Our WordPress Plugin was Forked!

WisdmLabs
11 min readOct 4, 2018

--

It was four years ago when I was assigned to the project for developing Custom Product Boxes. I liked the concept of the plugin. I was really passionate about the project. We all tend to have that extra mile of energy and intensity when we are comparatively young in our careers.

Oh! sorry, I forgot to introduce myself. I’m Sumit, a Senior Developer at WisdmLabs. Also, I’m the deputy narrator of this story.

The idea of Custom Product Boxes came from a requirement of adding custom products and bundling them. We saw what it offered for online stores, and decided to go all out, making the functionality into a WordPress plugin. That’s how Custom Product Boxes (or CPB, as we call it) started.

Weeks passed by. We were hard at work, developing and testing the prototype, diversifying it for different scenarios that could involve bundling custom products. The daily routine was simple. Come to the office. Give your cent per cent to Custom Product Boxes. Go back home.

Custom Product Boxes was launched towards the end of 2014. From conceptualization to the final product, the plugin had gone through a lot of changes, but I was happy with the way it turned out.

The plugin was an instant hit. A few months of marketing and sales were rocketing up. I used to keep going through user reviews, seeing customers benefiting from the product and sharing their genuine feedback and feeling genuinely satisfied with the product.

The team as a whole loved CPB as well. We used to frequently brainstorm ideas to come up with new and useful features that would help store owners.

Fast forward to the present day.

It was like any other day at work when the sharp ping from the Hangouts tab suddenly interrupted me.

“Guys, somebody has forked Custom Product Boxes!!!”, said our Head of Marketing.

I was extremely surprised. Clicking on the link, I immediately navigated to see what this new plugin was.

The link redirected to a plugin developed by a company called Progos. The product was called ‘WooCommerce Mix & Match — Custom Product Boxes Plugin’.

The office erupted.

“Look at this! From layouts to design, everything is the same as CPB, line by line”

“Even the colors in the demo are the same as ours.”

“What do we do now? Should we report it to the marketplace? How do we get in touch with them?”

“This is wrong. These guys are simply trying to piggyback on CPB’s popularity!”

“Correct! They are also using WooCommerce before the product name which isn’t allowed by WooCommerce.”

“How can Envato allow this? We should contact them immediately.”

The discussion went on and on. There were strategies being made to address this. A meeting was called. An approach for communication was decided upon.

I wasn’t sure how to react.. I felt let down, not only as a developer of the original product but also as a community member of WordPress.

Of course, I had heard stories of forked plugins and misleading themes. But I didn’t expect this would happen with us. Just like all of us believe nothing bad will ever happen to us until it does happen.

I was disappointed though. I understand that within an open source ecosystem, like WordPress, one can get inspired by another product and create something similar or better.

As a matter of fact, that is one of the things I like about WordPress. However, ripping someone’s work off without giving due credit is what strikes me as abusing the power of WordPress.

Anyway, finally, we decided to talk to the people over at Progos. I’ll let our marketing head tell you how that went.

The Forking of Custom Product Boxes — Marketing Perspective

Crisis management is a subject that you wish you don’t have to use in your marketing career. But it isn’t the case that you get surprised by a crisis.

Hi, I am Sagar, the Marketing Head for WisdmLabs’ products.

It was when I was checking search engine ranking for all of our products (a weekly ritual) that I discovered the plugin by Progos.

It looked strikingly similar to our plugin, Custom Product Boxes. At first glance, it looked like an unacknowledged, modified copy of Custom Product Boxes that also uses the name and fame of ‘Mix and Match Products’ developed by Kathy Darling.

I had to be careful and prompt at the same time while dealing with it. But first I had to share it with the team on Hangouts when I wrote,

“Guys, somebody has forked Custom Product Boxes!!!”

You’re now probably thinking how I have no cause to accuse anybody of forking. WordPress is open source, so anybody can buy and redistribute the code. You’re thinking there’s nothing wrong with that! True and false.

Let me explain to you what had exactly happened and what was wrong.

