Mike Jolley

Using freely obtained premium eCommerce plugins & themes – are they worth the risk?

Premium Themes and plugins; if you sell them you’ll know that eventually most of them end up on file sharing sites which, in terms of the GPL, is perfectly legal but should you use them?

I was prompted to write this post after dealing with a shop owner whom had installed several plugins and a theme all downloaded from a dodgy file sharing site in this manner.

Seeing what’s out there

I chose a random WooCommerce theme (Superstore) and went to grab it from a site called “Mafia Share“. Aside from being bombarded with some untasteful ads, scams and dodgy software downloaders during my visit, the theme I downloaded was not clean, nor up to date.

Modified source code

This particular theme had a few modifications, mainly adding links, but also changing the copyright notices (GPL Violation). The header and footer were both tweaked to include crap like:

2013-12-05 at 17.00

Version 1.0

The version of Superstore I was presented with was version 1.0 from March this year. A 9 month old theme is not going to be compatible with WC 2.0, and its not like you can update these themes automatically after installing them. Old themes can be vulnerable from attack if un-patched, as can any plugin dependencies if you are forced to run old versions due to the theme.

trap

You don’t know what you are downloading

The theme I downloaded was relatively harmless, albeit useless, but you cannot be certain that this is always the case – especially if you don’t know PHP. Malicious code could be snuck in, and you won’t know unless you look through all the files with a fine tooth comb.

Who’s going to support you?

If you download something from a sharing site, you have no support – the author won’t help you (its not their place to) and its unlikely there is a community behind it to help you either.

Same for updates – you’ll have no access. If a security issue is patched, or a dependency is updated and no longer compatible you are not only screwed, but vulnerable.

You are putting customers at risk

If you are using plugins obtained in this manner, you are putting un-aware customers at risk of fraud. If there is something malicious in that theme or plugin which steals data, during checkout for example, its dangerous and you are ultimately responsible.

Even non-intentional issues can affect you. Example: There was a theme on Themeforest a while back which mistakenly saved all POST data during checkout as plain text to a post. Accidental yes, but a huge security risk. Now, if this theme is still out there on some sharing site…well its scary to think some idiot could be using it.

Don’t be irresponsible

The risk is too great unless you are 100% certain the files are safe and unmodified, which is unlikely. Particularly with eCommerce, you risk breeching customer trust, data and your livelihood, all of which will cost you more in the long run than a licence ever would.

Don’t risk it.

Posted

in

by

Mike Jolley

Tags:

Comments

3 responses to “Using freely obtained premium eCommerce plugins & themes – are they worth the risk?”

  1. e01 avatar
    e01

    True, true.
    But you miss the only benefit from getting such themes and plugins. In some cases payed plugins and themes are not 100% described, so you can’t be sure if this piece of work can fit your needs.
    So in this way you can check the functionality and if it fit the requirements you can purchase it 🙂

    Reply
    1. mikejolley avatar
      mikejolley

      Don’t install them on your production site if you do that 🙂

      Reply
    2. Ryan Ray avatar
      Ryan Ray

      Somewhat true perhaps, but with the issues mentioned it doesn’t make sense to risk the malware to just test them out. Maybe costing you more in the long run to shore up your install again after malicious code has done its deeds.

      Plus the product you “pirate”, as seen above, will most likely be far out of date. Which if not full of malware gives you a very sub par experience, and could lead you to not even purchasing it.

      Say you did download Superstore to test it out with WooCommerce, well the version you downloaded freely won’t even work with the latest version of WooCommerce. Leading you to say, “Oh, this theme (or WooCommerce) is crap.”

      In the case with our products from WooThemes, it makes more sense to know we have a 30 day money back guarantee (as most should). Buy the product from the source, you get access to resources and support to help you test the theme per say. If you end up not liking it, ask for a refund.

      Just my two cents. 😉

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.