I recently discovered that there is a major cybersecurity risk especially for those who buy wordpress templates that come with plugins that require additional payments for bugs & security updates! These problems mostly come from the largest seller of templates in the world, Envato Pty Ltd, an entity that practices suspicious ways regarding the rules of sale, adding content for trade and purchase, I could say that it is suspected of anti-competitive methods and someone must investigate and bring them on the right path … if something is not right there!

By default, these “premium” plugins included in themplates that cannot be updated because obviously, you have to pay for updates, very convenient I would say!

I could suspect the sellers, creators and intermediaries of templates and plugins of being guilty of a type of agreement, and I could call it a kind of organized crime cartel, whose main purpose is to attract customers into a vendor-lock type trap from that there is no way out, you either pay or risk ending up with compromised sites that is already happening. Every year, about 5 millions of WordPress websites fall victim to cyberattacks and become attack vectors against government entities, large companies, infrastructure and so on!

I recently subscribed to Envato to download a template and I already had built in plugins in the templates that were old and needed updating, and obviously I have to pay again…

and from my point of view, it is not normal or ethical to pay updates that solve bugs and security holes!

It’s like buying Microsoft Windows and later Microsoft asking you for extra money to have access to updates for security holes, that would be crazy!

It is imperative that any Wordpress Plugins, Themplate or Tools must have free updates that solve bugs and security holes, valid for each version. This must be a rule and obligation, not a suggestion!

Amongst vulnerable WP plugins, 91.38% were free plugins from WordPress.org repository, and about 8.62% were premium plugins sold through third-party marketplaces like Envato , that are generally due to updates for which you actually have to pay and many choose not to pay!

Wordpress and the entire chain of affiliated or derived products (templates, plugins and other tools) can no longer be an ignored and independent entity, there is an urgent need for the European Union and other states to consider a different approach regarding the control over such of entities that can end up being a danger to global security… cyber security must be at the forefront as an objective on the agenda of the world’s states!

The current war in Ukraine, as well as Russia’s threat to Europe’s security, already shows us where we are heading and what are the real threats of the future… the internet is an important attack vector and represents one of the most vulnerable targets against everyone!

Decisions must be made today, as quickly as possible, and from recent observations the only entity fighting for citizens’ rights is the European Union, the rest of the governments are already far too corrupt to do anything concrete and quickly!

We cannot rely on Asia, except maybe Japan. China has its own agenda and its interests are above the interests of others! We can’t rely on the United States, maybe Canada, but I have reservations. African and South American countries do not have an essential power in this sense, they are relatively insignificant to really change something!

P.S. Soon the number of wordpress websites worldwide will approach 1 billion, and the security problems will be greater and greater, clearly threatening cyber security worldwide. A zero day exploit found in millions of wordpress code, templates and/or plugins that can be exploited by malicious actors, and can be used as a vector for attacks even on an entire state!

* Some images and info from colorlib.com.