No one likes spending more money than necessary – it’s a human thing. Even one of the richest people in the world, Warren Buffet, still searches out discounts on the cars he buys (ok, maybe that’s an extreme example – you get the idea).
Because people are always on the lookout for ways to cut costs, some WordPress users are tempted to turn to nulled WordPress themes and plugins instead of paying for the official premium version.
In this post, we’re going to tell you why using nulled WordPress plugins and themes is a bad idea…even if it’s not necessarily breaking any laws.
What Are Considered Nulled Plugins and Themes?
There are various definitions around the web when it comes to the term nulled. As we define nulled it refers to premium WordPress plugins or themes that have been hacked or contain modified code designed to cause harm or collect information. These are obtained from a third-party website (not the original author or creator) and sometimes are made to work without a license key.
Nulled WordPress Plugins and Themes Aren’t Necessarily Illegal
Let’s start with the elephant in the room…
It’s unlikely that the FBI kicks down your door if you use nulled WordPress plugins or themes. That’s because, in contrast to the other content that people usually “pirate” (e.g. music, movies), nulled WordPress plugins and themes are often not breaking the law.
The reason here has to do with the GPL (General Public License). Without making this a lesson on copyright, you just need to know that part of what the GPL license allows for is that anyone can freely distribute GPL-licensed software (yes – even premium GPL-licensed software).
So if a nulled plugin site puts a piece of GPL-licensed software up for download, they’re not technically breaking the law because they have the right to freely distribute that GPL code.
The GPL is a big part of WordPress, and most (but not necessarily all) WordPress themes and plugins use GPL. This is, in part, because themes and plugins must be GPL-compliant in order to be listed in the WordPress.org directory.
While premium plugins aren’t required to have a GPL license, many also have a freemium version on the WordPress repository, which then does a require GPL license. Or they choose to have a GPL license. Many premium plugins such as WP Rocket and Gravity Forms are GPL-licensed.
There are other reasons, as well – like being able to use existing GPL-licensed code in plugins and themes. Typically, if you use existing GPL-licensed code in a product, you must release subsequent products under the GPL (this is the reason for the dustup between WordPress and Wix back in 2017).
The GPL is complicated and we’ve overly simplified some of the principles to condense the core ideas into a few paragraphs. But basically – most of the nulled WordPress plugins and themes that you see are probably not doing anything illegal. In fact, GPL is one reason why WordPress is great.
But that doesn’t mean you should go out and pack your site full of nulled extensions…
Four Reasons You Still Should NOT Use Nulled WordPress Extensions (Even If They’re Legal)
Just because nulled extensions are legal, that doesn’t mean it’s a good idea to use them at your WordPress site.
Here are four reasons why you still shouldn’t use nulled plugins or themes on your site.
- You Don’t Know What Else Is in the Code
- Developers Need Money To Continue Improving Their Products
- You Won’t Get Any Support From The Developer
- You Won’t Get Any Automatic Updates
1. You Don’t Know What Else Is in the Code
When you download an extension from a source other than the developer (or a trusted repository like WordPress.org), you don’t know what else is lurking in the code.
Malicious actors like to use nulled plugins or themes to insert their own nasty payloads, like injected links for SEO, or even more sinister actions.
When you use a nulled extension, you’re opening yourself up to this type of exploit because, unless you have the knowledge and time to dig through all the code, you have no idea what else is lurking for you in the nulled extension.
Beyond that, you might void any potential help from your host. For example, we offer a free hack-fix guarantee here at Kinsta, but this guarantee doesn’t apply if your WordPress site is hacked due to a backdoor in a nulled plugin or theme.
This isn’t a universal issue, as you can find legitimate GPL clubs that offer clean products (usually for a monthly fee). But even if you pay for a GPL club that offers downloads free from malicious code, there are still other important reasons why these extensions aren’t a good idea. And how are you to know which GPL club can be trusted?
That’s why we typically refer to plugins obtained from third-party websites as nulled. It’s much safer to assume that if you didn’t obtain it from the original author that it may have modified, unsafe code, or even a virus. You can use an online tool like VirusTotal to scan a plugin or theme’s files to see if it detects any types of malware.
2. Developers Need Money To Continue Improving Their Products
While most developers do indeed enjoy creating WordPress products, most of them also enjoy being able to eat and afford a roof over their head.
