The website of Ghana’s Ministry of Health (www.moh.gov.gh) has been exposed as using a nulled theme, or wrongly acquired WordPress plug-ins, which is unethical and could pose security risks.
When you login to the site you are greeted with a very shameful message that reads “this website is using an illegal copy of Jannah Theme”.
Then later it changed to “Under Maintenance”.
For one, using nulled themes or plug-ins means the website designer is cheating original theme creators of money they deserve, which is unethical, and also exposing the MoH website to other inimical stuff that may have come with the nulled theme.
Whoever developed the MoH website cut corners to do this and may have exposed such an important government website and it’s content to hackers. It is a www.gov.gh website and it could have implications for government as a whole.
When Techgh24 reached out to the Public Relations Officer of MoH, Elorm Ametepe, he declined comment saying ye was are aware of the problem, but today is a holiday and he needed to be in the office before he could speak on the matter.
Why people use nulled themes
No one likes spending more money than necessary – it’s a human thing. Because people are always on the lookout for ways to cut costs, some WordPress users are tempted to turn to nulled WordPress themes and plugins instead of paying for the official premium version.
Even though using a mulled theme, may not necessarily be breaking any laws, it is still a bad idea for a number of reasons.
What are considered Nulled Plugins and Themes?
There are various definitions around the web when it comes to the term nulled. But general, nulled refers to premium WordPress plugins or themes that have been hacked or contain modified code designed to cause harm or collect information. These are obtained from a third-party website and not the original author or creator, and sometimes are made to work without a license key.
The reason using nulled themes may not necessarily be illegal is because they have a GPL (General Public License), which means anyone can freely distribute it because, generally it is allowed for anyone to distribute a GPL-licensed software, even premium ones.
So if a nulled plugin site puts a piece of GPL-licensed software up for download, they’re not technically breaking the law because they have the right to freely distribute that GPL code.
The GPL is a big part of WordPress, and most (but not necessarily all) WordPress plugins and themes use GPL. This is, in part, because themes and plugins must be GPL-compliant in order to be listed in the WordPress.org directory.
While premium plugins aren’t required to have a GPL license, many also have a freemium version on the WordPress repository, which then does a require GPL license. Or they choose to have a GPL license. Many premium plugins such as WP Rocket and Gravity Forms are GPL-licensed.
There are other reasons, as well – like being able to use existing GPL-licensed code in plugins and themes. Typically, if you use existing GPL-licensed code in a product, you must release subsequent products under the GPL.
Basically – most of the nulled WordPress plugins and themes that we see are probably not doing anything illegal. In fact, GPL is one reason why WordPress is great.
But an Accra-based web designer told Techgh24 that the MoH is obviously is “obviously not GPL compliant even if the site developer did not steal it.”
Indeed, the fact using nulled themes may not be illegal, doesn’t mean anyone, let alone a whole government institution like the Ministry of Health, should go out and pack its website full of nulled extensions.
Four reasons it is a bad idea to use nulled WordPress themes
Just because nulled extensions are legal, doesn’t mean it’s a good idea to use them at your WordPress site.
Here are four reasons why you still shouldn’t use nulled plugins or themes on your site.
You Don’t Know What Else Is in the Code
When you download an extension from a source other than the developer (or a trusted repository like WordPress.org), you don’t know what else is lurking in the code.
Malicious actors like to use nulled plugins or themes to insert their own nasty payloads, like injected links for SEO (search engine optimization) or even more sinister actions.
There are many Facebook groups where members share nulled WordPress plugins. When you use a nulled extension, you’re opening yourself up to this type of exploit because, unless you have the knowledge and time to dig through all the code, you have no idea what else is lurking for you in the nulled extension.
Beyond exposing your site to hackers, you might void any potential help from your host. For example, some website hosts offer a free hack-fix guarantee, but this guarantee doesn’t apply if your WordPress site is hacked due to a backdoor in a nulled plugin or theme.
This isn’t a universal issue, as you can find legitimate GPL clubs that offer clean products (usually for a monthly fee). But even if you pay for a GPL club that offers downloads free from malicious code, there are still other important reasons why these extensions aren’t a good idea. And how are you to know which GPL club can be trusted?
That’s why plug-ins obtained from third-party websites are typically referred to as nulled. It’s much safer to assume that if you didn’t obtain it from the original author that it may have modified, unsafe code, or even a virus. You can use an online tool like VirusTotal to scan a plugin or theme’s files to see if it detects any type of malware.
You deny developers their well-deserved money to continue improving their products
While most developers do indeed enjoy creating WordPress products, most of them also enjoy being able to eat and afford a roof over their heads.
