When Is A Plugin Considered A Ripoff?

September 30th, 2009
WordPress Plugins

At last check, there were 6,769 plugins available on the repository. Many of these plugins overlap each other providing similar or the same exact functionality. Over the past few months, I’ve heard developers tell me about particular plugins which were gaining in popularity in the repository were nothing more than ripoffs of their own creation. But, plugins on the repository are filed under the GPL meaning modifying and redistribution of code is completely valid. To make matters worse, many of the plugins that make use of another plugins code do not contain any form of credit acknowledging the plugin author or where the code came from. I know this because I’ve taken a look at the source code of some of the plugins in question and if you didn’t know any better, they wrote the entire thing themselves. While I could ask the same questions regarding themes, I would like to save that for another day.

So how much code does it take to qualify a plugin as a ripoff? Can a plugin even be considered a ripoff when the license clearly says you can modify and redistribute GPL code without worry? If a plugin author is going to use code from another plugin, what is the proper way of attributing that code? Is attribution even required?




  1. Epic Alex (18 comments.) says:

    It’s difficult ground. You’re right about the gpl though. You also have to think about when two plugins do the same thing, but the code is 100% different.

    However annoying it may be, that’s the gpl I guess…

  2. Andrea_R (29 comments.) says:

    Doesn’t the GPL also require attribution?

    • mark k. (3 comments.) says:


      If you require attribution you restrict distribution. Can’t find the source now and I don’t remember if it was RMS or someone else that explained that while attribution does not seem harmless, for big projects just the need to distribute the attrition list may actually prevent the distribution because of it size.

      Does WP attributes any ripped off idea and random pieces of code to the original creators? only when it comes in the form of a library, and even then only in the code in places where only core hacker may see.

    • mark k. (3 comments.) says:

      Here is what I was looking for

  3. Carl Hancock says:

    Technically if they use your code and fork it they need to acknowledge that with attribution because while the code may be GPL, the original author owns the copyright on the code. So if you fork a plugin you are supposed to include some sort of attribution to the original author or you are violating the terms of the GPL.

    • Jeff Chandler (171 comments.) says:

      If that is indeed the case, then there are some plugins on the repository that are violating the license which need to be removed. Hmmm

      • Carl Hancock says:

        As I understand it, they need to be including attribution to the original copyright holders in the readme file for the plugin to meet the terms of the GPL if they have used copyrighted code in their plugin.

  4. Ron (7 comments.) says:

    Actually, if you use any code in your plugin that was written by someone else you are to include an attribution. It doesn’t have to be a fork of a similar plugin.

    • Carl Hancock says:

      Yea, you are correct. If you include their code, even if it isn’t a fork but a plugin that includes the functionality, you are supposed to include attribution.

      • byron (20 comments.) says:

        Hi Carl,
        I posted below that I didn’t find the attribution requirement in a quick ctrl-F of the GPL, but rather I found in section 7 that it’s an optional term that the Copyright holder can require at his/her option.

        The other mention of “attrib” in my ctrl-F explorations was in the preamble:

        “For the developers’ and authors’ protection, the GPL clearly explains that there is no warranty for this free software. For both users’ and authors’ sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions.”

        …which also does not require attribution, but rather that modified versions be marked as such so that the modified code will NOT be attributed to the previous authors.

        Admittedly, I didn’t read the whole thing (really never want to) so I don’t deny your assertions. I just didn’t find it in a quick search. Could you steer me toward the right area?


  5. Oliver Schlöbe (3 comments.) says:

    As I use PHPDoc DocBlocks in all of my WP plugins, I usually use the built-in tags such as @link or @copyright, e.g.
    @copyright Dion Hulse,

  6. Developer Overseas says:

    It is a violation of GPL not to provide reference to the previous versions that have been used or from what plugin the new version is a fork of. Attribution is necessary if you also only include partial code from previous plugins.