That is, WordPress developers need revenue in order to be able to justify the time that they spend maintaining and improving their products.
When you use a nulled extension, you’re depriving them of the revenue that they could use to further enhance their plugin.
Basically, you’re shooting yourself in the foot by being a freeloader!
Would the Elementor page builder team be able to keep pushing out new features, like theme building, if everyone were using a nulled version? Would the OceanWP theme have all those great add-ons if there were no money coming in?
No! Of course not.
If you’re going out of your way to find a nulled version of a plugin or theme, that probably means you think it’s a valuable addition to your website.
So even if you don’t think it’s worth paying the developer for all the hard work they’ve already put into building you that product, why are you depriving yourself of a chance to get an even better product in the future?
Basically, you should help developers put food on the table so that they can keep creating awesome stuff that makes your life easier.
3. You Won’t Get Any Support From The Developer
Nulled extensions can get you all the features of a premium plugin or theme, but they’ll never be able to get you all the benefits that a paying customer gets.
That’s because a big part of what you’re paying for with GPL-licensed software is support from the developer.
When you pay for a product, you get the option to reach out directly to the developer if you encounter any issues with the product.
On the other hand, with a nulled extension, you get zero support. Hit a snag? Hopefully Google helps! Because that’s pretty much your only option. If the plugin your using has a free version in the WordPress repository, you might be able to get a response there. But let’s be honest, it’s pretty much like playing the lottery. And that’s simply because developers simply can’t afford to work for free.
If you waste three hours fixing an issue that the developer could’ve fixed for you in five minutes, did you really “save money” in the end? Probably not (if you value your time).
4. You Won’t Get Any Automatic Updates
In order to enable automatic updates for a premium plugin or theme, you’re going to need a license key.
Without a valid license key, you’re going to have to manually update extensions every time there’s a new update.
There are two big problems with this:
First off, it’s just plain annoying and time-consuming. You go from having to simply click a button, to having to delete and re-upload a plugin every single time.
That’s not the biggest issue, though.
More importantly, you’ll no longer get that red update notification in your WordPress dashboard. That means you’ll have to find another way to keep track of when new updates come out.
What if the developer releases an urgent security fix, but you don’t get the memo until a few weeks later? Out-of-date extensions are a big attack vector for WordPress sites, so you’re leaving your site open to unnecessary risk if you’re not able to promptly apply new updates.
It’s true that some GPL clubs go and grab the latest versions and then they’ll release the update on their site. But who do you want to put your trust in? A GPL club with a thousand different plugins, or the developer of the plugin. Is that risk worth saving a few bucks?
Exceptions
We don’t see any good reasons to use nulled plugins or themes. However, if you’re really want to get nit-picky, here’s one scenario we’ve personally heard from users.
A lot of premium WordPress plugins don’t have free versions or trials, and their refund policies might only apply if the plugin didn’t work due to a technical reason. A lot of times plugin developers have to be strict with their refund policies to prevent abuse from those trying to get a free copy.
If you’re a WordPress developer, agency, or freelancer, there might be some instances where you simply need to see if a plugin will work for a client. It might not always make sense to buy the plugin if it ends up not being able to do what you need. Because then you’re out the money.
Testing a nulled plugin or theme locally or on a staging site (never on production) might be the route you decide to go down. We won’t be sharing where to get any of these on our site.
If you do this and discover that the plugin or theme does indeed deliver, then, by all means, chat with your client and purchase it to get a legitimate license key, support, and updates.
Don’t Use Nulled Extensions on Production Sites – It’s Not Worth It
On the surface, it might seem like a great deal to get a premium plugin or theme for free. But in our opinion, it’s just not worth it. Even if you find a source for legal, clean GPL plugins and themes, you’re still going to waste extra time because you:
- Have to configure and fix everything by yourself since you don’t get access to support.
- Will have to constantly check for new releases and manually update yourself.
Time is money, and nulled plugins and themes will take you more time to use.
Beyond that, you’re just plain depriving developers of the rewards for the hard work they’ve already put in, as well as money to keep improving their products going forward. Even if you have no problem with the ethical implications there, you’d lose out if everyone used nulled extensions because developers would have no incentive to improve.
So – when it comes to nulled installs – think twice before installing a theme or plugin. Especially if you’re building or working on other people’s WordPress sites. Don’t put your client in a bind later down the road. We’ve seen this happen way too many times.
