Is there any way to pirate premium WordPress plugins and minimizing the chance of getting malware? Meaning perhaps there are certain sources that are known to provide malware free content and generally have a good reputation. I know piracy will always involve risks but it doesn’t hurt to ask people with first-hand experience. I am even willing to pay but there’s no way I will afford plugins that cost hundreds of dollars a year anytime soon.
The problem is that you also get malware with legit premium plugins. I bought a $59 plugin on codecanyon and my WordPress install was hacked because it had an unpatched bug that allowed anyone to register as admin.
Did not get any single warning email from codecanyon or the dev, I just got lucky that the hacker was dumb enough to try to claim my site on Google search console and Google warned me immediately, so I could just revert a backup after understanding what was going on. Luckily, again, the hacker left the hints in the admin panel by uninstalling my “premium” plugin, so I understood that was how he could get inside.
If it’s a new website, avoid WordPress. It’s a security mess and extremely inefficient. I am burdened by this technical debt, migrating now it’s very time consuming.
Damn, that’s crazy. I suspect this could be mitigated somewhat if you only get popular premium plugins that are open source as well. But that is likely more expensive and limits flexibility.