Policy for non-GPL plugins

What is the policy of recommending or using on CP site, non-GPL plugins?
(the link above for the Security Audit Log plugin shows that they sell a license per site, which is a restriction on use, which is non-GPL compatible)

Note, I’ve split this post to a new thread because it’s mostly something we will need to define for the plugin directory. (If you’re asking for the official CP sites specifically, that is a separate question, and the answer is that we’re not using this plugin anymore, but generally that we’ll use the best tool to get the job done.)

The plugin link in question: https://www.wpsecurityauditlog.com/

This plugin is also listed in the WP repository: https://wordpress.org/plugins/wp-security-audit-log/

Logically this means that one of the following is true:

  • A “freemium” model is GPL-compatible.
  • WP is accepting non-GPL-compatible plugins into their directory.

The initial version of our plugin directory will support plugins that are free to install only, but I think we do need to define a policy here that provides a path forward for freemium plugins. @timkaye thoughts?

1 Like

My personal guess is: There is some circumventory policy at work, allowing seemingly non-GPL’ed / non-GPL compatibly licensed plugins into the directory … as usual.

cu, w0lf.

1 Like

The general WP policy is that everthing has to be GPL compatible. In practice, the plugins aren’t checked very thoroughly (due to lack of manpower and independent updates), but the themes are checked more (although updates aren’t).
For WP repo, which drives a lot of traffic, there is a principle of not wanting to promote non-GPL.
For CP, there is smaller impact (now), but it should be defined before it gets bigger.

1 Like

Also, the WP repo cn only police what is in their repo, not what the plugin or theme links to and promotes on their own site.

@joyously is correct that limiting the number of installations of a plugin is in breach of the GPL because it amounts to a restriction on use.

Whether the GPL wins or the limitation wins is a matter that no-one is quite sure about, so I would recommend that we don’t include such plugins in our directory

Two alternatives are, however, permissible. One is that automatic update mechanisms may be restricted to a specified number of installations; the other is that support will be provided only for a specified number of installations.

1 Like

This points towards an approach that could be another acceptable alternative: the code that a plugin lists in the first version of our directory must be fully free and compliant with the GPL, but plugins can link out to their sites (without adding global admin notices etc) to provide premium add-ons.

I still think we should look at this with the long-term goal of supporting freemium/premium plugins ourselves, in a future version of the plugin directory.


I think we need to do this, making a more “verified” approach to freemium/premium plugins is never not a good idea. Plus, by facilitating the purchase CP can take a small percentage to cover operating costs.


For the business-oriented CMS, premium plugins should not be a problem. Just there should be different tabs for free, freemium and premium plugins. As I remember, we discussed this some time ago.

I even think, than to integrate Code Canyon to our repository (or any other shop) is a debatable idea.

We need cash flow, so assistance to sell freemium/premium plugins is welcome, IMHO.


I’m not sure why this conversation has evolved into talking about selling plugins.
The issue is about GPL or not; it’s not about charging for the download. It’s about what philosophy we are promoting by sending traffic to those sites.
Did CP fork only the WP code, or the four freedoms that the code is based on?

And, for the record, I think being the middleman of a software sale will cause more trouble than it’s worth, with support and refunds and all that “customers” entail. Treating customers differently than other users would be a big mess.

1 Like

GPL is a license, where you can’t do what you want. In general, anything what touches GPL, should be GPL itself. So, the freedom should remain.

Middleman or commissions - this is the business model question, if properly arranged, all trouble can be passed on developers.