If you’re really on a budget, consider one of the 55,000+ free plugins and thousands of free WordPress themes that are available at WordPress.org.
Any thoughts? We would love to hear from more WordPress users on this topic in the comments below.
Brian has a huge passion for WordPress, has been using it for over a decade, and even develops a couple of premium plugins. Brian enjoys blogging, movies, and hiking. Connect with Brian on Twitter.
Some developers use the “WordPress bubble” to become millionaires. Not all of them, of course. But some boast of having a “multimillion-dollar business” with two or three plugins. And many extension prices are totally abusive.
Now most plugins are aimed at agencies that don’t mind paying the amount they ask for to use them on unlimited sites. But for a small business or entrepreneur it’s insane. They have to pay a volume license in order to have access to all the pro options.
I understand that you have to pay for work, support and upgrades but many take advantage of the GPL in an unethical way.
Hey Jim,
You are definitely correct that GPL can and is sometimes taken advantage of by developers. But the great thing about WordPress is there is almost always an alternative out there.
But we completely agree, it’s a two-way street. However, we still need to support developers, especially those with high-quality plugins who don’t have that “multimillion-dollar business.”
Hmm this article is a bit misleading or simply incorrect.
Premium or paid WordPress plugins are not released with GPL licenses, most likely they include a detailed & proprietary license stating these details.
Only the plugins from WordPress directory are required to be released under GPL and there’s no need for nulled plugins that are already free in the directory.
This article only encourages people who already do this to continue without feeling bad about it..
Hey Alex,
That is why we said “but not necessarily all.” Many premium plugins are sold on their own website and also have a freemium version on the WordPress repository, which then requires GPL license.
This article encourages supporting developers to help grow the WordPress community. We frown upon nulled plugins and that’s why we don’t offer free hack fixes if it originated from a nulled plugin.
The author of this article really should define what they mean by Nulled Code.
I’d agree with Alex. This article is both misleading + incorrect, depending on various factors… including the author’s definition of Nulled Code.
I don’t mind paying for good plugins. But plugins that require $99 or more, or monthly subscriptions are a total deal breaker to be able to build a site for small business owners makes it really hard. Imagine that several plugins are needed and either have to pay monthly or yearly fees to keep the plugin working. I bought one plugin for a car rental website. A hefty plugin that runs the whole site and paid $55 for it and have the choice to pay for 12 months of extended support for $18.75. For me these are acceptable prices especially looking at the functionality of this plugin it’s even a bargain.
Anyway, for me a monthly subscription is a big no and plugins for $99 or more are to extreme.
I find it interesting when folks say that a $99 plugin (or more) makes it a deal breaker to build a small business site. I wonder how much it would cost you to hire a developer to build the same functionality, if that plugin didn’t exist? A lot more than $99 I’m sure.
One of the biggest mistakes I made as a starter plugin developer was to price myself too low, and it eventually killed my ability to actively support and improve my plugins and still feed my family.
Thats all good BUT the issue is YEARLY subscriptions or in some cases monthly subscriptions. How do I convince my clients that they need to pay a yearly subscription on top of other high costs?
Clients who are not willing to invest in their website shouldn’t run a business. Just ask them, would you provide free services? I bet they will say NO. Then why do they expect plugin developers to provide free plugins and support all year long? They all have to make a living and they need to charge a yearly subscription. And even $500 a year for plugins is damn cheap considering how much would it cost your clients to develop and maintain them on their own.
The only time I used a nulled plugin (because there was no free/trial version of it) was to see how it worked and how good it was.
I ended up having such a horrible experience. The plugin was infecting all my sites in MAMP, with some kind of malware and I had a hard time cleaning everything up. So I’m not doing nulled plugins ever again.
Hey Dominique!
That is a great example of how dangerous it can be to use nulled plugins. Appreciate you sharing that.
Here’s idea, using dismissable “subscribe to newsletter” slide-in windows cause not everyone wants your newsletter and blocking about 40% of bottom screen area on mobile permanently is worse than nulled plugins.
Feel free to click the X button to close it. You will never see it again. We would never force something like that on a reader.
Great article.
On my case, I have been forced to use them on dev environment so I can confirm that they are what Im looking for and to compare contenders as well. There’s a few relatively new subscription-type websites which claims that their files are “nulled-free code”, “100% original”, etc. I have confirmed this by comparing their code with the original version bought once I move to production.
