Most WordPress software is available for free. However, some WordPress plugins and themes also have “paid” commercial versions which require licensing in order to obtain updates. Clients do not always know when contracted site designers or developers are using commercially licensed software to build out their site. Clients are not likely to be aware when a license has expired. License management is yet another chore that takes their eyes off their business. And designers are not necessarily thinking through the long-term implications of software that comes with annually renewable licensing. If a plugin or theme is suddenly found to have a security vulnerability, the patch is unavailable if the license is expired.
Oakley Studio began managing WordPress software licenses on behalf of our clients a few years ago, when we recognized that unlicensed software posed a grave security risk. As newly discovered vulnerabilities come to light, software developers respond with security patches, which need to be installed to re-secure sites that employ that software. But these updates are not available to website owners with expired licenses! Unlicensed software – which can no longer be updated to the latest version – was handicapping our “online asset management” business model, preventing us from keeping all components of our client websites updated with the latest features, fixes, and security patches.
Free vs Premium
Let’s take the highly popular “The Events Cal” plugin an example. This WordPress plugin is freely available and works well out of the box. But the developers of this software have worked hard responding to user requests for many additional features. To support their ongoing development enterprise, these developers make a licensable version of their software with all the extra features.
The “Free” version is “Free Forever.” The “Pro” version costs $99 for one website, and provides “updates and support for one year.” Website designers may purchase a license for just one website, or for multiple sites, or they may purchase an “Unlimited” version they can use on every site they build. Licenses for additional websites, of course, costs more.
How Does Licensed Software Get Onto My Website?
Website designers and developers like the commercially licensed software, perhaps, because it may offer a more robust feature set, extra design options, an include “page builder,” extra fonts, built-in layouts, or additional functionality. If it helps them build websites faster, using tools they have learned and are familiar with, then it’s often worth the additional cost… which can be written off as a business expense or charged to the client.
If a designer you hired to build your website chooses to use commercial software, you are stuck with it for the remainder of your site’s lifetime. That could be many years. When the license expires after the first year, it can no longer be updated, even if there are important security fixes in the newer versions.
Do Licenses Have to Be Renewed Every Year?
When we took on licensing management for our clients, we assumed we would be renewing the license every year. But is that really necessary? Not every plugin or theme is going to be vulnerable to exploitation. Especially with mature software that has seen wide usage and many years of updates, most of the obvious faus pas that can introduce security risks have been found and fixed. Security issues will not arise every single year. If routine updates add features that clients are never going to use, and there are no security issues to address, then the added cost provides no additional benefit.
Today we are announcing a change in how Oakley Studio will handle licensing management going forward. We will continue to purchase licenses when security issues arise. That’s so we can get the update to address known vulnerabilities and keep our client sites safe. But we will no longer be renewing licenses, and we will no longer be adding monthly fees to your hosting cost in anticipation of those renewals. We will license software for one year, apply the updates that are released that year, and let the license expire. Many WordPress websites will be just fine for years with lapsed software licenses.
Re-licensing will only happen when:
- A new security vulnerability comes to our attention and a fix is available.
- We require advanced developer support to solve a specific failing of functionality.
- The inability to update any component is preventing us from upgrading the underlying web server software.
- An update to the WordPress framework causes an old non-updated component to break or cause a fatal error.
“Ignored” Plugins and Themes
Our WordPress management dashboard allows us to “Ignore” certain plugins and themes that can no longer be updated because of expired licenses. We are currently seeing 71 plugins and 12 themes across all client sites, which cannot be updated and which we have marked to “Ignore.” We will continue to receive security notifications if any of these Ignored components requires updating. In that event we will reach out to you to let you know we will be purchasing a one-year license.