If it seems too good to be true, it probably is.
Let’s say you’re researching and you found a great plugin fit for what you’re trying to accomplish on your site. It’s not free, though, and a $100-$200/year recurring expense isn’t really something that sounds appealing. In looking around Google, you happen to stumble on a site claiming to offer a free download of the premium plugin! Jackpot! It sounds like an awesome deal, right? Wrong.
What are nulled plugins?
Nulled plugins are these free (or dramatically lower-priced) versions of premium plugins you get from third-party websites that are not the plugin author’s. The people who distribute through these sites cite the GPL license as reasoning as to why they can freely distribute the code. Technically these sites are not breaking any laws if they distribute GPL-licensed code nor are you if you use one. However, by doing so, you're putting your website at risk. You have to think — what are these people getting out of it?
An open invitation for hacking
Your WordPress site is susceptible to any weaknesses in the code of any plugin used on your site. There are plenty of news stories about plugins with zero-day exploits or security holes that end up being taken advantage of by hackers. Any plugin you choose to put on your WordPress site is a potential risk.
By using a nulled premium plugin, you’re giving an open invitation to hack your website. You have no idea what contents have been modified within the plugin. It’s not uncommon for malware to be present in nulled theme files or for backdoors to be present, allowing ongoing code modifications. Not to mention, using nulled plugins and/or themes actually negates coverage for hacking fixes on some managed WordPress hosts, like Kinsta.
So on this note alone, let’s run the numbers. Let’s say you chose to use a nulled version of a plugin for free vs. paying $100 to license it directly from the plugin author. Your site gets hacked. Your “free” plugin has now cost you: (a) the money lost from any sales missed while your site was down or inoperable (b) money lost from any sales if your SEO is negatively affected by malware or spammy links (c) hacking cleanup costs, which will most likely cost you at least the plugin price you were avoiding alone and (d) the value of your time in dealing with the ordeal. Plus, in the end, you still don’t have a functional plugin and thus, a broken website.
This “great deal” can quickly escalate into a full-fledged nightmare.
A painful, if even existent, update process
For premium plugins, receiving plugin updates is frequently tied to a license key. Active license keys easily receive updates and can update via the WordPress dashboard like any other plugin. With a nulled plugin, you don’t have that license key. That means if wherever you obtained the nulled plugin from does happen to put an updated version out, it will be a manual update process for you to work with it.
Keeping any plugin updated on your WordPress site is important. Plugin updates can contain security hardening and bug fixes, in addition to improved and new features. If a premium plugin releases an urgent release to address a security issue, you have no way of immediately getting that update so this further makes you susceptible to hacking from your already extremely elevated risk level detailed earlier in this post.
Need help when using a nulled plugin? Good luck out there.
You’re not running a licensed version of the plugin so if you need help, the support department of said plugin is going to be of no service to you. You are not their customer.
A big factor of licensing fees for premium plugins is support and what it takes to be able to offer responsive support to a paying customer base. You can get answers directly from the team behind the plugin and that can be invaluable.
If you’re not able to access that resource and you have trouble, you’re left spending time trying to Google your problem away or paying a developer to address the issue. Regardless of whether it’s the former and you value your time or the latter and you’re paying a skilled developer for theirs, you’ll likely be spending far more than any licensing fee.
Nulled plugins deprive everyone of a plugin’s potential awesomeness
When you purchase a license from a plugin developer, you’re contributing to the funds that keep a plugin growing and improving.
When you use a nulled plugin, you’re making a choice to not contribute. If everyone followed in those footsteps, premium plugins would lose revenue streams and thus stop having the resources to continue building on their feature sets or offering a high level of support to their users. No one wins.
Official license or bust
In summary, please think twice before reaching for a nulled premium plugin for your production site. What seems like a great deal initially will likely ultimately cause you much more money (and pain!) in the end. Tell developers thanks for their hard work and the tool you’re leveraging for your own site by buying a license directly from them and only going that route.
