[ad_1]
I’m curious about the real-world experiences with cracked WordPress plugins that secretly inject malware. Has anyone here personally dealt with this nightmare? Or do you know someone who got seriously screwed over by these sneaky plugins? Btw someone gave a pro tip of “read the whole code yourself and make sure that theres no malicious stuff in it” Couldnt you just feed the whole code into chatgpt and make him read for u?
Let’s hear your stories! 🔥
[ad_2]
Years ago I had a plugin from the repository that after several years of downloads and fabulous reviews was apparently sold to bad actors who injected bad code into it. That was fun.
Yep! I’ve known thousands in my career. It’s made me an absolute fuck load of money.
I think people who used “cracked” plugins are scum who deserve to have their sites fully infected in perpetuity. Anyone who uses a cracked plugin on a client site deserves every lawsuit headed their way.
Nothing better than seeing cheap fucks get fucked.
Yes. When I was young and didn’t understand what nulled was. We are talking years ago.
I had a site hacked (redirecting) the day after I used the plugin. I don’t even remember the plugin. I took the next day to read was nulled plugins were, like I mean read read and then never again.
Lucky I was able to get alot of plugins I use with LTDs years ago like WPML and other products from AppSumo that are gold to me.
My advice is that it’s not worth it. And now-a-days most plugins offer a way to try thanks to services like instawp. If you really want to test a plugin before buying it, I can see why nulled work but just know there is a risk and don’t test on your live site.
We also are in a great time for WordPress where page builders lile bricksbuilder.io are LTD and it’s addons are LTDs. So you can get a great stack and be set.
Not someone I know, but I have had several clients that have come to me after their sites were hacked because they had used “nullled” or “GPL club” plugins
While I haven’t been burned by them, I used to go check out sites offering them when people posted here or other WP type forums (remember forums? I miss them…) Granted, I haven’t look at them for at least 2 years now.
I can tell you that that EVERY premium plugin or theme I had looked at had code in them that would allow you to execute ANY code you wanted on them. This allows modifying/adding any files in the system that are owned by the same user running the PHP process. (which can also allow them to intercept incoming mail if that is part of the “hosting package”, though people use that less these days)
Please don’t use cracked plugins.
There are a couple sites that are safe to use that resell plugins like themecanal.
But still, please just pay the developers.