There are a lot of sites on the internet offering “nulled” Kadence plugins. And Kadence is not alone. There are numerous sites offering nulled plugins for many different WordPress plugins and themes.
As more and more new people are coming into the WordPress space in order to take advantage of what Kadence offers as a no-code, accessible, and blazingly fast WordPress solution, we thought we would publish this PSA about nulled plugins. It’s important. We want to be sure you can protect yourself.
In a word, if you are looking for a nulled, cracked or warez version of Kadence Pro plugins in order to save money, you are putting your site and your domain reputation at risk.
What is a nulled plugin or theme?
Sometimes a hacker gets a copy of a pro-only plugin or theme, usually from a hacked WordPress site that had poor credential usage or other vulnerabilities. Then, these hackers will take these copies of pro plugins, add backdoors to them with methods that “phone home,” and place them on nulled or warez sites with an enticement to unsuspecting WordPress users just looking for a cheaper way to get started. These unsuspecting users download the infected zip files from the hackers’ site and then upload and install the infected files onto their own site. In so doing, these hackers are tricking WordPress users into unknowingly infecting their sites with malware.
What ends up happening next is unpretty. The hacker gets notified that their bait has been taken, and they use the backdoor on the infected WordPress site to take over the site to either host malware for other infections, infect the site visitors’ computers, send out spam, or even completely deface the site. If this happens, the entire site becomes polluted with malware. The site owner then either needs to rebuild the site or have it repaired by a professional. (We highly recommend backups to make the process of recovering from a hack easier, using a solution like Backup Buddy.)
The probability of a serious malware infection using nulled plugins or themes is significant, and an analysis of the WP-VCD nulled plugin malware shows that these types of hackers have been successful in tricking new WordPress users to infect their own sites with malware using this method.
There are some nulled plugin sites that are even selling very inexpensive (in the range of US$5-10) nulled plugins that may or may not have malware within them, but they are definitely not from the original developer. These nulled plugins won’t come with updates from the original developer, which can be a security risk as you won’t get security patches or bug fixes.
Kadence Nulled Zip Files Exist
In doing some recent searches, it’s apparent that there are quite a few hackers who are offering nulled plugins and using the Kadence brand to trick users into infecting their sites. While we aren’t doing a detailed malware analysis on what we’ve seen, we don’t want this to happen to you.
As such, if you find this blog post in searching for nulled Kadence plugins, we’d like to point you to some experts who have researched this phenomenon.
Our friends at iThemes did a deep dive on nulled themes and plugins, and they’ve got a number of details on how and why this problem exists and how to protect yourself.
Our friend Robert Rowley at Patchstack did a podcast last year about nulled themes and plugins that is worth a listen. Robert has been in the security field for a long time and has great depth and authority in the space.
This problem isn’t just about Kadence products. It is an industry-wide issue, and numerous WordPress users have been affected by this scammers and tricksters.
What to do if you’ve used a nulled plugin or theme
If you’ve used a nulled theme or plugin, the first step would be to uninstall it. Next, we recommend doing a quick malware scan on your site. Using a tool like iThemes Security, you can be notified if there have been file changes on your site that might be suspicious.
A nulled theme or plugin with a backdoor may have exposed credentials such as your administrative passwords. It would make sense to change these passwords, and even your database password in your wp-config.php file. By installing a nulled theme or plugin, you give access to your site’s file system and database to the malicious developer who offered the nulled theme or plugin.
Next, take a look at your Google search console. Because nulled themes and plugins can cause reputation damage to a site that uses them, you want to make sure you haven’t caused your site any harm with Google or any of the other search engines. You’ll see evidence of reputation damage first with Google search console.
Then, we recommend looking for an alternative. If you really don’t have budget for a premium plugin, there may even be a free version in the WordPress repository that does close to what the premium plugin does. With over 50,000 free plugins on the WordPress plugin repository, there is likely something that works for you.
Software is about trust
In our experience working with thousands of WordPress users, we have found that software is about trust. It’s important to develop relationships with your software providers and know them. After all, you’re inviting the plugin or theme code of your developer into your digital home on the web. As well, there might be issues with using software, and the software developers you trust are the ones who can help solve those problems. We adhere to rigorous quality and support standards so that you can rest assured that your digital home is made better by the software we provide. If you look at our reviews on WordPress.org for either the Kadence Theme or Kadence Blocks, you’ll see that we stand behind the plugins we provide, both free and premium.
Our support team is here to answer questions you might have about nulled plugins as well as how to get what you need for the greatest value. We’re here to support our free users as well as premium customers.
Kadence’s pricing philosophy reflects those standards. We strive to give you the best value for your dollars and the best support that you deserve. When you get to know the Kadence team, you’ll see that we have a philosophy of being of service to our customers you won’t find in many other businesses.
Stay safe out there
Above all, make good decisions with your site. We’re here to help you create something amazing and effective for your business, and we’re providing this PSA about nulled plugins to help you make good decisions about the assets you’re creating.