How to Handle Nulled WordPress Plugins and Themes (and Their Users)

What Does a Nulled WordPress Version Mean?

WordPress’s version of piracy (minus the swashbuckling adventure)

What’s to Be Gained from Nulling a WordPress Plugin or Theme?

An Invitation Into GPL Marketplaces for Nulled WordPress Versions

How Nulled Version Websites Get Away With Copyright Infringement

‘On to the next one’
  • Security breaches
  • Incompatibility issues
  • Zero updates and troubleshooting
  • Lower SEO ranking
  • Bad user experience
  • No support

Should Developers Offer Support for Nulled WordPress Plugins and Themes?

How to Contact Suspected Nulled WordPress Product Users

It doesn’t happen to me very often. It’s very rare. Usually, when I can’t find their license, I ask users to confirm which email they used to purchase the license, or if they can confirm what is their license. In most cases, they do manage to confirm a different email or provide proof. Maybe some don’t reply. And usually, I write something along the lines that I can only open a proper support ticket in our platform with the license key, not only [to find out if it’s nulled] but also to confirm the user is entitled to support.

Actually, in the +2 years of using Freemius, I never had a user without a license “demand” support.

Responding to Nulled Version Users Who Request Support

As my plugins have a free version, I have a stock reply. Basically, you appear to be a free user — if I’m wrong, send me the proof of purchase, if not please go to forums. Obviously, that deals with both free users and nulled users, but to date, I have not yet identified a nulled user asking for support. In fact, I have only identified one nulled instance, which was the premium version still operating after the trial.

We at Advanced Ads are not using Freemius, but became pretty good at finding the license attached to a nulled version. It happens regularly that a user who doesn’t have a valid license reaches out via email — but more often via the forum. We politely ask them to verify the license before they get support. If they reached out via, we can also ask them to reach out directly, since is not the place to get premium support.

What we found out is that many sites that share nulled versions get it from the same source. So if you can identify that single purchase, you stop most of them from getting plugin updates. At least for a while. They tend to make a new purchase to get a new license key after a while (more on this later). Sometimes, they reached out to our support complaining about being blocked. Of course, they always deny having shared the license.

Only in one case in the past have we given a user another chance. I would say it was a gut feeling from their communication after we told them about disabling their license. I have been 15 once upon a time when it felt normal to share floppy discs with software on the schoolyard. I believe that there are a few people who simply don’t know the harm they are causing. They think this is a good thing they do for others if they share their license.

How to Respond to Angry Nulled WordPress Plugin and Theme Users

A user asked (actually demanded) that I do some customization because they purchased. I asked them to share the license code and they responded it was for a client and couldn’t provide it due to an NDA, etc. and that they don’t have access to the licensor’s website. Sure…

I responded that they could hire us for a customization fee. They replied angrily that they’d rate us one-star and badmouth us. I called their bluff and asked: If you don’t have access to the licensor’s website, how can you give a one-star rating?

I created a system that has an automatic license verification, which means the user needs to provide their license key to get support. When I get such emails, I simply redirect them to the system, asking them to use their license key. Legit users don’t mind. Nulled users usually don’t reply … well, sometimes they do, but I don’t entertain them anymore because it’s a colossal waste of time.

Is There Any Recourse Against Nulled WordPress Plugins and Themes?

What to Do If a Nulled WordPress Plugin or Theme Is a Trademark Infringement

What to Do If a Nulled WordPress Product Is a Copyright Infringement

Well, After multiple request across multiple platforms and 24 hours my content hasn’t been removed from the site stealing and reselling my course without permission — a site owned by a WordPress plugin company

- Jennifer Bourn (@jenniferbourn) April 29, 2022

  • First, generate a notice. There are tons of generators online that can do this.
  • Next, send the notice to the website owner, hosting company, and ISP. You can go one step further and notify search engines to remove the site from their results.
  • This site will help you identify the hosting company and this one will help with the ISP.
  • To file the DMCA at the relevant link, Google ISP_NAME / HOSTING_NAME + DMCA.