    However, before deleting violators from the repository, I strongly urge you to devise a way to contact violators and wait for feedback from them. Many plugin authors are not native English speakers and may not fully understand the rules of GPL. I agree, ignorance of the rules is not an excuse for violating the rules, but you should still be sensitive to people who honestly do not understand the rules.


    • Jeff Chandler (171 comments.) says:

      I agree, outright removal from the repository would be a bad idea. Instead, a form of contact with a grace period to make the change should suffice. Then, if the plugin continues not to show attribution, it is removed.

  7. byron (20 comments.) says:

    As a plugin author, I think the GPL pretty much eliminates the idea of rip-off when it comes to WordPress plugins. Just my opinion, so please don’t haze me ;-)

    If the ripper abides by the GPL, then it’s not really ripping any more, not unless you strip “rip-off” of all of its negative connotations and change it to mean: “did with it what was within my rights”. By writing a WordPress plugin and releasing, you have pretty much invited the world to take, use and abuse your code in any way they see fit so long as they abide by the GPL…something that I’m not entirely sure what all that means.

    I went to in search of the attribution restrictions, and didn’t really find it as a default restriction, but as an optional term that the copyright holder can add if he/she so chooses. See section 7 – Additional Terms…FTA:

    “Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:

    blah blah blah

    b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it;”

    So, my reading of it is that attribution is not required unless specified by the Copyright holder. Just my quick research, so I could be way off base.

    All the same GPL sort of kills the idea of Rip Off, not that I wouldn’t feel ripped off if someone rips off my plugins ;-) (paradox is intentional).


  8. Justin Tadlock (51 comments.) says:

    Being that they’re GPL, “rip-off” is the wrong terminology in this case. The more important question would be, “When is a plugin considered pointless?” or, “When is a plugin considered useless to the community?”

    Jeff, as you know, I recently decided to tackle role management in a plugin of my own. Sure, there are other plugins that handle this. But, I thought I could do better, or at least build something that suited my needs better. Many times, you’ll see similar plugins for this reason alone.

    Of course, there are some plugins that take nearly an entire plugin’s code and only add a new feature or two to a new plugin. Rather than building a new plugin, that developer should be giving back to the community surrounding the original. If the original developer doesn’t want the code, then it may be time to fork the project if you feel a new plugin is best.

    Collaboration would go a long way toward cutting back on the number of overall plugins as well as making the quality of available plugins much better.

    Also, no matter what license is used and the terms of that license, attribution is always something you do as a developer. Call it “developer’s etiquette.”

    • byron (20 comments.) says:

      Perhaps Jeff’s original question of the “rip off” is important to some people who may be feeling unwarranted irritation over a supposed “rip off”, whereas if they have a proper understanding of the effect of the GPL, they can come to terms with the fact that “rip off” does not apply here, and no offense is given and, hopefully, none intended.

      While attribution is certainly the polite (and right) thing to do, I’m not sure that the lack of it violates the GPL in all cases, warranting the pulling of plugins from the plugin directory…unless it is indeed a violation of the GPL (which may be the case, though I am not yet convinced of it) or the copyright holder chooses to include it as a T&C.

      BTW, congrats on the membership plugin. I’ve been curious if the slew of other membership plugins are being sold under GPL or just ignoring it. I hope your plugin raises the bar in that arena as your themes have.



    • byron (20 comments.) says:


      From the comments below, it appears you hit a nerve with your comment…the “rip off” question impacts a relatively small number of people that feel ripped, while the stale, useless, broken plugin problem impacts a few million people.

      I see your point ;-) provides part of the answer to that, but cleaning up repository seems necessary. Perhaps after a year of no-updates and fewer than 500 downloads in the latest 3 months (or some other arbitrary rule), plugins get shifted to a Boneyards repository where they’re still accessible for posterity, but aren’t in the primary search/repository.



    • Jeff Chandler (171 comments.) says:

      Interesting points you raise Justin, but then, what guidelines would there need to be for something to be considered ‘not needed’? Seems like that might make things even more of a slippery slope. However, for those plugins who’s code is made up of 2/3 of other plugin code, there better be attribution.