How many plugins would you recommend to have and use? Like what is the optimal number or the maximum number? I find myself constantly want to use more and more without actually knowing how many is too many.
Hey Hafiey,
The number of plugins isn’t as important as the quality of the plugins and how well they are coded. Running 20-25 active plugins is fine.
The reason an install might slow down when you have too many plugins is that typically each plugin will load separate scripts (JS + CSS). The more you install, the more scripts and HTTP requests your site generates.
It is hard to believe that a small business owner can pay thousands of dollars in expenses but can’t afford $99 / year for a plugin that allows them to sell in the first place. That is completely bogus and dishonest. The fact is many people do not really belong to WordPress community. they are just looking for free. It is a place where they can get things for free ( as in beer). They could care less about code or community. It is there, so they will use it with no consideration to sustainability or anything else. Their motto is “everything should be free except whatever I am selling”. In fact, I think that is why the lower end of the market is disappearing in WordPress. There is a big disconnect between an idealist WordPress developers who wanted to make a living writing open source and freeloaders who think all the free plugins and themes come from magical elves who somehow manage to live for free and exist to provide them with whatever they need for free. And they leave negative reviews if they don’t get free support right away. They don’t bat an eye to charge for hundreds of dollars on their own site for crap, but $99 for what allows them to sell in the first place is a no no. They don’t contribute to open source with time or money and they complain the minute they have to contribute in any way.
“Some developers use the “WordPress bubble” to become millionaires. Not all of them, of course. But some boast of having a “multimillion-dollar business” with two or three plugins. And many extension prices are totally abusive.”
I promise this poster would not be complaining about any of the closed source software or even other opensource providers making millions. But the community that has given him so much for free is suspect and does not deserve the same respect. I am not advocating that plugin developers should make millions. But I am pointing out that he does not think “WordPress developers” should be making millions. They don’t deserve it. They are really not professionals. Other software providers and platforms are acceptable. He will use WordPress developers but WP developers should be free or at the very least very cheap. After all, they are not really professionals.
Re “premium plugins aren’t required to have a GPL license”:
WordPress strongly (their word) disagrees with you. From the WP License page:
“…we feel strongly that plugins and themes are derivative work and thus inherit the GPL license.”
https://wordpress.org/about/license/
Yes, that is if they are listed in the repo. There is nothing to keep a premium seller from selling their plugin or theme as non-GPL, although most do anyway.
That’s all very interesting. Having been a developer, I’m willing to support those who offer good value at reasonable prices. But that is sometimes hard to judge as a customer. Keep in mind that there are some WordPress sites out there that are not running
businesses, and thus are keenly aware of annual expenses required to keep sites running. The hope is that essential plugins can be had without incurring
exhorbitant costs.
I know this is an older blog, but I don’t know how many times I have told clients and friends to buy premium plugins and themes, the costs are minimal over the course of a year.
I only every buy premium, from developers who have been around for a long time. WHY? Because they will be there when I need them for updates.
I also get tired of clients saying “I bought this great hosting for $1 a month” bargain, and they don’t want to pay $45 a year for a theme, and they only want free plugin (with heaps of features). AND then they complain their site is slow, down, or hacked.
I give these clients a choice, find another person to help them or step up and invest in your business.
This was a very interesting read, thank you.
2 years later and now that ALL developers have gone down the yearly license subscription and being greedy about it I have no hesitation in installing nulled plugins.
$150 a year for a plugin is just greed. Maybe becuase i was brought up on the whole shareware concept and paying $30 max but its just [pathetic the prices they are charging. And when you start to add up ALL the plugins you end up spending well over $500 even $1000 on simple plugins that should be no more than $20 max.
So yeah no pity [arty from me, developers trying to make bank CAGF.
I newly subscribed to one of these sites providing nulled plugins and two of my clients’ sites got hacked and Google was showing a red/warning page that these sites are dangerous. Google detected malicious codes mostly from nulled plugins I installed like Elementor Pro, Envira Gallery, .etc.
Very sad experience, but I guess these nulled plugins are just useful for testing in a local/staging environment before buying the real ones, but NEVER use it in a production site.
1 – Security:
The most widespread hacks in recent times that I’ve seen have been either from…
A) Premium or Free (i.e. in the WP repo) plugins
– Elementor UA
– WP File Manager
– Divi, for goodness sake
…etc.
