Calling Envato to Change Policy & protect buyers.

Unfortunately, some authors on Envato allow themselves to disrespect their customers & dis respect even their own products & they do that under the cover of Envato’s Market.

There are plugins for sale that were not updated for years & we all know they don’t have to improve the plugin’s functionality, but when it comes to SECURITY, this should be minimal obligation & demand. as a sample you are invited to read my comment vulnerabilities issues on Discussion on Simp Modal Window - WordPress Plugin | CodeCanyon

I’m calling all Envato customers to join me, calling Envato to do the following changes in their policies:

  1. By submitting a new plugin the author must be obliged that he did his best to supply a secure clean code, as follows:

    1. Clean Consistent & Secure code.
    2. Use of Nonce.
    3. Code Sanitization.
    4. Vulnerabilities test.
    5. Compatibility with latest WordPress version.
    6. Compatibility with latest recommended php version.
    7. Test for PHP warnings & errors.
  2. When a buyer finds a security issue on a newly purchased plugin, he’ll be entitled to a full immediate refund, so he can use it to purchase any alternative he wants asap.

  3. Authors will be obliged to apply a minimum of 3 updates a year that will apply the following:

    1. Vulnerabilities test.
    2. Compatibility with latest WordPress version.
    3. Compatibility with latest recommended php version.
    4. PHP warnings & errors
  4. Authors that will not fulfil this obligation will be warned for the first time, black flagged with a warning on their sales page for the second time selling disabled on the 3rd time.

I sadly say that there are sales pages on CodeCanyon offering plugins that were not updated for over a year & even 3 years. There is no logic in promoting security risks by Envato & these might be purchased by naïve or ignorant people.

For what it’s worth (and we’ve bought more than most on here) envato are going through the process of tidying things up but this take a lot of time esp as envato do not own the items so they have to go to the length of checking everything, then potentially contacting the authors etc.

There is no way that envato can be fully aware of the state of all items at all times, and while we would all love to see even close to continued compliance etc. I don’t think there’s a stock marketplace out there (certainly not one that operates the third party ownership model) that offers this.

Do you know of a marketplace that does this that envato could look at?

If an item is genuinely flawed soon after purchase then buyers can usually request a refund but obviously the author is not paid ongoing fees to maintain things without question forever. That’s just a risk anyone takes when buying something for very little that is worth considerably more.

Would you be prepared to continue paying in the future for guaranteed continued updates?


I purchased a lot of items & I spend 3-7000$ a year on that.
It is quite long time that I try to reduce my purchases on Envato Market because for me they are not trusted. I feel Envato only protect authors & rarely support buyers.

The answer to your questions is Yes & No.
Yes, AppSumo’s standard is 60 days refund. It gives the buyer plenty of time to test the product purchased & decide if it’s a quality product or not, As not as on Envato where you get refund in rare cases & only if you beg for it.

No, There is no need to pay extra for support & I did not ask for support, I asked for basic security updates, as long as the product is offered for sale!! If Envato displays to me the plugin mentioned previously, it must be an updated software & not an old one & when I say old, I mean unsecure.

On AppSumo products you purchase are for life including support & they are not necessarily more expensive, I purchased there WordPress Plugins with license for 100 sites for 19-49$. Here you purchase for higher prices with only 6 months support & if the product is defected it is the buyer’s problem.

By the way, I can testify that the plugin I mentioned above, was not secure even on it’s first day on CodeCanyon because it had no Nonce & no Code Sanitization. the biggest problem is that it is still for sale.

It looks like just a different license e.g.

  • they do not apply the criteria that Envato do to request a refund (the fact they have a misuse clause shows why envato have limitations to this)
  • the lifetime ‘support’ (although they also state that this is down to the author as it is on Envato so it’s not guaranteed)
  • and some of their licenses permit multiple installation.

I don’t see anything about:

  • an obligation of minimum updates throughout the year
  • any guarantee that items will be consistently updated to the latest security, WordPress or PHP versions, or authors having warning markers etc. In fact the plugin pages I saw do not even disclose what version support exists etc.