Understanding the Transgressions of Forked Plugins

Just like all the plugins and themes, WisdmLabs offers, Custom Product Boxes has a General Public License (GPL).

As we all know, the License makes sure that the program remains a free software for all its users. Free software refers to the freedom to share and change versions, not the price.

While users can modify and share a program licensed under GPL, they must also follow the precise terms and conditions for copying, distribution, and modification.

#1 Not marking the plugin as changed

To start with, the modified version must be marked as changed so that its problems will not be attributed erroneously to authors of previous versions.

Progos had violated the same principle blatantly. Their plugin created confusion for people visiting Envato Market. For example, when one of the users commented on the plugin asking if they were the same author as that of WisdmLabs’ Custom Product Boxes, this was their reply.

#2 Propagating instead of modifying

Secondly, GPL clearly mentions that ‘modifying’ a product means to copy from or adapt all or part of the work in a fashion requiring copyright permission.

Progos had not modified the plugin, simply propagated it, without taking permission from us, the original authors.

To propagate a work is copying, distribution or making available to the public without permission. This makes the accused directly or secondarily liable for infringement under applicable copyright law.

Progos’ plugin ‘WooCommerce Mix & Match — Custom Product Boxes Plugin’ was happily endorsed by Envato Market. They also stated that quality checks had been run by Envato before putting up the plugin on their market.

Looked like the quality check by Envato had missed on some serious fronts– the way ‘WooCommerce’ was used in the name, using the exact name of WisdmLabs’ Custom Product Boxes and that of ‘Mix and Match Products’ developed by Kathy Darling and not marking the altered product as ‘changed’.

And these observations could be made just by having a look at the plugin and the product description and running the content for a simple copyright check.

There was not one thing that’s wrong with Progos’s plugin; there were many.

#3 Changing the license

Thirdly, there was another major violation of GPL, related to licensing.

Progos’s plugin was licensed under Envato Market’s Standard License. However, according to GPL, if someone is modifying a product (that has a GPL), it should necessarily be licensed under the same License, i.e. GPL, so that the next owner gets the same freedom of rights. All the obligations under the license must be met before a GPL-covered product is distributed.

If the modified product is distributed without the GPL license, all the rights under the license would be terminated.

After having discovered all this, we had two options in front of us — one, we could sit quietly, do nothing about the issue and simply increase our marketing efforts for Custom Product Boxes, or two, we could voice our concerns and take some action to make things right. We decided to do the latter.

How did we tackle the issue?

I began by trying to comment on the plugin product page to inform the customers that how this is not a valid product, but just a copyright infringement and GPL violation.

It was important to inform customers about the right thing since they could end up buying the forked plugin and then end up wasting their money and time as there might not be any useful support for the plugin. The major problem with using a forked plugin is that support is next to negligible. The developers don’t understand the code, so they cannot do anything to help people who are facing problems in using the plugin.

The next step was to contact Progos and Envato Market. But before I could start doing that, I noticed that our comment on the product page has been deleted. I commented again only to find it removed again.

Upon contacting Progos through emails, I met feeble and typical responses. The responses denied all our concerns. The license violation wasn’t acknowledged either. However, something weird happened soon after. I was going through the product page again. Blimey! The page no longer existed. The product was removed from Envato Market.

However, after we raised a complaint with Envato, they took swift action and removed the plugin from the marketplace.

I rejoiced at this small victory. Only that, it was rather short-lived. In just a couple of days, the product appeared again. The screenshots and live preview, that earlier resembled our content, had been replaced with new screenshots and a new preview, as if that changed anything.

I had sent a query to Envato Market earlier, informing about the product and asking for help to take it down. Envato Market helped us in the process by sending us an option to send a signed DMCA takedown notice (copyright complaint). Once we had sent the same, Envato was quick to take down the plugin.

This entire incident, though unpleasant, taught us a lot of things.

WordPress is a wonderful platform to work for — we have been working in the ecosystem for over 6 years now — but the crevices in the WordPress atmosphere make it difficult for developers and customers to extract the maximum value out of the community.