      Besides, attribution whether it is required or not should be common sense and added regardless. It’s just the right thing to do.

  9. Jeff says:

    Rip-offs are definitely an issue. I don’t write plugins yet but plan on it someday.

    Not to steal the topic, but…

    What bothers me even more right now is the sheer level of JUNK in the repository. There are plugins on file that are so outdated and obviously broken that they should be removed.

    IMO, there should be a shelf-life on the plugins listed in the repository…say one year. After that, if they haven’t update it, it would be automatically purged or moved into an archive. Searching the archive would be an option.

    If the developer is still around and serious about his/her plugin, they will keep up with it so it won’t get purged/archived.

    • Jessi says:

      Totally agree. There needs to be a few people on the team that clean up the repository every now & then because the amount of outdated plugins in there is ridiculous.

    • byron (20 comments.) says:

      Gets my vote too!

    • Jared Ritchey (6 comments.) says:

      Totally agree, someone needs to bulk email the developers and tell them their plugin needs updating or it will be put in archive status.

    • Jeff Chandler (171 comments.) says:

      Have you given this article I wrote the other day a read?

      I’d like to know your thoughts on it.

      • Developer Overseas says:

        Wait, no, no, no…. there are plugins I use that were last updated over 18-24 months ago that still work perfectly fine with the latest versions of WordPress.

        Instead of archiving plugins that have not been updated for a long time, maybe a better way is to mark at which version the plugin stops working…

        • Jeff says:

          My point was that when you go looking for a plugin, you have to sift through dozens of out outdated plugins – many of which are not even supported any more.

          Your idea would work if the search process would have options to filter out by version. Unfortunately there is no advanced searching. The Google search helps, but it’s not effective when it comes to refined search criteria.

  10. John MacPhail (1 comments.) says:

    According to the FSF’s GPL Q and A, at,
    “Part of releasing a program under the GPL is writing a copyright notice in your own name (assuming you are the copyright holder). The GPL requires all copies to carry an appropriate copyright notice.”

    So it seems the idea that “anybody can rip off your GPL code” is just FUD — unless the copyright notice is buried.

    Hence my suggestion is to make sure the copyright notices are more visible. In particular, at
    there could be for each plugin/theme a copyright tab. Likely that will stir up some noisy disputes, so it might be sensible to plan first to have a good administrative procedure for dealing with the disputes…

  11. Andreas Nurbo (9 comments.) says:

    Well if there was a way to fork plugins in the repository and the forks was available perhaps we would have less plugins that only add a function to an old one.
    I really like how git(hub) works regarding these things. Subversion sucks in comparison and ease of use.

  12. Barend says:

    As a user of various plugins I must admit it is rather frustrating, and it somewhat gets confusing, when there is 3 or more plugins available, having the same function. But the biggest frustration is caused, when the GOOD plugins, overlap in certain functions, most of the time you end up using only a certain part of the functions, as the rest is already available elsewhere. To shake the bush, as they would say, it would be a pleasure if developers of plugins could combine their resources…..But that would only be a PIPE DREAM……….

    • Jeff Chandler (171 comments.) says:

      I think this is what the basic idea is behind ‘canonical plugins’. For example, you have 5 different form plugins but based on download and usage data, one of those plugins has been considered canonical amongst all the others, encouraging folks to contribute to that specific form plugin since it already has the critical mass of users. It would make sense as a group effort to work on that than 10 different ones.

  13. Ron (7 comments.) says:

    What I’ve always done with my “variation of” plugins if I was started with someone else’s plugin is leave them as the author and add a note of the mods that I added. If it’s a significant rewrite of the functionality then I put a ‘Based on” attribution in the description. In both cases I leave the original author’s copyright notice intact.

  14. Jason DeVelvis (11 comments.) says:

    It actually boggles my mind when people don’t attribute sections of code they get from others’ work to the author. Any time I use code from another plugin in any of my plugins, I always attribute the original author, either at the top of the plugin (in the comments, copyright, and license section I put in) or along with the code I’m using from them, depending on how much code I used.