That is, WordPress developers need revenue in order to be able to justify the time that they spend maintaining and improving their products.
When you use a nulled extension, you’re depriving them of the revenue that they could use to further enhance their plugin.
Basically, you’re shooting yourself in the foot by being a freeloader!
Would the Elementor page builder team be able to keep pushing out new features, like theme building, if everyone were using a nulled version? Would the OceanWP theme have all those great add-ons if there were no money coming in?
The WordPress community needs to support developers. This is how we grow.
If you’re going out of your way to find a nulled version of a plugin or theme, that probably means you think it’s a valuable addition to your website.
So even if you don’t think it’s worth paying the developer for all the hard work they’ve already put into building you that product, why are you depriving yourself of a chance to get an even better product in the future?
Basically, you should help developers put food on the table so that they can keep creating awesome stuff that makes your life easier.
You Won’t Get Any Support From The Developer
Nulled extensions can get you all the features of a premium plugin or theme, but they’ll never be able to get you all the benefits that a paying customer gets.
That’s because a big part of what you’re paying for with GPL-licensed software is support from the developer.
When you pay for a product, you get the option to reach out directly to the developer if you encounter any issues with the product.
On the other hand, with a nulled extension, you get zero support. Hit a snag? Hopefully Google helps! Because that’s pretty much your only option. If the plugin your using has a free version in the WordPress repository, you might be able to get a response there. But let’s be honest, it’s pretty much like playing the lottery. And that’s simply because developers simply can’t afford to work for free.
If you waste three hours fixing an issue that the developer could’ve fixed for you in five minutes, did you really “save money” in the end? Probably not (if you value your time).
You Won’t Get Any Automatic Updates
In order to enable automatic updates for a premium plugin or theme, you’re going to need a license key.
Without a valid license key, you’re going to have to manually update extensions every time there’s a new update.
There are two big problems with this:
First off, it’s just plain annoying and time-consuming. You go from having to simply click a button, to having to delete and re-upload a plugin every single time.
No updates without the license key
That’s not the biggest issue, though.
More importantly, you’ll no longer get that red update notification in your WordPress dashboard. That means you’ll have to find another way to keep track of when new updates come out.
What if the developer releases an urgent security fix, but you don’t get the memo until a few weeks later? Out-of-date extensions are a big attack vector for WordPress sites, so you’re leaving your site open to unnecessary risk if you’re not able to promptly apply new updates.
It’s true that some GPL clubs go and grab the latest versions and then they’ll release the update on their site. But who do you want to put your trust in? A GPL club with a thousand different plugins, or the developer of the plugin. Is that risk worth saving a few bucks?
Who would you rather trust for updates? A GPL club with thousands of plugins, or the developer of the plugin?
We don’t see any good reasons to use nulled plugins or themes. However, if you’re really want to get nit-picky, here’s one scenario we’ve personally heard from users.
A lot of premium WordPress plugins don’t have free versions or trials, and their refund policies might only apply if the plugin didn’t work due to a technical reason. A lot of times plugin developers have to be strict with their refund policies to prevent abuse from those trying to get a free copy.
If you’re a WordPress developer, agency, or freelancer, there might be some instances where you simply need to see if a plugin will work for a client. It might not always make sense to buy the plugin if it ends up not being able to do what you need. Because then you’re out the money.
Testing a nulled plugin or theme locally or on a staging site (never on production) might be the route you decide to go down. We won’t be sharing where to get any of these on our site.
If you do this and discover that the plugin or theme does indeed deliver, then, by all means, chat with your client and purchase it to get a legitimate license key, support, and updates.
Don’t Use Nulled Extensions on Production Sites – It’s Not Worth It
On the surface, it might seem like a great deal to get a premium plugin or theme for free. But in our opinion, it’s just not worth it. Even if you find a source for legal, clean GPL plugins and themes, you’re still going to waste extra time because you:
Have to configure and fix everything by yourself since you don’t get access to support.
Will have to constantly check for new releases and manually update yourself.
Time is money, and nulled plugins and themes will take you more time to use.
Beyond that, you’re just plain depriving developers of the rewards for the hard work they’ve already put in, as well as money to keep improving their products going forward. Even if you have no problem with the ethical implications there, you’d lose out if everyone used nulled extensions because developers would have no incentive to improve.
So – think twice before installing a nulled plugin or theme. Especially if your building or working on other people’s WordPress sites. Don’t put your client in a bind later down the road. We’ve seen this happy way too many times.
If you’re really on a budget, consider one of the 55,000+ free plugins and thousands of free themes that are available at WordPress.org.
