There are lots of sites out there that provide file sharing services and are meant to be a convenience for people that want to exchange large files and for other collaborative uses. There are also membership sites where the unethical practice of software sharing goes on.
Most people are unaware of the dangers in using these types of sites and the pirated software that is readily given away. Remember that these sites, many of which run the gamut from unethical to totally unscrupulous, aren’t there because they are nice guys. There is always an ulterior motive!
The inherent dangers of using these sites to save some money versus the real chaos that they can create have been widely reported. An example from Intego, an internet security firm, reported alerts about Trojan horses in pirated copies of both Apple Iwork-09 (Jan 22, 2009) and Adobe Photoshop CS4 (Jan 26, 2009). Once your computer has a trojan horse virus on it, the virus-perpetrator can do almost anything they want on your computer like view sensitive data to key-logging to crashing it.
That is one end of the spectrum and it goes from there to things like one of our new members recently experienced. Here is a transcript of the conversation on our Forum and this person asked prior to becoming an actual member:
Member:
Hi, I recently downloaded what appeared to be a genuine install of Revolution Chrome from a site that claimed that it had been made freely available, but now I’m not so sure.
In the version provided, functions.php brings up a header error and is full of hidden adult site links after miles of white space so it isn’t easily noticed, so I Googled the developer and it led me here.
Is/was Revolution Chrome free at any point or did I download an unlicensed, altered version? I strongly support copyright, so if I made an error I’ll be buying Chrome from here, but I’d like to know first if functions.php contains lines such as;
(code example removed as they were Porn links)
If not, then it seems someone is screwing with your code and sharing it. My concern is that if what I downloaded is representative of your product, then the official version would also cause the same errors and/or contain the same links (I wouldn’t pay for code that held those links for bots to crawl).
So my questions are, did I download an unlawfully shared copy, and if so does the official version have cleaner code? I wouldn’t want to have to dispute a Paypal payment, so if those sites pay you to have those links embedded, I’d respectfully look elsewhere.
Kind regards,
D
Moderator response:
You have a pirated and obviously hacked version. StudioPress code is clean in every aspect.
Member:
Brilliant, thanks for your quick response Debra. Now installing the correct version of 2.0.
edit: Works beautifully, thanks again.
Another Mod’s response:
As a general rule of thumb (with a few exceptions, WordPress Extend being one of them), never download a theme from anywhere other than the author’s site. The same can be said for plugins too.
Brian’s response:
I wholeheartedly agree here – only trust downloading a theme from the original source or developer. As you have found out – even those who claim to be legit aren’t, and most places that have premium themes available for download freely have hidden incentive for themselves, in this case hidden links.
Was that free or extremely-cheap price for the theme, plugin, or software really worth it?
As you can see by our member’s experience, nothing is truly free and 99.9% of the time there is a hidden motive. You’ve heard the saying plenty, “If it is too good to be true, it usually isn’t”.
As a rule of thumb, you are better off, in the long run, to download software, themes, or plugins from the “real” software company or author’s site and make any financial investment, if there is one required, than to experience the trouble that can come.
Your alternative is taking a huge chance that your personal financial information is stolen or that all your hard-work in creating a website is for naught because either:
A) your site performs poorly in the SERPs for your target keywords, all because, unbeknownst to you, your site is full of spam or porn links.
OR
B) worse is the possibility of a trojan that allows a hacker to penetrate your site and destroy it.
It is a major headache to deal with protecting your financial information after it is stolen, just ask my wife, who recently had her purse snatched. It is also a real pain to recover from your site being hacked.
This is a cautionary article written in response to the emails we receive with questions like the Member above asked. Remember, if it is too good to be true, it probably isn’t, so be safe and get your themes and plugins from the “actual” authors. Or you can pick up a theme from the WordPress theme directory.
Update 03/17/10: Here is a great followup article over on ThemeLab, with great additional information.
About Craig Tuller
I would like to add that, I think most bloggers don’t even realize that they are in fact paid premium themes in the first place so they don’t know any better. I stumbled across a couple that I didn’t know realized were premium and should be paid for until I started browsing the site more. Then I got to thinking, why not use them? Then, a wise gal, Daisy from WPMama.com, told me that is a big NO-NO and that not only is it unethical, it could cause harm to your blogs like you are saying here.