(Go read the Wordfence blog over the last 12 months, plenty of well known themes and plugins downloaded from the original developers have been found to be exploited).
B) Paid plugins with obfuscated code
(e.g. Digital Access Pass – their core plugin is not GPL (only their livelinks plugin) and despite obfuscated code they were (and still are) getting hacked by Chinese hackers non-stop. Can’t count how many hacks we’ve repaired and sites we’ve migrated away from DAP).
Conversely, in the 14 months or so since I’ve been (extensively) using GPLVault plugins on my sites, there hasn’t been a single security issue. And we’re monitoring the fudge out of every single site with WordFence. The *only* hack we had recently was thanks to WP File Manager. And I’ll be the first to admit that I should have known better than to install such a fundamentally insecure plugin on my properties.
2 – Ethical concerns
I don’t expect everybody to share my philosophy but as an agency owner AND a plugin vendor, my ethos is to worry about our paying customers, and not worry about anybody else.
WordPress is fundamentally open source and most plugins and themes are released under GPL. That’s the spirit of WordPress and in more practical terms, that’s just the sandbox we’re playing in.
So rather than scream into the void and worry about all of the evil people ripping me off because they’re getting my plugins from a GPL club, or a friend, or a forum, or whatever—I find it’s a better use of energy to focus instead on making a killer product, marketing it well, making partnerships, and otherwise catering to the people who pay us and do so gladly.
I think a good example to illustrate this approach is the guys from WP Forms. They entered a super crowded market (GravityForms, Ninja Forms, 3rd party forms like Formidable!) and absolutely smashed it in a year’s time through smart partnerships, great content marketing and SEO.
Ever heard them worrying about GPL clubs (where, incidentally, ALL of the plugins owned by the parent company can be found, extensions and all)? Me neither. They’re too busy crushing it.
Otherwise if it’s such a concern, there’s always the option to make a WP plugin into a SaaS model (like HelloBar). And in some cases that’s a really great approach!
3 – Pricing concerns
On the one hand, plugin vendors wonder how small business can make a fuss about a $99/year plugin. But they tend to neglect the fact that even a modest WordPress site can easily require require a dozen or more plugins / themes / services to make a proper stack, which totals thousands of dollars per year in renewal / support fees.
On the other hand, small business owners often have no idea what goes into making a quality plugin and think it should cost “x”.
Like I said, I both make / sell plugins AND use them. And the practical reality is this:
– GPL Clubs ain’t going nowhere (they’re actually competing with each other and getting better, more secure, more varied, better support, etc.)
– Plugin vendors cannot and will not stop the proliferation of GPL clubs
– People WILL download your stuff without paying for it and you can’t do jack about it
– Some people WILL pay you and will gladly and willingly do so
So my conclusion as a plugin vendor is that I’m to solely focus on our paying customers, full stop.
And for plugin users, the reality is you have total control over which plugins / themes you want to pay for. And many people will go the GPL route simply because it’s much more financially feasible, especially in startup phases.
I think where the industry is going is this:
At the end of the day, the market is going to reward those vendors who build relationships with their audience in such a way that people WANT to pay them. That they go out of their WAY to pay them. That despite having access to their entire oeuvre on a GPL club they STILL pay them.
It’s not enough to just code great apps nowadays, you have to communicate with your market in such a way that they want to pay you because you educate them, you have a relationship with them, they trust you, they want to see you succeed, etc.
This is frankly a more powerful motivator than the dogmatic—and in this case, dubious—ethical grounds on which far too many devs who are the center of their own universes get up on their high horses about.
I used nulled plugin when I was a student, but the first site revenue use to buy plugin. I think nulled isn’t necessarily all bad, for great plugins people will always pay in the future.
I would agree with you but NO!
For several days i am trying to buy one WP theme from Envato Market.
11 of my accounts locked, and several of my friends and relatives.
Its automatically locking after pressing “purchase” button.
Tech support f==d up, and absolutely doesnt care about customers. Tried to find and ask developer – unsucsess.
In legal store it costs only 50$ , i spent already 2 days and ready to pay 500$ for this theme and who will broke hands of developer who created stupid envato service.
So now, the only way – to download theme from pirate place, i am ready to pay pirates even more, if they could hack website and get this theme,,