130 posts Norris & Tanita
  • 7 Years of Membership
  • Elite Author
  • Beta Tester
  • Envato Tuts+ Instructor
+7 more

Wait a sec..

So, you create a folder named, let’s say, themeroot/coolauthornameframework/inc/bundledplugins and place all the zips in that folder. Buyer activates the theme, installs the plugins and enjoys your theme. Then, someone bad comes and tries something like this -> http://www.coolwebsite.com/wp-content/themes/themeroot/coolauthornameframework/inc/bundledplugins/premiumplugin.zip and downloads the package..

Now, could you explain me, how someone bad can know where you placed your bundled plugins? :) Is there a way to guess, that plugins are hidden in /coolauthornameframework/inc/bundledplugins/ ? :)

If someone has poorly configured robots.txt, google sniffs up the file, and warez people exploit that. Just one of the ways.

It’s not about “nobody is going to find it anyway”, it’s about that you shouldn’t wait for somebody to do so.

For example, if someone finds out you have a premium codecanyon plugin bundled in your theme, it’s not too hard to write a little crawler that uses google to find where your theme is used and then checks if that site has removed the .zip file. If not, it posts automatically the link to the zip file in some forums, and there you go. Your buyer/client has just become a piracy distributer, just by installing your theme.

Even further. If a plugin author decides to be an AH enough, he can do the same, and instead of distributing the file – sue everybody (not likely, but still…).
As far as I know, Google crawls using links. Now its crawling / indexing directories? :)
Let’s say you included Revolution Slider in your first theme. How did I find these ? http://sketchdcomedy.com/ http://tracypopken.com/

Now Imagine if you included a revolution-slider.zip in /wp-content/the-theme/plugins/revolution-slider.zip. I could just link that easily. It’s not about google crawling directories, it’s about google crawling. Period. :)