Truth be told, when I realized my plugin was being “pirated”, I was actually happy because it meant to me that “okay, I have produced a great piece of software that people are willing to pirate”. But yeah, I did send DMCA notices to sites that were selling those nulled versions for a lower price.

What Measures Can Developers Take to Protect Themselves Against Nulled WordPress Products?

Encrypted Token or Hidden ID in the Product Zip Download

Is Trying to Stop Nulling Worth the Blood, Sweat, and Tears?

Nulled versions are part of the game for open-source products. There’s nothing you can do to solve the problem. I lost days in the past trying to put them offline, but for every one removed from Google lists, 10 popped up.

- Luca Montanari of LCweb

The common opinion is based on the assumption that most people who get their hands on nulled WordPress versions aren’t going to become customers anyway. Let’s say that out of all your product distributions, 2% are illegal and roughly 90% of those users are never going to buy your product (because that’s why they went looking elsewhere in the first place).

We’re talking about a very small percentage of people who are going to end up as lost customers — approximately 10% of that 2%, which ends up as 0.2%. Also, these websites are like mushrooms: if you manage to take down one, another will pop up soon.

So you just say, okay, 0.2%. That’s internet fraud. That’s the cost of doing business, just like chargebacks, refunds, and everything else that comes with it.

  • Cost of license = $50
  • 20k active installs
  • 5%* conversion rate = 1000 customers
  • 2% nulled versions = 20 illegal licenses
  • 10% unintentionally use illegal versions = 2 licenses
  • Yearly revenue: $50,000
  • Loss to business: $100
  • Cost of license = $50
  • 1 million active installs
  • 5%* conversation rate = 50,000 customers
  • 2% nulled versions = 1000 illegal licenses
  • 10% unintentionally use illegal versions = 100 ‘lost customers’
  • Yearly revenue: $2,500,000
  • Loss to business: $5000
  • Cost of license = $50
  • 10 million active installs
  • 5%* conversation rate = 500,000
  • 2% nulled versions = 10,000 illegal licenses
  • 10% unintentionally use illegal versions = 1000 ‘lost customers’
  • Yearly revenue: $25,000,000
  • Loss to business: $50,000

If the full 0.2% of lost customers are being distributed from one website and you have a lot of customers — I’m talking in the region of 10 million like the above — then, yes, maybe it’s worth it to take action. Those kinds of losses are meaningful.

I would say that it’s at this scale where I’m seeing companies start to chase after these distributors and websites … like the Yoasts of this world. They’ve got legal … they’re working with them all the time.

But if it’s a business with 30 team members, I don’t see the value in pursuing. You’re losing 5k a year and you’ll probably spend more on getting legal involved. The math just doesn’t work.

Use Case: A Strategy to Turn Nulled Version Users Into Paying Customers

At some point, I was curious how many people use my plugin without a valid license, and since the plugin regularly checks for updates, this should be easy to achieve. In March 2021, I started collecting some metrics to get a bigger picture, and in only 48 hours I had collected 7000+ requests. After 15 months, I got between 800 and 1500 new entries each month — roughly 1000 on average. If you compare this with the actual sales it’s 5x to 10x 🤯.

There were a lot of ‘strange’ websites on the list and there were also some legit businesses (restaurants, lawyers, bookstores, personal blogs, etc.) which often had a web agency in their imprint. So I thought they may be legit businesses that had no clue about licenses and nulled versions of plugins or even WordPress. So I thought to show them a friendly notice in the backend.

  • 24K installs
  • 63% (15k) saw the message
  • 0.011% converted
  • 30–40 new activations every day

Take Action (or Don’t) by Deciding on What’s Best for You…



Monetization & Insights platform for #WordPress #plugin #developers.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Monetization & Insights platform for #WordPress #plugin #developers.