Nulled WordPress themes and plugins have been a controversial topic ever since WordPress userbase grew. Personally, I think the demand for nulled themes or plugins have decreased in the last few years(Google Trends agrees), however, it is still a matter that pops up every now and then. Are nulled themes safe to use? Is it legal?
In addition to the expense, lack of good free-to-use themes was one of the main reasons why nulled themes were so popular. Page builders and themes like Elementor, Divi, GeneratePress and more have pretty much resolved this setback. The freemium pricing models of page builders like Elementor lets a WordPress user create amazing websites without spending any money. The same goes for Plugins, with all the limited free versions and free alternatives available on the WordPress.org repository, is using a nulled plugin worth the risk?
Table of Contents
What are Nulled WordPress Themes and Plugins?
In short, Nulled Themes and Plugins are pirated versions of premium WordPress themes and plugins. They are mostly distributed on Torrent download sites or other free(oh! all those ads and pop-ups!) download sites.
Unfortunately, the wording is quite important here, the word ‘nulled’ in our context refers to hacked or manipulated copies of PRO or Premium WordPress themes and plugins that could potentially contain malicious scripts that will attack a site or collect data from a website. A nulled copy can also mean a theme or plugin that have been modified to unlock all of its features without registering a purchase key.
Are Nulled WordPress Themes and Plugins illegal?
It’s a grey area.
WordPress software is licensed as GPLv2(or later) from the Free Software Foundation. Plugins and themes which are considered as derivative works inherit the GPL(General Public License) license, especially the ones that are on the WordPress.org plugin repository. Unfortunately, I don’t think this includes ‘all premium‘ plugins and themes.
There is some legal grey area regarding what is considered a derivative work, but we feel strongly that plugins and themes are derivative work and thus inherit the GPL licence.
WordPress.org – About – License
Most of the time(emphasize on Most), even a premium theme or plugin is licensed as GPL. This gives you all rights granted under the GPL however, services or otherwise called support offered the theme or plugin developer is not included. That being said, the primary concern we have here is how a compromised theme or plugin can negatively affect your WordPress website or the infrastructure your site is hosted at.
6 Reasons you should avoid using Nulled WordPress Themes and Plugins
That grey area does shouldn’t encourage anyone to use a nulled theme or plugin. Here are six reasons why we think it’s a bad idea to use a hacked theme or plugin.
- Malicious script – it might be a malware.
- Privacy Concerns – is your data secure?
- Staying outdated – you don’t get future updates.
- Black hat SEO = Penalized by Search Engines
- No support – you are on your own.
- The morality – you are discouraging developers.
Malicious script – it might have malware ☠️
Hacked copies of themes and plugins can be awfully dangerous. Unless you are a proficient PHP developer, there’s no way for you to know what’s inside those files. Unlike WordPress plugin repository or marketplaces like Envato, nulled theme or plugin distributors does not check for best practices on security and privacy.
These modified themes or plugin could contain malicious code that can provide backdoor access to your website or even worse your hosting server. The after-effects of these codes can vary from simply taking down a website to getting de-indexed or blocked from search engine results.
The CryptoPHP infection that sent out spam emails from Siteground email servers and the WP-VCD attacks are great examples of how exploited extensions can affect not just a site but also the hosting infrastructure.
Privacy Concerns – is your data secure? 📑
Data theft is the next and probably one of the worst-case scenario. If you are running an online store or a website that collects personal information, then a backdoored plugin or theme could result in data theft. Your site will be a gold mine for a hacker.
Since these type of damages are not easily detected, it might be too late by the time you realize it. Depending on where you live, this could result in serious legal consequences for the site owner.
Suggested Reading:
What is GDPR?
Staying outdated – you don’t get future updates.
A key benefit of purchasing an extension from its developer is easily available future updates. These updates can include security patches, bug fixes, enhancements and new additions. Without easy access to future releases, you will be missing out on all of those changes at the same time making your website more vulnerable by not patching security vulnerabilities.
Version conflicts is another downside when you lack future updates to a theme or plugin. Sometimes a certain version of a plugin might not work with a certain version of another plugin, theme or WordPress core itself. In such an occasion you will find yourself stuck if the nulled theme/plugin provider hasn’t released the latest version of that plugin.
Black hat SEO = Penalized by Search Engines
With the backdoor access established, a hacker might use your site for black hat search engine optimization. The Pharma Hack is a great example of such an attack. This spam hack injects spam keywords and links into pages and posts and thus creating a redirect to their website. Simply put, they steal your site’s search engine credibility which results in Google removing your website content from its search results.
Black hat SEO will contribute to getting penalized or worse, banned from Search Engines. Not to mention the poor experience your site visitors would have.
No support 🦸♂️ – you are on your own
The pirated copy might get you the feature or appearance that you wanted for your website, however, documentation and support from the developers might be required for you to configure a plugin/theme. Support from the developer for premium extensions is often denied if you cannot verify your purchase.
Some amazing developers even provide custom solutions to solve your unique problems. The amazing support(I mean, just wow!) from the GeneratePress team is the perfect example. Googling could solve the issues but not as fast or professional as the developer who wrote that plugin or theme. Time is money! ⌛🤑
The morality – you are discouraging developers 👨💻
Would you offer your services or products for free? Creating these themes and plugins takes skill, hard work, time and money. That needs to be appreciated and compensated. Developers and agencies are just like any other person or business, they also need money to survive in this competitive world.
If you keep using nulled WordPress addons, not only you are hurting your blog or business but also depriving WordPress developers the income and motivation they deserve.
If you really can’t afford a premium plugin/theme, why not look for a free alternative from the WordPress.org repository? Deals and discounts are also an option, some providers give out discounts on occasions like Black Friday, Cyber Monday or the Canadian equivalent, Boxing Day. Student and non-profit discounts are quite common as well.
Concluding Thoughts: Should you ever use a nulled theme or plugin?
Trying to save some dough with pirated copies could result in huge damages. Having said that, because of the grey area in licensing, using nulled plugins or themes on development or test environments for evaluation might save you some bucks. Keep in mind, many premium plugins providers have demo sites or money-back guarantees. That’s definitely a better way to test than using a backdoored copy. Using a nulled theme or plugin on a production environment is a bad idea.
With the thousands of free & freemium plugins and themes, tutorials, courses and of course, the always happy-to-help WordPress community, using a nulled extension cannot be justified.