Content Protection Plugins for WordPress Do More Harm Than Good

Content Protection Featured Image
photo credit: Cologne – Locks(license)

Mika Epstein, who helps oversee the WordPress plugin directory, has published a simple request to stop using copy protection. Epstein explains how copy protection degrades the user experience, makes it difficult to provide tech support, and perhaps most importantly, how they don’t work.

She suggests that photographers use a watermark and not put full-size images on the web. They should also host images on cloud based services like Amazon as PHP and large image sizes don’t get along. As a last resort, she suggests DRM as an option similar to how Getty protects their images.

As much as it pains me to say it, DRM is also a solution. So is watermarking your images. The way people like Getty protect their images is to lock it down to purchased users only. You can (fairly easily) download the smaller, sample images, but the awesome big ones are locked down.

She finishes the post by saying there’s only one way to combat content theft: don’t publish it online.

Getting Around a Copy Protection Plugin

A search for copy protection on the WordPress plugin directory generates 271 results. I installed WP Content Copy Protection as it’s one of the more popular options and it has a ton of features, including:

  • Disables context menu (right click)
  • Context menu is only clickable on HREFs
  • Disables text selection and browser copy functions
  • Disables text and image drag/drop/saving function on PC and mobile devices
  • Javascript validation (displays error message when Javascript is disabled)
  • Disables keyboard copy (CTRL A, C, X, U, P and S) – Windows OS
  • Disables f-key command for accessing developer tools
  • Uses compressed Javascript (increases load speed and reduces http requests)
  • The image link URL is automatically removed and defaulted to the ‘none’ setting (basic image protection)
  • No configuration, customization or coding needed.

As you can see, this plugin does a lot and should prevent me from easily stealing content. After installing and activating the plugin, I visited the front page of the testing site and discovered all of the usual suspects were disabled. I couldn’t right-click to view the page source or directly download an image. I opened up the Firebug extension in FireFox and inspected the image element.

Image Inspected With Firebug
Image Inspected With Firebug

After inspecting the image within the post, I gained access to the direct URL in Firebug’s console. I copied and pasted the URL into a new browser window which allowed me to download the full-size image. I’m also able to inspect paragraph elements and copy those as well. If the site is using the free version of WP Content Copy Protection, I can use its RSS feed to scrape content as only the pro version removes RSS feeds.

The pro version adds several features that make it much more aggressive at content protection. For instance, it has a print screen deterrent agent to prevent the use of screenshot tools to steal images. I’ve contacted the plugin author and have asked for a free trial to see if I can easily get access to protected content with the pro version. If he gives me a copy, results of the experiment will be published in a future post on the Tavern.

Although copy protection plugins or copy protection in general prevents the average website visitor from being able to steal content, they come with a lot of unnecessary baggage. In essence, they do more harm than good, especially from an accessibility stand point, as common keyboard shortcuts are disabled. If you don’t want to have your content stolen online, don’t publish it.

Would you like to write for WP Tavern? We are always accepting guest posts from the community and are looking for new contributors. Get in touch with us and let's discuss your ideas.

36 Comments


    1. When I say they’re doing more harm than good, I mean not only are most of them not protecting content, but they’re also implementing protections that make it nearly impossible for visitors with disabilities to browse the site. Thus, casual visitors who have no intention of stealing content can’t even browse the site and make sense of it. Thus, they’re doing more harm than good.

      Report


      1. You might consider updating the post to make this a little clearer. Sadly, a lot of web publishers don’t know the first thing about accessibility.

        Report


      2. Hi Dave,

        Would a post on how copy protection tricks break screen readers help? If so I can get that written and posted and then come back here and leave a link.

        Report


      3. @ Peter, I tried the plugin your talking about. Loved it, but when I checked my site for validation errors…omg huge problems, even though the site looked fine, it skewed the coding.

        Report


    2. Hi Peter,

      I wrote a similar post to Mika’s over at my site, and the gist of the comments that I provided is that not only are you not protecting your content, and not only are you making it impossible for users of assistive technology like myself to enjoy your site, you are also opening yourself up to some not-so-positive word-of-mouth exposure. If one of using assistive technology has a problem with your site, and especially if your site then comes up in conversation with other AT users, we’re going to relay our experiences to those we’re in conversation with. Who are then going to relay that experience to other AT users. And the word spreads. Further, people who are close to us or who work with us on a daily basis and see the impact this sort of problem has on us will also not visit your site, buy your products, ETC. So yeah, this kind of copy protection does a lot more harm than good.

