Nulled WHMPress – Warning to WebHosting Startups

Recently we were contacted by a few Web hosts who sought help for a Nulled WHMPress, where they downloaded files free.

And some other Webhosting startups paid a small fee and downloaded a Nulled WHMPress version. And what they believed were valid original files, a valid shared license, or a GPL license. Well, infect they got compromised files with no valid license.

There are several reasons for not using nulled plugins and themes; has a good post. But when it comes to Webhosting startups, the risks involved get to a new level.

After knowing the prospective of Webhosting startups that they are trying to save money. We are writing this post mostly from our communication with them.

We understand that hosting startups need to save money, especially after the covid situation. But we were shocked at the confidence that they thought the files they downloaded from these sites were not compromised. These nulled WordPress plugins might be acceptable (by some people, we don’t believe they are) because if a personal wordpress is compromised, only personal data is at risk. But for my friends who are starting a web hosting business and Webhosting resellers, they risk the very business they are trying so hard to build when they download and install from these sites.


Here are some solid reasons why a web host should stay away from Nulled WHMpress licenses or a Shared WHMPress License.

  • With trojan horses and worms hidden in nulled WordPress Plugins versions, you would compromise the security of servers or reseller accounts. And as a result, the whole servers can be wiped out easily.
  • Your clients’ and company data are at risk of being leaked, resulting in clients being stolen and accessing client data. Then using their leaked credentials, the hackers hack client sites and, simultaneously, send counter-offers to their emails for alternative companies (on the whole, they have affiliate accounts) to make money.
  • Your hosting reseller account can become a spam source: Since hackers will have access to all your client accounts, they can spam using whatever accounts he wants. Normally additional emails are created using cPanel credentials from WHMCS and then spam. WebHost or client only knows when their IPs are blocked.
  • We at WHMPress roll updates quite frequently, and nulled versions are always outdated; hence you get compromised functionality if WHMPress and WHMCS are not up to date.

Note: The most vulnerable web hosts are those who use WHMCS Client Area Nulled (or WHMCS Client Area by WHMPress Nulled). WHMCS Client area is our product that brings WHMCS client area functions to WordPress using API. It is a safe replacement for WHMCS-Bridge.

All this above adds to additional management costs, loss of clients, repairs, downtime, etc. The money a Webhosting startup spends after these Nulled WHMPress versions is way more than what he saves.