Over the past few years, there has been a tremendous increase in the quantity of nulled and forked plugins available, which I believe is ruining the WordPress ecosystem. As a member of the WordPress community, we are supposed to add value, create something new, or make an existing offering better.

However, practices like selling the nulled version of premium plugins take a toll on developers. Nobody likes to see their hard work being wasted, right? They deviate from the mission of WordPress, which is democratizing publishing and the freedoms that come with open source.

The beauty of open source is that it is extremely customizable. You take the source code and modify it the way you want, so long as you keep making it better. Honestly, forking is not an issue, as long as the new developer keeps improving the code for the benefit of the users. If they don’t, if the plugin deteriorates, users become disillusioned with the entire platform, and WordPress suffers as a whole. That is what we need to avoid.

Here, I would like to paraphrase our founder, Rohan Thakare’s opinion on this incident.

Whenever a plugin is forked and wrongly propagated, there is a potential risk of losing credibility for a developer when the original product is challenged and duplicated in an unethical manner. The loss to customers is humongous considering their money being wasted on a product that offers little or no support.

There is a risk of further infringement if a customer decides to redistribute a wrongly-licensed product. The sanctity of open-source and GPL is contaminated every time something like this happens. As developers, we are here to bring innovation to the community. Such unethical practices make it more and more difficult for good vendors to market their products as well, because ultimately it reflects badly on the community as a whole.

I believe that we need to find a way forward by coming together and contemplating for the improvement of the system to minimise and eventually eliminate such unlawful practices.

So, what does the future hold?

Despite the malpractices we see, I think the WordPress community is powerful enough to rise above the challenges. On the whole, we are a lot that recognizes true value and appreciates quality work.

The malpractices like forking plugins without consent and redistributing them have been creating an insecure, unethical atmosphere. However, I’m sure that if we all stand together, we can overcome this obstacle.

To begin with, there is a need for a movement on spreading awareness about the ill-practices in the sphere. People trust big marketplaces for getting authentic products.

Unethical development is one side of the story, the promotion of such products is another. Promoting a propagated product is easy with marketplaces that solely concentrate on maximizing profits. Quality checks are not good enough to filter out the unethical products.

When there is no check if a plugin is modified according to terms and conditions of GPL, customers can get themselves into trouble by buying such plugins. Since the customers are not aware that the plugin is actually an unacknowledged, altered version of an original work, they can start distributing the plugin themselves after modifying it. The lack of knowledge about the backstory, can then, lead to copyright violations and GPL violations. A nightmare for an innocent customer!

Secondly, we can speak out about any malpractice we see going on in the ecosystem. Too many problems have arisen due to sitting quietly and letting it go. Honestly, we could have done that too. We know that CPB is one of the most popular products for WooCommerce in the market. But keeping silent about it would have ended up hurting customers who purchased the duplicate product, which is why we decided to speak out.

Let’s come together and ponder over the possible measures to combat the deficiencies in the system that are being exploited by unethical parts of the community. If something similar has happened to you, please come forward and share your story. Expressing the problem is the first step to solving it.

We have seen some stories regarding the same, but we need to talk more and more often. We can’t simply allow unauthentic products to reach customers and let them lead to a situation where they get no real support for the product. Also, there is an increased vulnerability for the buyers of such products related to licensing and copyright-infringement.

What are your suggestions to create a safer environment to build and sell open-source WordPress plugins? How do you think can we implement the mission of GPL better? We are all ears and we are all together in this!

As the saying goes,

None of us is as strong as all of us.

WordPress is a highly versatile platform that has brought about a revolution in the way we design and develop websites. Now, it is up to us to preserve the spirit of WordPress. What do you say?

Share your views with us in the comments section below!

Originally published at wisdmlabs.com on October 4, 2018.

--

--

WisdmLabs

WisdmLabs specializes in building web solutions with open source. We work with open source platforms like WordPress, Laravel and Magento.