How I hack WordPress plugins and why you should too

First off, don't do black hat hacking. This article is in no way endorsing it. I usually hack plugins because the price for premium seems quite often to be too much and close to feeling like a rip off. As it turns out, I'm usually not that far away from the truth.



First thing to hacking is to be on Linux, if you're not... I'm sorry. Just kidding, you can hack plugins on any Operating System but I believe Linux to be the easiest.

Next thing is, if you want to hack in the programming world, it's best to have some programming knowledge/experience. Knowledge is good but experience is best. This is not a detailed programming tutorial in addition to being a WordPress plugin hacking guide.

Lastly, all WordPress backend is coded with PHP, so it would be nice to have some knowledge of the language or at least have an understanding of basic programming concepts.


I have been guilty of not creating a backup of a working code, then messing up what I have resulting in hours of pure frustration trying to get the code to work again.

If you're working on an important website that you can't afford to mess up with, at least save a detailed log of all the changes you make to the code in a google document or something similar. The best thing to do however would be to create a backup, either of the whole website, or the specific plugin you're tinkering with.

Find the culprit

Now let's finally have some fun. Every plugin has some way of checking whether the free or the premium version is in use. From my experience it's always been a function called something like "freemium" or "premium" or "is_free" etc, you get the point. Some plugins have it written such that it can be really hard to find what function actually does the version check. This in turn makes this the hardest step of all.

Instead of searching for everything manually, we'll do a global recursive search on all the contents of the plugin. We'll use the

grep -r "search term"

command. We can also use the "tree" command to see all the files and folders of the plugin. And maybe get an idea of where the function might be.

grep -r "search term" will show us all the lines in all the files where it found the specific search term. We can then go through that list and see if anything might lead us to a function defining the plugin version. If one search term doesn't work we can always try another, like "free", "freemium", "paid", "premium" etc.

Free upgrade!

Once we find the file with the function that tells the whole plugin whether it's paid or not, we can change that function to always say what we want it to say and find out how well the plugin was written. If it was the work of some jackass who wanted easy money, you'll likely get the paid version of the plugin fully working. On the other hand if the plugin was well written, it might show in some spots that you're using the paid version but the features will all likely remain those of the free version.

There is one main difference between the two types of plugins. The jackass written plugins include all the premium code in them and have a specific function inhibiting access to that code unless you either pay the creator or hack the function. The well written plugins do not have any premium code already in them. Instead they usually rely on websites that you need to visit to pay for and download the premium plugin version.

Your turn

So you see,

Leave a Reply

Your email address will not be published.