      Report


      1. Hi Amanda,

        I’m also opposed to content protection plugins. While I understand the position of the content owner I do not feel it is their right to limit the functionality of their users browsers in any way.

        I had not considered the effect on accessibility until Jeff mentioned it in his post. I work with a lot of photographers and have had numerous discussions over this issue.

        Would you mind sharing some examples of occasions that your browsing experience was impacted by one of these plugins? `

        Report


    3. Sure it is not general protection and for the most sites its not well solution. Anyway for some situations it does good job. Even these comments from developers confirm that, if they work on site, they ask to turn off these kind of plugins. User will not ask it, he will just search for another source of content rather than fight with developer tool to download for example several pictures, bc. its more easy to find another site, than download every image with firebug or whatever.

      In some areas (for example adult content) its really helpful and it helps more than harm (maybe you lost some users with assistive technology, but your content is not used by all your competitors across internet).
      You are all right that this is not solution for photographers, there are better way for this.
      Generalizing that these kind of plugins are useless is just not right. These functions – plugins have own place and usage for some specific situations.

      Report


  1. These solutions just degrade user experience while anybody who is intent on infringing can continue to trivially bypass any kind of protection that is thrown up.

    Report


  2. One of the first things I do before answering support questions is to have users disable this type of plugin if I need to look at their site. I then explain that they do nothing to actually protect the content while making the user experience worse and making my support job harder.

    Report


    1. How many situations do you run into where they’re using some type of content protection plugin?

      Report


      1. It’s not really that often. Once every two months or so. Really, it seems like it happens a lot when it does and never when it doesn’t. It happens more often with photography Web sites in my experience. I try to keep an educational atmosphere at Theme Hybrid though and explain things fully rather than just providing simple answers. I think I have some of the smartest users who are willing and eager to learn for the most part.

        @Mika – That’s why I prefer paid support. Folks tend to argue a lot less. :)

        Report


    2. As do I, and I end up getting into arguments about how they can’t because it’s critical to their site. For sites at work, I just turn the plugin off, fix, and turn it back on. For the forums, having to tell someone I can’t help the, because of it is not generally taken well. And I do always curse when I find out they have one.

      About two to four times a week I run into it. The week I wrote that article I believe I shouted “Come on are you (beeping) kidding me? Another one!?”

      Report


  3. I generally agree with Mika, Jeff and others about this sort of copy “protection”. There is, however, a particular use case where I have used it successfully and, I think, with justification.

    That usage was on a site where I was explicitly providing an alternative (and accessible) means for a user to download content, and that alternative produced a much better finished product than the standard right-click or print menu.

    This meant that, far from getting complaints about an inability to download, I got compliments as to how my downloads were so much better to look at than downloads these users had seen before.

    Report


  4. Maybe you should try a few (also paid) plugins, before generalizing. I agree with you about the one mentioned above. I also agree that in most cases, it’s not necessary to protect your content.

    But there are also situations (membership-sites) where you got really valuable content or images and it’s important to prevent or at least make it harder for people to copy and publish it anywhere else.

    The majority of content thieves are persons who simply copy and paste your text to other platforms like forums, social-sites, free blogs. So by making it harder, they will think about it twice to search in the source code and put so much effort into it.

    However I just viewed at all the wp content protect plugins and the ones that seem to be very solid and useful are these two:

    http://codecanyon.net/item/wp-control-copy-protect-content-serve-copy/4289952
    http://codecanyon.net/item/smart-content-protector-pro-wp-copy-protection/5400835

    I will try to test them within the next days, if someone is interested, I can also post a short review.

    Report


  5. Thank you for posting this.
    I occasionally get request from client to do this.
    Always try to reject, but sometimes they win.

    I always say:
    99% of your visitor don’t want to steal your content.
    And for that 1% who want to steal your content, your protection is useless.

