1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to get a lot of free Wordpress themes and plugins... The safe and easy way!

Discussion in 'Blogging' started by The Mentalist, May 5, 2016.

  1. The Mentalist

    The Mentalist Power Member

    Joined:
    May 8, 2013
    Messages:
    737
    Likes Received:
    268
    Location:
    Inside your head
    I don't know if this is a commonly known method for getting free Wordpress content or not, I just figured this out on my own yesterday. Yes, you can go to torrents or sketchy sites (or BHW's downloads section) to download Wordpress plugins or themes if you don't have the money to pay for them. Though as a developer myself, I recommend you pay! Downloading PHP files and just putting them on your server is very dangerous if you aren't code literate, even if you run them through a VirusTotal check. They could be modified to steal data or do other things you aren't anticipating.

    But...

    Why take the risk when you can take advantage of the fact that there are a lot of terrible developers on Github? It seems like many Wordpress developers or website owners haven't learned what the .gitignore file does. And as a result...

    [​IMG]

    Yes, that's right. Over 17,000,000 files in Github are located within a wp-content/plugins folder.

    And a lot of those files are plugin files that belong to paid plugins.

    The same goes for themes.

    So if I want to find the most popular paid Wordpress theme, Avada...

    [​IMG]

    Or if I want the plugin Revolution Slider

    [​IMG]

    Go to the repository show in a given search result, then click on the Download as ZIP once you've verified the files are there.

    [​IMG]

    This specific repository was updated recently (likely indicating up to date themes and plugins), and as you can see, there are multiple premium plugins available!

    [​IMG]

    ALWAYS use the in path search operator. Otherwise all HTML files or template files that reference something in the theme/plugin will show up, these don't always indicate that the user also uploaded the themes or plugins folder.

    More Tips!

    1. Sort by most recent to get the current versions of themes and plugins.

    2. Not every theme or plugin is available, but this is a good place to start looking!

    3. Usually the newest versions aren't on Github immediately, but it just depends.

    4. Github's search isn't complete, you can't do exact match search or have many basic operators. Here are search operators you can use:

    Code:
    https://help.github.com/articles/searching-code/
    5. Searching shows every file for every instance. So if at theme has 200 files within it, that means 200 results will trace back to a specific theme in a specific repository. You usually will want to skip through the results pages at a time.

    6. You may want to check commit history of some of the files. They may have customized a theme without using the child theme or something like that.

    7. To quickly determine what version of a theme/plugin you've discovered is, simply look for a README or text file within that theme/plugin's main folder. Most have that information, or it is within the comments of every theme/plugin file.

    Let me know how this works for you!
     
  2. Shirko

    Shirko Regular Member

    Joined:
    Aug 11, 2012
    Messages:
    200
    Likes Received:
    172
    Location:
    adding monkeys to my papal
    I don't know why you think this is safer to be honest. This is not the private repository from the core developer.

    These are just random repositories from random people that could've possibly downloaded these plugins from the same sites you're trying to avoid or they could've made changes without even knowing they are compromising security.

    It's a good method, but please, make sure you either check the code or select "trusted" repositories only.
     
    Last edited: May 6, 2016
  3. msoman

    msoman Jr. VIP Jr. VIP

    Joined:
    Aug 13, 2012
    Messages:
    687
    Likes Received:
    163
    Location:
    Down Under
    Interesting method that non-technical people would not think of.
    Did you get the chance to compare any of the plugins/themes from these sources with the originals and ensure they were the same?
     
  4. The Mentalist

    The Mentalist Power Member

    Joined:
    May 8, 2013
    Messages:
    737
    Likes Received:
    268
    Location:
    Inside your head
    If you are afraid the code is malicious or faulty, you can always up a local Wordpress instance and test it out quickly.

    But the whole point is that the people who own these repos have already run and used the plugin, so they are taking the risk if they acquired it from illegitimate sources. In most cases if they had malicious code they would delete it from their code base. And usually you wouldn't want to be committing your theme to a repository (maybe a child theme), depending on the plugin though, you might.

    I haven't heard of anyone putting malicious code on Github hoping some random stranger will extract one folder of files and use it. That usually only happens when you have an entirely maliciously purposes repository and you need to clone the whole thing and also run commands to set it up (sudo commands particularly).
     
  5. The Mentalist

    The Mentalist Power Member

    Joined:
    May 8, 2013
    Messages:
    737
    Likes Received:
    268
    Location:
    Inside your head
    I found a recent version of the $129 WooCommerce pre orders plugin this way and it has checked out so far, works fine.
     
  6. SocialsBoost

    SocialsBoost Regular Member

    Joined:
    Apr 9, 2013
    Messages:
    315
    Likes Received:
    29
    Gender:
    Female
    Worth a try thanks for sharing!