    As for the question of people “ripping off” others’ plugins, there will always be people out there trying to benefit from the work of others, whether they give you attribution or not. Whether they’re doing it to look cool, or for backlinks (theme designers have this problem all the time), or what, it’s never going to stop.

    I look at it like when you release a digital product of any kind. People are going to pirate it… period. It’s going to happen, and you have to live with it. Would you rather worry about the few people who are using the ripped off version of your plugin, or the people who are actually coming to your site to find out about your plugins? The latter should be the bigger number anyhow, and if it isn’t, maybe you should talk to the person who ripped you off and ask if you can work together somehow? :)

    All in all, it’s about energy. First, it’s negative energy to focus on the bad seeds who “steal” your code. Second, it’s energy consuming to try to go after them in some way… I realize the spirit of open source does say you should get attribution for your work.

    But isn’t it really about getting code out there that people can benefit from? Isn’t that why you’re doing this in the first place?

    And even if you’re selling or licensing a plugin, my argument here isn’t nullified. Yes, you have a right to be mad, because these people are affecting your bottom line. But wouldn’t you rather focus on getting more customers, instead of fighting someone who isn’t going to listen anyhow? I know I would.

    • that girl again (41 comments.) says:

      I realize the spirit of open source does say you should get attribution for your work.

      Well, most OS advocates I see tend to be arguing passionately for the right to use other people’s code without acknowledging them at all. So I’m not sure I agree with you there, though it would be nice if it were true.

      • Michael Torbert (3 comments.) says:

        “most OS advocates I see tend to be arguing passionately for the right to use other people’s code without acknowledging them at all”

        If you’re going to make a claim like that, you should really back it up with references. doesn’t agree with you.

  15. Jared Ritchey (6 comments.) says:

    Well I’ve actually suffered this very thing before and when a person removes your copyright they actually break the GNU/GPL license right?

    What is WP doing to tackle this?

  16. Andrew says:

    If you release code under GPL then that’s your problem. Suck it up. I have the right to re-use and if I do a better job of marketing the plugin than you then I am going to get more benefits.

    Seriously, tell me what I am doing that is wrong? The only thing that is wrong with taking your code and reissuing it is that you are jelous of me getting more attention.

    • Jeff Chandler (171 comments.) says:

      Sure you have the right to re-use but even if it were not necessary, attribution just seems like the right thing to do. Of course, we could get into a discussion on whether attribution would be needed for reusing a function, 1 line of code, etc?

      I don’t think plugin authors have any problem with other authors reusing their code. But using over two thirds of that code to create similar functionality without attributing where that code came from is wrong.

      • Andrew says:

        Jeff, I’ll forgive you for not knowing this, but writing a plugin is easy. If I take some code I am saving myself a couple of hours of recoding, nothing more. It is the idea that is worth something, the idea which isn’t covered under GPL, and I can recreate it without every looking at the code, so what difference does it make if I just take the code?

        So I save myself a couple of hours of coding at your expense, do you really deserve props for that???

        • Ron (7 comments.) says:

          “so what difference does it make if I just take the code?”

          The difference is that without the attribution you are violating the original author’s copyright. When it comes to the GPL, the GPL grants you the permission to use the code with the provisio that you observe the author’s copyright.

          Unless someone has a contractual agreement with the original author giving other permissions, no licensing mechanism (including the GPL) is permitted to violate the original author’s copyright.

        • John Myrstad (7 comments.) says:

          Andrew: I can recreate it without every looking at the code, so what difference does it make if I just take the code?

          So I save myself a couple of hours of coding at your expense, do you really deserve props for that???

          I seriously doubt that anyone whos able to recreate functionality in two hours copys code. Mixing up coding styles and having to depend on others peoples code on later development and upgrades doesnt seem to justify a real programmer saving 2 hour. Copying code may also lead to incompatibility with the original code, so some modifications are necessary anyways.