    Report


  6. It’s all well and good to say that these techniques degrade accessibility, but could you give some actual examples?

    Personally I can’t really see what accessibility issues there would be from disabling the context menu for images only?

    Report


  7. Might I also add that I am seeing this trend on websites where the content is not stellar anyways. Maybe that is my experience but I see this a lot on low quality wordpress and blogger websites.

    I am not sure why this trend is starting but it is a rather annoying one especially when attempting to troubleshoot a problem with someone else’s website. In all honestly the websites using this are not the ones content is going to be taken from if I want full length articles over current events I am going to CNN as they dont use some this this absurd and I would take that content.

    I am not saying that I do steal content from sites but I am not sure why some owners do this nonsense. I also leave websites that shows the large and annoying DMCA lock because it is sharing information that everybody knows. Then u get the really rare websites that show off the lock copy scape and prevent the items listed in the article and I won’t even bother.

    Typically websites (from my experience) are offering low quality content and are trying to protect it as if it were more valuable than gold.

    Report


  8. Its sad people using WordPress dont understand the philosophy of open source. I’m not saying a WordPress users images should be open source, but that it would be awesome if they followed the philosophy of some open sharing. Who knows they might even get a few links from people using their content!

    Report


  9. Would a post on how content protection tricks break screen readers help? If so I can get the post written which would of course include personal experiences and then come back here and leave a link.

    Report


    1. I think it would. People just aren’t ‘seeing it’ (pun intended, sorry Amanda, you’ve met me! I live for being silly)

      Report


      1. Will get on this after lunch. There apparently are a few things I need to unpack, like the bit about losing some disabled visitors.

        Report


      2. If you do write a post, we’d love to publish it on the Tavern to expose it to more people and it would help continue the thread. If you’re interested, contact us through the contact form and we’ll chat.

        Report


      3. Hi Amanda

        Just wondered if you’d had time to write this up yet? As far as I’m aware there are plenty of articles stating that copy protection methods are bad for accessibility, but none with any specific details of what the actual problems are. (At least I can’t find them through Google). A good write-up on what the issues are would be very useful.

        Dave

        Report


    2. I’d definitely be interested in reading that. As Mika notes, just saying something is bad for accessibility isn’t helpful. You need to understand why and what the actual problem is.

      Report


  10. I use and love my copyright protection – y work was constantly being copy pastes across the internet including my own personal story. I will stick with keeping it installed (and the one I have which is a paid/pro version also protected theft on cell phones etc). Its ridiculous to tell people to make it easy for content thieves – yes if they want it bad enough they will try to work around it but you know what I refuse to make it easy for them to steal my work!

    Report


  11. I use a plugin that prohibits right-clicking/saving images and doesn’t do any other kinds of protection. It doesn’t break screen readers or mobile/responsive. I see no downside or harm from it, and it does stop the 99%. That said, for more extensive protection, I suggest using a service like a free Cloudflare account which can optionally monitor for theft of one’s content. They have an app that does this. From their site: “ScrapeShield is a free app from CloudFlare that protects your site’s content, and allows you to monitor and track misuse. Recommended for bloggers, media websites and any other publishers.”

    Report


    1. Don’t forget that screen resolution images are EASILY copied in Windows with the “Snipping Tool” regardless of the ‘under the hood’ code.

      Report


  12. There are several ways to bypass those copy protections plugins, they are… BAD. You can install any network protocol analyzer (for example Wireshark) and done, your protection dissapears completely lol

    Why use those plugins? i have no idea… can’t imagine a situation in which they are usefull (sorry for my bad english, is more bad than those copy-protection plugins lol).

    Report


  13. If someone wants to steal a screen resolution image from me, fine. They can hang it on their office/cubicle wall or pin it to the fridge. These are NOT people who will purchase images.

    If they claim it as their own, different issue.

    Between the Google Image Search and Digimarc, it’s pretty easy to keep track.

    ONE CAUTION:

    If it can be DEMONSTRATED that you knew of a copyright violation and fail to enforce it, your rights to the image can suffer.

    Copyright law is (compared to many l

    Report


  14. I was just sent this link from the Rainmaker Platform, as their response to why they don’t offer copyright protection. What I see here in the comments, are people who are annoyed at having to turn off a plug-in before providing support. They may never have had their content stolen (otherwise they would be pissed off and doing whatever it takes to deter theft and appreciate the attempts that others make to deter.)