Luckily I have her but other bloggers don’t so I think it’s great to see the word spreading around.
Thanks for adding Lori.
Quote: ” even those who claim to be legit aren’t ”
I dont believe that (as Brian states) those that claim to be legitimate aren’t.
Proove that they are corrupt or they blatently corrupt themes that are submitted to their sites.
WordPress galleries are major affiliates of StudioPress – without them, StudioPress would have less sales.
Cheers
Mark – good point. I should have pointed out that not all sites that claim to be legit aren’t – yes, some of them most definitely are legit. But I will point out that if a site is an affiliate, they aren’t providing download links anyway – rather directing folks back to our site for purchase.
Great post Craig, I will insert a note of caution that plugins submitted to the repository aren’t checked for malware. I don’t know about themes, but I’m guessing the same is true. It’s caveat emptor all around.
Thanks Tris and good point.
The themes uploaded to the official repo are definitely checked over for encrypted code.
Few days ago a friend of mine sent me a link of one of the websites that offers illegal downloads, because he found mine GD Press Tools plugin there. I downloaded it to, and compared with my clean version, and 12 files were changed, in some of them was base64 encoded content and in all the rest were bunch of download links and all kinds of crap. They added over 100 kb of crap into it. God knows what encoded content does, I wasn’t interested to test it.
So, both plugins and themes are available in pirated form and contain all kinds of things added, and users need to be on the lookout if they decide to try that. Always download from source.
Milan – thanks for confirming this for us. It’s really sad that folks misuse the GPL to embed spam links into the theme. Sad world, it really is.
It’s good to have articles like this one, and I hope that other people will share their experience, because this is the best way to educate WordPress (and other platforms) users to get themes and plugins from the authors. Getting something for free is always tempting, but consequences can be very serious for website security.
I admit to have tried several sources like that and I can confirm too that those are unsafe. It has it pros and it cons to use such websites. You could install them on a test site and check how the theme/plugin might work for you, if it really suits you. And then later on opt to purchase it. That’s what I did. But I never installed such on a live website. That’s how I ended up subscribing to Nick’s Theme Club.
I preach about this very thing ad nauseum at the .ORG forums. I’m also an administrator at WeblogToolsCollection and my main job there is inspecting the submitted themes for suspicious code. You should see some of the crap I block.
Len, There are some good themes that are submitted to WeblogToolsCollection, but I bet you could write a book on the shady themes that are submitted, too! Some people will try anything. Good thing there is a gate-keeper!
This is an indeed good article, I think many people will benefits from it, I will share it with my readers … thank you Craig for the heads up, cheers!
Thanks Ann, great to know it is going viral.
I found a similiar download which was what lead me to StudioPress.com as well, Craig was very helpful in advising me of the fact it wasn’t legit copy. I was so impressed with Craigs quick response and helpfulness (It was a late Friday evening during the Christmas holidays to boot!!) I ended up purchasing a full membership.
What can I say, am a bit of a night owl. Glad you are happy Dan.
Brian, have you thought about offering some of your old themes for sale but at a cheaper price?
example
Sport, older version of church etc??
Q
“If it is too good to be true, it usually isn’t” ???? Errr, I think you mean it usually IS! LOL
Yes, I guess it could be that way. I was thinking it was NOT true when I was writing. LOL
“Was that free or extremely-cheap price for the theme, plugin, or software really worth it?”
Free WP and for an example StudioPress theme at price of $59.95 is unbelievably cheep that all together can’t be cheaper.
10 or more years ago businesses were paying thousands of dollars to get web sites professionally designed and unless someone in company new HTML they could not and did not know how to update pages, change photos, etc. and had to keep paying for it.
People, common
I got a link sent to me from a friend telling me they had premium themes for a fraction of the price. Being curious, I visited the site and a virus was installed on my notebook. To this day IE wont work so I am stuck using Firefox which I don’t like. I could format my notebook but I have so much information on it to back up that it makes it nearly impossible for me to completely fix my ntoebook
Ouch! Betting the friend email was a spoofed email to boot.
I’ve downloaded a few plugins over last few days and now my Categories are bringing up error page. Think I will need to de-activate all plugins and gradually reinstate one at a time to try and find the culprit.
Will sure teach me to only use sites I can trust.
just invest in the all theme pack from Studiopress. It’s well worth it!