          Btw: Attribution takes 10 seconds, so if you saved 2 hours by borrowing the code, you probably have time to reflect on the moral of your unattributed work as well as typing that oneliner of attribution ?

          Hey, if it saved you 2 hours of time of generous donation would be in place too, dont you think ?

    • Michael Torbert (3 comments.) says:

      Aside from the fact that attribution is required, the mentality of your post is completely against the point of the GPL, and of Open Source in general.
      The point is for the community to work together to create great software, not just to have the ability to benefit from someone else’s’ code by making it your own, even if you’re technically allowed to do that.

  17. nota says:

    Both GPL and Open Source is a load of BullsCrap, same goes for all the other ridiculous internet licenses. All open source does is give businesses free software that they can turn around and charge their customers, its a sham wow scam.

    Now we know its not called charging exactly, they include it in their product/services, ultimately they are getting it for free and charging customers, I don’t care what the fancy GPL wording states.

    Why should customers have to pay, if the company’s did not. What I do is tell customers to download it themselves for free, screw the company.

    There’s a consumer revolution going on, yea baby.

    I’ve seen more dysfunction in the Open Source community than any private organization. I pray Open Source will die off, once and for all. It’s only a matter of time.

  18. Christopher (18 comments.) says:

    I’d imagine most people release plugins with other code for valid reasons so it is difficult to generalize.

    Many plugins are written, but never updated and eventually someone comes along and gets them working.
    Perhaps others wanted different functionality, but didn’t want to reinvent the wheel to do so.
    In any case, the lack of good documentation of wordpress functions encourages plugin copying since searching the code for the right “hook” is a big pain.
    It is much easier to look for a similar plugin and see what filters they use and since you already have it open and looking at the code you might as well recycle it.

  19. Elpie (7 comments.) says:

    I downloaded 5 random plugins from the repository and although IANAL, not one of those 5 meets the requirements of the GPL.

    First of all, the GNU/GPL is a COPYRIGHT license. If the original author does not add a copyright notice and state that their plugin is GPL then it is not GPL and does not meet the terms of the WordPress repository – simple!

    S.1 of the GPL is explicit:
    “You may copy and distribute verbatim copies of the Program’s source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.”

    In simplier terms – if you don’t add a copyright notice, disclaimer of warranty, and provide a copy of the General Public License then you have not made your plugin GPL-compliant. The FSF appears to accept a link to the license on their site instead of the full text of the license but most of the plugins I have seen don’t even do that.

    If plugin developers made sure their plugins were GPL-compliant then attribution is a no-brainer… the GPL S.1 states clearly that everyone must, “keep intact all the notices that refer to this License”. This means any copyright notice must be kept intact.

    Just like with any copyright work, you cannot remove the copyright and claim the work as your own. The GPL tells you how to add your own copyright to the modifications you make. It also makes it clear that the only thing that makes the code available for you to reuse, modify, redistribute etc is the original copyright license.

    If you use one line from someone else’s work, that line is still their work and is copyright to them. In this scenario, its acceptable to use your own copyright for the work as a whole, but to comment the code you used to show it is copyright to the developer who wrote it. Some people argue that this isn’t necessary under “Fair Use” however, the Fair Use provisions of the US copyright laws apply only to the US and even one line without the copyright attribution is considered a rip-off in other countries.

    If someone releases a plugin that complies with the GPL and you replace their copyright with your own then you are committing theft.

    IMO, the WordPress plugin repository would save a lot of arguments if plugins were required to add @copyright and @license to their header blocks. As it is, says its customary to add licensing, but it does not make it a requirement. Themes in the repository should be required to do the same thing.


  1. […] an old thread but I thought considering the nature of it, maybe a few would like to chime in here.…ered-a-ripoff/ WPTavern Twitter Account | Personal Blog | WordPress Weekly […]

Obviously Powered by WordPress. © 2003-2013

page counter