin if it infringes the trademark rights owner
  • You can however, repackage the plugin into another name and logo. As long as this new name doesn’t bear resemblance to the original and doesn’t mislead customers, you can then redistribute the GPL software as you like
  • One good legal precedence is between Red Hat and CentOS
  • Some legal publications use the word, trademark piracy as the unauthorised use of trademarks

The process of creating a great WordPress plugin isn’t an easy one. It takes time, dedication and commitment to build a proper plugin, much less maintaining it. There is a need to verify the market for the plugin and then code it. After that, you need to maintain the codebase as WordPress is known for constantly changing with each version.

It is so much cheaper to download a pirated version of a WordPress plugin or theme than to buy it off the official developer’s site. Some of you might have heard or even purchased plugins off sites like GPLClub, Sozot and the likes, promising you free updates without support.

So why do we need to purchase it from the official developers themselves? Let us here at Leokoo help you with that.

1) Pirated WordPress Plugins May Be Already Hacked

Downloading WordPress plugins from some unofficial website might just get yourself hacked. Especially if you are downloading from some “nulled” plugin site that supposedly helps you from license checks.

Sucuri have written a great article about this.2 Here’s an excerpt of their article

GPL Plugins 4

Everyone knows that using pirated software is bad. Not just ethically bad. It’s stupid. Why trust people who don’t respect property, and whose business is stealing? Just ask yourself a question, where did they get so many paid software titles, and why do they give it away for free?

For some reason, many people download free plugins and use them on their sites. We see threads about this on WordPress.org forum. Note how they mention “not original“, “not official” when specifying the plugins where they found the malicious code. If you know it’s not original, why install it on your server? 

If you know it’s not original, why install it on your server?

It’s not always about the money. Oftentimes, it’s likely just a lack of knowledge. We’ve found these plugins on websites that made decent money for their owners, on sites that used upscale hosting solutions, and on websites with owners who were willing to pay for extra services. What makes them search for pirated plugins when they can afford paying for original plugins? What makes them install pirated plugins and risk losing site reputation through unwanted ads, redirects and malware? What makes them install pirated plugins if they may give control of their sites to hackers (via backdoors)? It is probably a lack of knowledge.

2) Pirated WordPress Plugins Needs Manual Updates

Now, if you happen to get a copy of the WooCommerce Subscription plugin, which has seen thousands of development hours put in by the Prospress team, and not have it hacked, pirated WordPress plugins still comes with their share of trouble.

At the very least, you need to constantly do manual updates when your plugin supplier / seller / repo / group tells you a new update is ready. This means going to FTP, deleting the old version and then uploading the new version. Try doing that if you have forty pirated plugins running around your backend and you will most probably get frustrated with the updates.

Now, that was the mild version. How about if there was a mission critical update that needs to be installed or your ecommerce store won’t run, or worse, hackers can seize your website. You might miss the update. Or you might go to all the repos / sources / sellers / suppliers and you find that you really can’t find it.

It becomes a security hazard

If you miss out on updating your site, you might end up hacked as well, this time not through some backdoor, nulled plugin, but due to your outdated plugin.3

3) Pirated WordPress Plugins Might Not Be Cheaper

So yeah, you are on a budget and you don’t trust those sites offering free plugins. Rather, you buy your copy from someone like WooGang, GPLClub or Sozot.com hoping you only need to buy at the next major update.

However, the next major update comes soon enough as a critical update is needed. So you repurchase the plugin again and again and again. And then it becomes marginally cheaper but without support.

Or you can subscribe to their club to get all plugins and updates. But the thing is, would they update the plugin the day it is updated officially? What is a delay in updates causes a security hazard like we mentioned previously?

And so, you might end up having to purchase a license from the premium plugin author just to patch things up. And then the next time it happens? Buy another premium plugin license?

Fooled me into thinking it is a bargain

The paradox of buying a premium plugin license is that, though it might be more expensive in the first place, it becomes cheaper a year later when you renew.

Here is Richard Stubbings of PracticalEcommerce’s experience buying a WooCommerce plugin from a “unsupported” site, which he then says “fooled him into thinking it is a bargain, when it actually is not

“Moreover, the terms and conditions include the very customer-unfriendly statement, “All payments towards WooGang Membership are non-refundable and any request or dispute will be rejected without any communication.” Only an idiot — i.e., me — would buy a plugin that is not supported and will never be updated, especially from a company that does not even own the software.

The WooCommerce Points and Rewards plugin is actually written by WooThemes and costs $129. WooThemes does indeed support and offer free upgrades to this plugin — if, naturally, you purchased it from that company. But Woogang fools users into thinking they are getting a bargain, not something of no value.

It is always worthwhile doing a few checks to avoid getting fooled by such sites. Pick the wrong site or the wrong software and you can be letting malware into your site. The site Woogang.com has a number of omissions that I should have noticed. To start with, there are no real contact details, just a form. There is no address, no phone number, and no business registration details.

Woogang.com’s terms and conditions spell out that you are not getting what you think you are. Also, I should have noticed that all the product images are screenshots from WooTheme pages with a “Sale!” image covering the WooTheme logo. I allowed myself to grab what seemed to be a bargain, instead of remembering the truism, “If it seems too cheap, then it is”. 4

4) Pirated WordPress Plugins Troubles The Authors

For every pirated copy you use, you deprive developers/authors of the ability to earn something, while empowering pirates who perhaps sell you a pirated version. Now, the problem with that is, more developers would eventually move to hosted SaaS solutions which could not be pirated and more expensive or get frustrated with the level of piracy.

GPL Plugins 2

Each plugin requires a lot of time and effort in order to work. While the spirit of the GPLv3 means that you are free to take a code, rework it or add to it and then resell it, pirating them doesn’t help.