    I also see the comments with questions unanswered such as- What kind of ”harm” are you claiming these plug-ins do? Please give examples- besides upsetting the people who provide support and blocking users with screenreader or an alternative mouse tool? Why is that minor annoyance for a few people considered Harmful?

    Quote: “But there are also situations (membership-sites) where you got really valuable content or images and it’s important to prevent or at least make it harder for people to copy and publish it anywhere else. The majority of content thieves are persons who simply copy and paste your text to other platforms like forums, social-sites, free blogs. So by making it harder, they will think about it twice to search in the source code and put so much effort into it.”

    Indeed. This is really what it’s all about, isn’t it? Protecting content from migrating away from a paid membership base because when it does, there is no need to PAY for content anymore.

    Quote: “Might I also add that I am seeing this trend on websites where the content is not stellar anyways.”

    Well, that’s an asinine thing to say. Next.

    Quote: “Its sad people using WordPress dont understand the philosophy of open source. I’m not saying a WordPress users images should be open source, but that it would be awesome if they followed the philosophy of some open sharing. Who knows they might even get a few links from people using their content!”

    It’s a paid membership site. Next.

    Quote: “There are several ways to bypass those copy protections plugins”

    Of course there are. But the point is that they are a line of first defense. All of the after the fact “monitor apps for theft” is time wasted, because once the theft occurs, you could spend eternity chasing it down. Once it’s gone, it’s gone. The writing must now be converted to orphaned free content (you are lucky if it is cut and pasted with your name.)

    Listen, the world isn’t filled with computer literate people. If it was, then the half of you would likely be out of jobs. Theft deterrent isn’t for smart people, it’s for your everyday garden variety content stealer, you know, the one who writes their own blog and claims that everything is original. That one. Or worse, a complete mirror site where someone else is making money on YOUR content with questionable erectile dysfunction ads with your by-line above (ad naseum.) Copyright protection at least puts a sign on the front yard saying “Don’t steal” And if you want to go into the psychology of that, be my guest- but the truth is, the little things do add up to deter people.

    Putting the genie back into the bottle is much harder than not letting the genie out in the first place. Not everyone knows or has the time to put in the effort to steal. Use a plug-in. No harm, no foul. And if you do find some harm after all, keep us posted.

    Cheers.

    Report


  15. I would totally agree with you on one point: accessibility. Protecting text published on the web means that you have to obfuscate it one way or another. Therefore, if one is really serious about protecting its intellectual property without diminishing user experience, one has to associate its protected text with an audio version.

    For the rest, it is true that most copy protection scheme are pointless for many technical reasons.
    But at CPROTEXT, we succeeded at designing a unobtrusive solution that can protect texts from copying/pasting and web crawlers together using only HTML and CSS code.

    I won’t drop a link here since I know it would be considered as incorrect and spam, which I fully agree with. But if you are interested in a javascript-free solution, only based on web standards, look for our online service on your favorite search engine. You’ll find an example page where you’ll be able to test by yourself.

    PS: I filled the “website field” of your comment form with the URL of the service, feel free to remove it if you think it is inappropriate

    Report


  16. To start with no level of security is full proof, but that does not mean we leave our front door wide open. As a photographer I use a plugin to deter people directly copying an image, is it fool proof, no but its a case of not leaving my front door wide open. On user experience, its a choice every designer makes as the same way no security is fool proof, no design is entirely perfect there will always people people you can’t satisfy, that’s why we do research to find out who the core users are. Am I concerned stay at home mum can navigate my site, not really, as long as an event manager can!

    Report


  17. @44OmD and Kayode, I 100% agree with you. This is such a stressful thread to read through until you guys summarized it.
    The people who were just bragging out their knowledge disappeared when they could not simply mention in their comments a couple of examples of those HARM they were talking about, but instead spending time to write asking if they should write up examples…
    That’s nonsense to reason the plugin is bad when it’s doing at least most of the work, but annoying the tech supporters who is not the user of the plugin to receive the benefit out of it!

    Report

Comments are closed.