Every WordPress website comes to the phase when you have to select and install a theme and plugins. There’s a huge amount of choices for both, and you might not know it, but some themes and plugins can turn out to be more harmful than helpful.
With that in mind, let’s take a look at what nulled WordPress themes and plugins actually are, who is distributing them and why, and in what ways can they make your life more difficult.
What Are Nulled Themes and Plugins?
In this context, “nulled” refers to premium themes and plugins which have been stripped of any kind of authorship information and protection. This means that when you use a theme or plugin of this type, the original publisher is not notified that you are using it, and has absolutely nothing to do with the maintenance of the software in question.
The basic principle is practically the same as what we’ve had for a while with the removal of technological restrictions that limit the control of users over digital media known as Digital Restrictions Management (DRM) or cracking with video games; rooting or jail breaking with phones, etc. all with the intention of disassociating the particular software or device from the publisher charging for its use.
In the early days of this kind of piracy, cracked games, for instance, were often used to distribute different viruses. The fact that in the meantime, several relatively reliable cracking communities have emerged is still no guarantee that the cracks you download are safe and malware-free.
Likewise, the world of pirated WordPress themes and plugins doesn’t seem to provide any kind of assurance of security to its users.
Who Is Making Them and Why?
First of all, it might seem that there are some people who are simply doing this out of the kindness of their heart or to make the world a better place. They’ve found an interesting theme, didn’t particularly feel like paying for it, decided to null it, and then instead of keeping it for themselves, shared it with the community.
While the publisher naturally finds this somewhat objectionable, you, as an end user may think that you shouldn’t fault the hacker in any way and just go for it. However, you ought to keep in mind that hackers always do it out of their own selfish motives and not because of some odd humanitarian reasons.
Normally, people who do this, have a far less selfless motivation for sharing. You see, themes and plugins provide them with a great way to deliver malicious code to your site and that way earn the money they claim they’re not asking for.
While we won’t mention any particular sites, there are those which have worked out ways to earn money as legitimately as possible in this context, by serving ads to people interested in downloading something, or by charging a subscription fee.
These sites will do anything in their power to protect their reputation by detecting infected software and removing it from their offer, but even if you find a site you can trust, you should stay away from it, and here’s why.
Why Are Nulled WordPress Themes and PluginsHarmful?
In a fair market, and when not talking about art, luxury items and similar commodities, the price is often a mark of quality, as we know from the set of economic laws that drive our society, especially the law of supply and demand.
While everyone would love it if they could charge what they want for their product, they know that they can only stretch the price until it roughly fits with the public’s perception of the actual worth of that product, or until they are in the same general area as their competitors. Hoping that you will trick the system that has been around since the dawn of humanity can end up very badly for you.
They Might Not Work Properly
A WordPress theme is more than a splash of color. Plugins are more than just an added bit of functionality. Neither of them affects just a single isolated part of your website, and as such, there is no room for errors in their coding.
You don’t know who has been nulling the software you are offered, don’t know their intentions, or level of expertise. Even without any malicious intent on the hacker’s part, their inexperience, or inattention may have led to an error that can make your site inoperable.
Some problems caused by faulty, non-malicious themes and plugins can indeed sometimes be fixed by uninstalling and replacing them with more reliable equivalents. But the damage could very well be already done by then.
You might be selling something on your website, like an eCommerce store. You might have a large audience, or stake your reputation on it in any way, like a news website. In all cases, even a day or two of having your site down could hurt your business, much more than you would have had to initially pay for the theme or plugin.
They Might Hijack Your Website
One of the worst and most blatant uses of malicious code in nulled software is site hijacking, and it is by no means infrequent. It can be done in a number of ways, like hooking different functions to the “wp_head” action, so that they are executed every time a page is loaded; but this kind of intrusion always results in the same outcome, the hacker getting admin access to your website and locking you out.
Depending on the data you are handling, and the type of site you are running, the damage can be immense. While you still may try turning to reputable cybersecurity companies for help, chances are that before they manage to do anything, hijackers would have already obtained all they needed. If this includes payment or financial data, you might be in for quite a ride.
They Might Just Piggy-Back on It
Instead of simply taking over completely, some hackers have a more parasitic approach. Instead of destroying the host, they latch on and slowly suck the life out of it. Some of them like changing your affiliate links into ones controlled by them, and sending any profits their way.
Others prefer using your site to serve ads to your visitors. These ads won’t run when you open a page, and won’t be detectable from your dashboard, but you can be sure that your visitors will be seeing them. Apart from distancing you from your audience, these ads may even get you into trouble with your advertisers, costing you additionally.
While these hackers would love it if your site remained fully functional for as long as possible, their changes cannot but reflect badly on you, and if they are not detected fast enough, destroy your site in the end.
They Might Ruin Your SEO
Needless to say, any of the issues listed so far could hurt your rankings. If the theme is not working properly, your page loading speed might drop, other functionalities may be compromised, and you can be sure you would be losing some traffic. Having your site infiltrated, whether you lose control over it or not, would do the same, if not worse.
And even when it comes to some types of intrusions that may seem almost harmless, there’s still a lot to worry about. We’re talking about serious search engine optimization issues here. Namely, some hackers prefer a subtler approach than those listed above.
Instead of completely taking over, or bothering your customers with pop-ups, they simply implant backlinks to the sites they want to promote into your website. This way they are not visible as far as your visitors are concerned, but can be easily detected by search engines.
You could have a link to a spammy site on every single one of your pages, without even knowing it. Get enough of those, and Google will start treating you as a spammer and remove you from their results pages before you know it.
Support and Updates
WordPress is available under GPL license, meaning that its code is open-source, available to be used by anyone. As associated software, themes, and plugins don’t necessarily have to be under the same license, but most of them are.
In other words, their code can be used by anyone, even for commercial purposes (which still doesn’t make nulled themes and plugins any less legally questionable). So why then, do publishers believe they can charge for their software?
Because, apart from the free code, you are also getting continuous support and access to updates. A nulled theme or plugin cannot be updated from your dashboard, you would have to find a newer version of it online and install it, each time risking coming across one infected with malware.
On the other hand, never updating your themes and plugins leaves you open to vulnerabilities that were discovered and patched in new versions of the software in question. So, it comes down to staying unprotected, or wandering straight into a malware minefield in search of protection. Neither is ideal.
The same goes for support. Even if a theme seems to work flawlessly, never conflicts with anything, and never has to be modified once installed, it still doesn’t mean it’s secure. And most of them are not this accommodating.
If you’ve ever had a more serious problem with a theme or plugin, imagine what it would have been like if you had to take care of it on your own without help or documentation from the publisher. Well, that is the experience you get with nulled software, just because you didn’t want to pay a couple of bucks for a reliable theme or plugin.
“There’s no such thing as a free lunch.” Nulled themes can cost you control over your website; impair its basic functionalities; get you on bad terms with search engines and visitors, and generally, ruin your site.
However, there are those who claim that there’s one potentially acceptable way to use this kind of software, and that is testing. Namely, you could find a theme or plugin that you think might be perfect for you, but you don’t want to pay for it before you are sure.
Here nulled software may seem like the right choice, but don’t fall for it. Even if you are not testing it on your main website, but on a separate, isolated domain that you can afford to have compromised, you shouldn’t get involved in that sort of adventure. Stick to the safest bet, go for the real thing and don’t risk using pirated software.
Natasha is a web designer, lady of a keyboard and one hell of a tech geek. Natasha is always happy to collaborate with awesome blogs and share her knowledge about IT, digital marketing and technology trends. To see what she is up to next, check out her Twitter Dashboard.