Each plugin requires a lot of time to build

Furthermore, there are cases where pirated WordPress plugin users approach the official developers for support unknowingly, and had to be rejected for using a pirated copy. This is bound to trouble the developer (who wants to give support) and the customer (who wants and thought they should be supported)

Rather, if you are on a budget, look at CodeCanyon.net and the various WooCommerce plugins there. They might not be at the same level as official WooCommerce ones, but it is ok.

If you need help to know which are great WooCommerce plugins on CodeCanyon, just continue checking with Leokoo and we will help you with that.

5) Pirated WordPress Plugins Might Not Be Legal

While we like the concept of GPL and the ability to learn from other people’s codes, GPL doesn’t make the name and brand of the plugin to be without protection (i.e.: GPL-ed). Rather, if you study about RedHat and CentOS, CentOS always mentions RedHat as the upstream provider and not as RedHat.

GPL Plugins 3

Here is what some WordPress leaders have to say about GPL and the legality of selling someone else’s plugins without permission

Check out what Carl Hancock, the owner of Gravity Forms has to say below

“People seem to think that the code being GPL means the brand is GPL and you can do with it as you please. Sorry folks, that’s not the case. What happens when you use WordPress instead of WP in a domain name? They can go after your domain. Using someone else’s brand in a way they didn’t approve has legal ramifications that are outside the scope of the GPL. But that seems to be forgotten when people talk about the GPL as it relates to themes and plugins. The code within Gravity Forms may be GPL but the Gravity Forms brand most certainly is not.

If you want to give someone else’s premium theme or plugin away for free or even monetize it by giving it away for free and supporting it… then fork it and make it your own. Brand it as your own. The GPL let’s you do that with the code. But those well established brands themselves? They aren’t GPL. 5

Vova Feldman from Freemius explained this further when he got Intellectual Property Attorney, Ariel Reinitz to view his thoughts and then summarised it. Here’s an excerpt of his article

“However, open-source licenses (including the GPLv2) do not generally extend to trademarks. Trademarks pertain to the manner in which a product (e.g., a plugin, theme, app, etc.) is branded – e.g., the name of the product (and/or the company from which it originates), its tagline/slogan, and/or its logo. Thus, while the source code of a project may be freely redistributable under an open source license, such a license does not grant others any rights with respect to the trademarks associated with the project (e.g., the product’s name, the company that developed it, etc.).

In non-lawyer words – the GPL doesn’t allow to use any of the plugin’s trademark like the product’s name, company name, and logo. Ariel gives us an example:

Open-source licenses do not extend to trademarks

So, for example, if a third party redistributes a WordPress plugin using all of the project’s original branding (e.g., promoting it with the original name, logo, etc., of the company/project), this would likely infringe the original developer’s trademark rights. As noted, the open source license does not allow someone to use someone else’s branding in a commercial context. This is important because one of the main principles of trademark law is to protect the consumer from confusion as to where a product is coming from.”

And then adds the below

However, open-source licenses (including the GPLv2) do not generally extend to trademarks. Trademarks pertain to the manner in which a product (e.g., a plugin, theme, app, etc.) is branded – e.g., the name of the product (and/or the company from which it originates), its tagline/slogan, and/or its logo. Thus, while the source code of a project may be freely redistributable under an open source license, such a license does not grant others any rights with respect to the trademarks associated with the project (e.g., the product’s name, the company that developed it, etc.).

In non-lawyer words – the GPL doesn’t allow to use any of the plugin’s trademark like the product’s name, company name, and logo. Ariel gives us an example:

So, for example, if a third party redistributes a WordPress plugin using all of the project’s original branding (e.g., promoting it with the original name, logo, etc., of the company/project), this would likely infringe the original developer’s trademark rights. As noted, the open source license does not allow someone to use someone else’s branding in a commercial context. This is important because one of the main principles of trademark law is to protect the consumer from confusion as to where a product is coming from.”6

So, can you sell GPL plugins and link them to the original site with a disclaimer?

As such, we believe it would legally be wrong for shops like GPLClub, Sozot and WPPluginsCheap.com to continue operating as they sell you a pirated version of plugins that infringes on trademarks.

Rather, if a shop like GPLClub would like to continue operating, they should rename all their WooCommerce extensions to something else. Matt could even prevent them from using the word WooCommerce on their site if he wants to.

Conclusion

While pirated WordPress plugins and themes might seem to be a good idea, it has many issues that you need to consider. If possible, either use a free version on the WordPress repository, build one yourself, buy a multi-site license with some friends or save some money to purchase a new one yourself.

We do not claim to have the final answer to GPL, trademarks and copyright as different countries have different interpretation of intellectual property and how it works in their country. This further complicates things, rather than saying that the GPLv3 license allows anyone and everyone to just do whatever they like with the plugin.

We also think that with more time, more legal cases on GPL and trademark would come to surface and make it clearer.


  1. Disclaimer : This writing pertains the understanding of the writer and cannot constitute as legal advice. For legal advice, kindly refer to your local intellectual property lawyer as jurisdiction is different according to country, state and locality. If you are an intellectual property lawyer and would wish to add your points or correct my mistakes, please feel free to do so. 
  2.  https://blog.sucuri.net/2014/03/unmasking-free-premium-wordpress-plugins.html 
  3.  https://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html 
  4.  http://www.practicalecommerce.com/columns/the-view-from-england/83522-From-Magento-to-WooCommerce-part-4 
  5.  http://wptavern.com/gpl-ethics-right-wrong-winners-losers 
  6.  https://freemius.com/blog/selling-wordpress-plugins-gpl/ 

Related Posts