[ad_1]
Is this now considered ethical? Risky? Acceptable? Usual practice? Or something else entirely?
I have recently taken over a project where the previous developer used GPLvault for all plugins on the site – approximately 35 plugins in total, including the GPLvault updater plugin itself. The initial website build cost was in excess of $12,000 for a basic e-commerce site.
How common is this practice? Is using nulled plugins like this widely accepted by clients? Do WordPress developers generally consider this to be an acceptable approach these days?
I’m keen to hear people’s thoughts and opinions on this.
EDIT: for clarification, I would never used nulled plugins for various reasons, and found this a big surprise given the initial project budget.
[ad_2]
I’ve been using Vault for years. Zero issues.
Now considered unethical? Not just unethical, IMHO, but down right dangerous.
It might be more common than I think it is. People are shady. lol
That would be the dumbest decision ever, in my opinion. GPL/nulled plugins are a great way of having a much higher chance of malware infecting your site.
If you don’t give a shit about security, your clients or supporting the actual developers of plugins, then sure go right ahead.
With regards to the site you’ve taken over, I find it bizarre that the client would have paid in excess of $12k but didn’t want to shell out for official plugins. I’d bet money on the developer not even informing the client of this. I’d recommend informing the client of this and providing them with a breakdown of what the costs would be to switch to using the official plugins (as well as the benefits of using them). I certainly wouldn’t want to be putting my business at risk for the sake of a few hundred dollars extra per year.
Security risk, UNLESS you have someone fully dedicated to reading and understanding the code of each and every plugin you use to make sure there’s no code obfuscation or plain malware inside.
“Dev” that need 35+ plugins to complete a single site ?
Never do this for an ecommerce website. They slip in credit card skimmers and you will be held liable.
You can read about this in Securi’s website.
Damn that’s nasty. Developer in cahoots with a gang of cybercreeps looking to pwn sites for fun and profit? Deliberately building in a software supply chain component that everybody knows is corruptible?
This raises a serious question for those of us who offer working sites. Are our customers net-safety literate enough to be safe? We need to work together, because lots of things, including the reputation of our line of business.
(We could just make our businesses’ motto “Loren inpsum caveat emptor — Let the buyer beware”. But I, for one, don’t want to work that way, or have to compete against people who do.)
A code of ethics to subscribe to that says among other things.
“I’ll never knowingly install potential malware, or use a supply chain that does that, on a customer’s site. I’ll promptly notify a customer upon detecting malware. I’ll never lie to a customer about malware, threats, or vulnerabilities.”.
Customers need to know how dangerous to their business it is to hire people who DON’T work that way.
Personally, I would abandon that project.
I understand that people don’t want to pay for stuff, especially 500 separate annual license fees. But I would never do this to a client.
First off, you tell the client what the license is going to cost, and they either pay it or they can’t have that functionality. That’s how software works for businesses. I’ve never had a client balk at that concept; you just need to be up front with them.
Secondly, this creates so many security holes. I could go on, but I hope that “someone purchased this plugin, maliciously modified the code, and then sold it again. I hope they only modified it in that one way!” is self-explanatory. Also, no updates or vendor support.
Also, this is stealing from the vendors, most of which are small dev shops. Don’t do that. If you like their work, support them.
Also (also), who spends $12,000 on a site but can’t spend a couple hundred bucks a year for the software for it?