Is there an example using third party authors that guarantees ongoing updates?

I may be misunderstanding where to look but it also looks like there are very few WP plugins for sale there? That significantly changes the dynamic how it can be managed.

As you wish Charlie, I’m truly sorry for Envato for your attitude.

It is obvious you are here to isolate & hide my post from the public as well as debating me as if Envato is yours & as if you are afraid that people will notice the truth.

I made a suggestion!!! It can be discussed & accepted or rejected or partly accepted & partly changed.

Why are you afraid from displaying it to the public?

Personally, I believe my suggestion would be a benefit to Envato for lifting the level. Obviously, You personally prefer wrangle a niggling discussion rather than a fruitful one, & since your heart is not in the right place & you see yourself as the powerful doorkeeper that allows himself to avoid a free discussion, I’ll not reply your questions.

Your behavior will not do any good to Envato & you might find this discussion on other forums or Telegram groups where you cannot censor it. In such case it will be only destructive for Envato. Not that I expected anything better when opened this subject, but I gave a small chance you might prove me wrong. The fact you didn’t, shows I’m right & thanks to you & to the laws of Karma if Envato don’t change, it will distinct & vanish.

Most likely you do not see things that you do not wish to see, as well as because you are not a buyer there. I never said they are perfect, but as a buyer I can say that you have a lot to learn from them & improve.

I have not removed or censored anything that you wrote, despite your first post going against envato’s forum ToS by calling out other authors or items.

I don’t work for Envato and am not in any way against people making suggestions.

I simply asked if you knew of a working example of your suggestion in practice, that could be learnt from, because if this does not exist, then there may be reason for that.

You can look at our profile badges and can see that (in this account alone) this is simply not true.

According to the item comments, the author behavior is not bad and the approach is still okay but on the other hand you, it seems that you’re pushing the author to argue with you as well as at the conversation here with @charlie4282

I understand that you want something stable and secure for your website - you’re well aware of the issue asking the author before purchase if there’s any update. If you don’t like the answer you get, you have choice to get the item from elsewhere. You know the item hasn’t been commented over ages and updated long time, your options are to find another item. You’re not tied with the same item/author as there’re items that you could purchase, e.g

This one has been updated pretty recent.

I’m not sure if you’re having bad day or something else but there’re better ways to handle this kind of situation - even though you have some points, the way that how you turn the conversation into an argument, doesn’t sound good.

There’s an item that you think it has security issues? Just report the item to the support and they will check it.

I know Key Themes that there are other plugins options out there.
This topic is not about options but about a suggestion that can benefit buyers authors & Envato.

Yes. by deep check in the small letters it can be found that a product was not updated for 2 years & 10 months. However, it is not bold enough & can be easily missed & a Red or black flag could make it easier to understand. If you insist to make buyers life difficult & make them waste a lot of time reading & researching, you can use the current approach. Also adding a filtering for ‘lately updated’ can be helpful.

Personally I believe it is unfair to offer a plugin for sale when it is obvious it is unsafe to be used. There are also buyers that understand nothing & believe they buy a good product that answers their needs, but this is a light fraud that is based on laziness or ignorance of others.

Thank you for your suggestion of a specific plugin, but it is not relevant for this topic.

Your suggestion to just report to support is great. Unfortunately the option to apply to support on Envato is so much hidden that I can’t find it. I did find it once in the past after a long search & they just told me bla bla of ‘understanding me’ but it is not there responsibility & in the process of change. A few years passed & nothing changed except that it seems impossible to find a way to contact Envato Support, If there is such a thing.

Sorry if my way of presenting the issue is too sharp for you, but as you said I got some points that should be considered. I can assure you that my intentions are good.

Thanks Charlie for clarifying,
And in that case I apologize & regret my words for the feeling & impression I got, However, I got an email my post is pending & never got an email it was published.

My question to you is why do you think such a discussion should be based on existing samples & not being creative finding the best approach.

