In an attempt to protect its intellectual property from piracy, a WordPress plugin developer implemented a rather controversial solution for one of its products.
As a result, the community is up in arms, with some people calling the solution malware and others warning of possible legal fines, or even jail time, for the developer.
The plugin in question is called BricksUltimate Addon and is developed for Bricks Builder, a very popular site building platform designed primarily for advanced WordPress users. BricksUltimate is a third-party plugin that allows those users to implement additional features and interactive elements, such as animated menus and star ratings.
Invasion of privacy
However, Search Engine Journal has now reported how BricksUltimate developer Chinmoy Kumar Paul wrote a snippet of code that secretly checked whether the plugin's license was valid. If that were the case, nothing would happen. However, if this were not the case, he would unpublish all posts on the website.
This sent the community into a frenzy. Some people described the code as malware and a backdoor, others as an invasion of privacy.
“Some developers bypass the licensing API with some custom code. At that point, the plugin is activated and works without any problems. My script simply crawls those sites and checks the license key. If they do not match, the data is deleted. But it is not the best solution. I was just testing,” the developer said in response to the community outcry.
“Next time I will improve it with other logic and tests. People are just exaggerating. I'm still looking for the best solution and updating the codes based on my report. Many spam users email the issue and I'm wasting my time with them. So I'm just trying to find the best option to avoid this kind of thing.”
Finally, Search Engine Journal reminded its readers of a report from Wordfence (WordPress security project) that argued that intentionally leaving backdoors in the code can lead to fines and even prison time.
