What Are WordPress Nulled Plugins?

by | Mar 2, 2020 | Security

There are some people out there who want the best of both, a premium plugin for free, but this can be disastrous.

Themes and plugins are basic building blocks of WordPress. Themes control the look and feel of your site, while plugins add functionality.  They can be either Free or Premium (Paid). There are some great free options out there but you must ensure that the product gets continuous updates and ideally customer support (for when things don’t work as they should). From my own experience, nine times out of ten, a plugin conflict is usually what causes errors or brings a site down. We use premium plugins for key site features like online payments, appointment booking etc. Basically, anything that is handling sensitive data. There are some people out there who want the best of both, a premium plugin for free, but this can be disastrous. These are known as nulled (or hacked) plugins.

Nulled plugins and themes are basically theft. But worse, they can open a back door into your website (and customer data).

Nulled plugins have been altered to remove the need for a licence key. Nulled plugins & themes are basically theft. But worse still, they can open a back door into your website (and customer data). They may provide a cost saving but it is a negative sum gain for numerous reasons:

  1. Your site is now hosting hacked code. It is very common for hackers to use nulled plugins as a means to create a back door to your site. They could create admin accounts, alter your payment provider details, steal customer data etc.
  2. You are stealing. Piracy is a crime. Developers have put their time and resources into creating a product and a business. Nulled plugins take revenue away from that, and damage the trust in their brand/products.
  3. No access to updates or support. You can’t really steal someone’s wallet then go up to them and ask for more money. If something goes wrong with your site, you will have no one to turn to. There are a lot of moving parts in WordPress so if a hacked plugin takes down payments for a busy eCommerce store, you really will pay the price.

I have worked with alleged web developers who handed over sites to me containing nulled plugins. Luckily we were able to remove and replace them pretty quickly without issue. But for a period, the website was vulnerable. You should look through your plugin list to see if there are any suspicious plugins there. A warning sign is a plugin that hasn’t been updated in a long time (because you can’t update nulled plugins). Beyond that, you need a malware scanner or be able to look through the code for malicious input. Also, check to see if there are any unfamiliar admin accounts.

I have worked with alleged web developers who handed over sites to me containing nulled plugins.

If you want to see a live example of a hacked WordPress site, check out the blog for Cross Pens. You can see spam links inserted into the article. (Although please note that I am not accusing them of using a nulled plugin, I am just highlighting potential consequences).

So in summary, I can’t emphasise enough that you should run a mile from nulled plugins. You are taking a huge risk and the ransom you may have to pay could be significant in terms of cost, downtime and damage to your reputation.

 

Not sure where to start? Why not download our guide “Five Essentials for Keeping Your Website Safe” from our Care Plan page.

SERVICES

LOCATION

Malahide, Co. Dublin.
CRO No. 625007

01 699 1750

CONTACT US