I believe that a plugin offered for sale should be safe. I believe that a plugin offered for sale but wasn’t updated 3 years cannot be safe at all, even if it was an excellent poetry code.

However, it is not answering WordPress guidelines to show it was tested with latest WP version & most of all it is not respectful from the author to his own product & to his own customers, that if he was wisely preparing for it, could bring him more incomes. This attitude is greedy & based on quick income from one time sale.

Perhaps this is also Envato’s approach & I’m here to challenge this approach & telling you I spent thousands of dollars outside Envato, While they could be spent on Envato’s market if the approach was different.

Anyway, I’m into a suggestion & not into an argument.
There are companies out there paying millions for strategic marketing approach consultation & I gave a mall point for free.

I am only one customer of Envato that purchased in the past 2 tears at least 10000$ on other market places. Do the math counting & imagine how much could Envato make with a different approach, if there are even only 1000 customers like me.

That part is available:

  1. Your screenshot is not connected with my suggestion. It is not a filter & not let me choose to sort results by being updated in the past X days/weeks/months. For buyers it is helpful. Why not make their lives easier?

Thanks for the link you sent me, Why is it hidden & not easy to find? I don’t even see it on Google search or on Envato’s support center.

I will save it for future use in case it will be needed.
Thanks again


Hello friend.
I am hopefully adding some thoughts here (of my own opinion) that may help the discussion:

  1. I think we would all agree that code/scripts/themes should all be of a standard that meet the buyers expectations. Having said that (and I am in no way excusing this platform or the authors) that when some scripts are available for between $10 and $30 a pop, then as a buyer you need to realise that sometimes there may be issues.

  2. I agree that code submitted should be clean and consistent, and compatible with latest PHP versions and WP versions. And at the time it was submitted, I’m guessing it was. However, PHP has moved on, wordpress are constantly releasing updates, and so any author is going to struggle to keep scripts updated.

  3. Authors should not (in my opinion) be expected to provide lifelong updates for an item they may have originally sold for say $30. It’s unrealistic to expect authors to keep updating items month in month out, year in year out, and not then be entitled to charge buyers some sort of maintainence fee.

No I don’t agree that when a buyer finds a security issue they should get a full immediate refund. I assume you use Windows Operating System, and if so, then I don’t think you have suddenly run off to Microsoft and asked for your money back?

If you use Apple, same thing applies.

I am a buyer on this platform - I think I have purchased upwards of 200 items (guessing) but it is a lot.

I can see that you say your intentions are good, so please accept the fact that @charlie4282 and @ki-themes and my own reply is similar to yours - we are here to help people not to annoy them - have a nice evening and best wishes.

Hello & thank you for your participation.
In some ways, I think you misunderstood me, or perhaps I was not clear enough.

  1. In the example I gave above here the code has no Nonce & no code sanitization. This means it was never safe to purchase it, since day one.

does that not justifying a refund?
Does it not justifying to suspend selling it?
Does it not making Envato a partner for spreading vulnerabilities?
I believe, If the author still offers the plugin for sale, it must be safe on the day it is sold, or it justifies a refund if it is not, or at least if it is not fixed within a reasonable time of a few days.

  1. I understand your opinion is different from mine, however, I disagree with your way of thinking that 30$ is not enough to maintain a plugin updates if it is a good one & sells well, unless you want to become a monopoly like Microsoft & Apple, Which are companies I’ll never support & purchase their products.
    There are many authors here on Envato that sell for 30$ & update their software constantly & as a result they sell more & more & more. The fact they maintain & update their software, is what makes them successful.

I don’t find it relevant to the discussion how many items you bought on this platform & I guess it is not more items than I did.
However, the fact I spend about 80% of my budget on other platforms means Envato could get much more from me if they had different & higher standards!

I already apologized here to @charlie4282 & I accept that also @ki-themes & you have good intentions, However, I don’t think you understand the 21st centaury market & marketing strategies & that Envato’s policies are based on 20’s century perceptions.