The internet is crammed full of high quality plugins and themes for CMSs. The problem is that they're often pretty expensive, so many users opt for cheaper or free 'too good to be true' alternatives, which claim to offer the same functionality. More often than not, these turn out to be pirated and ridden with malware.
It's not just new webmasters who are making this mistake, every day we see many examples of reputable WordPress and Joomla sites being damaged by 'nulled' software, which is a real nightmare to remove. Don't fall into the same trap; make sure you're aware of the risks of this software and how to spot it.
The Potential Risks:
Widespread Damage to Your Site:
Installing a pirated plugin is like opening up the backdoor to your site for hackers to enter, and could wipe out any SEO or professional reputation which you've spent months building up. Some of the most common examples of damage which we see include:
- totally deleted or defaced content
- popup or unwanted advertising
- unexpected 301 redirects to spam content
Not all hacks are immediately obvious, especially if you're not aware of the warning signs, so your site could be vulnerable long before you notice it. Recently we've also seen examples where malicious bugs will automatically create a new user upon gaining site access, allowing hackers to return even after the site is restored.
We do take daily backups of all sites on our network, but it takes us time to locate and totally eradicate any malicious threat, plus any changes that you've made since the last secure backup will be lost.
Long Term Website Security Vulnerabilities:
Constantly updating your add-ons may seem annoying, but it's a vital way of securing your systems against potential vulnerabilities. New vulnerabilities can be discovered in established software at any given time and the developers will often release an update to patch the vulnerability.
Avoiding Pirated Software:
Scrutinise The Software Authors:
All legitimate WordPress plugins/themes are available within the official directory, so if you find one through SERP but can't also find it in the directory then it's absolutely certain to be pirated. We'd always recommend beginning your initial search in the WordPress directory.
Both WordPress and Joomla display in depth details about every plugin and theme author, including their entire history. If you encounter an unknown author, or one with a patchy profile history then you've stumbled upon a classic example of malicious software.
Clear Out any Incompatible Software:
The more backdated a plugin/ theme compatibility, the greater risk the risk that it is either malicious, or contains an exploitable security flaw. By now all of your plugins/ themes should be compatible with WordPress 4.0, and you should be ready to update them as soon as WordPress 4.1 launches in a few weeks time.
Scrutinise Certificates and Documentation:
All the best software developers will have full documentation readily available on their official site, including licences, change logs and copyright, so if you can't find this or it doesn't look up to scratch then you should avoid these add-ons.
Another key giveaway of pirate software is when it requires you to purchase premium content from an 'official' site which doesn't operate a valid SSL certificate. SSLs aren't a legal requirement yet, but all reputable sites will offer a secure connection to paying customers, and not having one is a telltale sign of dubious motives.
We strongly discourage you from ever entering personal and financial information into sites that don't have a secure connection, as these are unprotected against any third parties attempting to intercept your information.
Make Some Changes to Your .htaccess File:
We recently offered some great tips on securing a WordPress site with some .htaccess file changes. Not all of these tips will protect you from malicious plugins, however we still recommend checking them out as a way of preventing general attacks.
It only takes a few moment to check all of the above, but it can take months to fully recover from a hack, so it pays to be sceptical when searching through plugins and themes. Pirate software sounds tempting, especially on a tight budget but it's almost always more damaging in the long run. If in doubt, don't download!