Warning: beware of some “Free” PrestaShop modules

As i am constantly looking and exploring new and interesting PrestaShop modules, and i see some shady practices by some developers when trying to “lure” users with their “free” modules and wanting to benefit from their ignorance.

Recently i have stumbled by an free module called “Banner popup” developed by “waterthemes”. This developer create PrestaShop themes and PrestaShop modules.

The module “Banner Popup Free Module PrestaShop 1.7” is supposed to let you configure your own banner popup for your store so you can create easy banner popups to show on your customers, nothing special or sophisticated here. I have downloaded the module directly from the developer’s own website.

So i have decided to test the module and see how it works. At first the module seemed to be working fine, but then it stopped loading the banner. I opened the module in my code editor to see if i can spot what is the problem with the module. While i was looking thru the code i saw the “wtbannerspecial.tpl” file and i opened it in my code editor.

The surprise

What i saw inside the code surprised me a lot. I saw this line of code:

<h1 style="opacity:0;"><a href="http://waterthemes.com/" title="Prestashop Themes 1.7 - Waterthemes.com">Prestashop Themes 1.7 - Waterthemes.com</a></h1>

I know that average user won’t understand what exactly this code does, so i will explain. This code creates an Heading 1 title with link to “waterthemes” website with the key word of “PrestaShop themes” and the part “style=”opacity:0;” makes this title and link invisible for the user and only visible for the Search engine bot crawlers or if you inspect the code with your browser developer tools.

The purpose of this code is to give a back link from your website on every page UNKNOWINGLY and UNWILLINGLY to his website where he sell his products, so can his store appear better in the search engines like Google.

This is how search engines like Google works, yourdomain.com gives a link with text to otherdomain.com and this is like saying “We yourdomain.com vouch for this guys over there at otherdomain.com” so Google when see multiple domains link to one domain they will increase the search ranking for that domain.

His link is also with H1 tag, meaning Heading 1, this HTML tag along with the “title” tag are telling search engines what is this page about, so he basically steals your entire store as this link appear on every single page and telling google that your entire website with every page is all about his link!

Here is the code in action

This is a picture from the rendering of the browser:

And this is a picture if i change the code from “opacity:0” (invisible) to “opacity:1” (visible) were you can see how his link appears if it was not invisible.

The problem with the invisible link

In general, invisible website content like links, text and others are considered “Cloaking” techniques by the search engines as this content is not meant for the user but only for the search engines in order to improve rankings. For more information you can visit Google help page on the subject here.

So when Google see such invisible content, especially when it is link and it is within H1 tag, they will penalize your website for using this technique. So not only that he steals your entire website with every page, and trying to tell Google that your entire website is all about him, he is hurting your website Search ranking position for making it invisible!

Of course if he let it be visible, you will see the link as i shown and you will immediately uninstall his module.

You can even test this yourself, by Googling it with the term “Prestashop Themes 1.7 – Waterthemes.com” (with the quotes) and you will see how many websites stores are already affected by this and all of them are unaware of this module is doing it behind their backs.

My search showed that about 4,740 pages are already affected by this!

In conclusion

While putting links in your own module linking to your own website it is no illegal, doing it in a way that you hide this fact from the user, and also stealing his entire website purpose and potentially hurting his search ranking positions is most definitely not morally right.

When you are using free PrestaShop modules, beware of this things may happen, and not every developer that offers “Free PrestaShop modules” has the good intentions about your website and you should double check and test your website and those free modules before using them in your live PrestaShop store.

I did not test every free PrestaShop modules or any of the themes from this developer, but if he did it once i guess he do it on all his modules and probably themes and i just hope that if he see this article he will change this behavior as it is very bad, especially when you do it to your own customers.

I have also seen other PrestaShop developers that offer free modules, that do shady practices too, for example they load “external assets” not locally packed with the module, but from their own websites and domains and this can be used to track information about your website, for example which store with what domain installed this module, getting your e-mail address and other tracking information like this, without any privacy consents or anything.

UPDATE

The developer of module covered in the article, “Waterthemes” has contacted us and although he requested the removal of some of the material in this article, which we refused to do, at least he promised that he will change the code in his module, and i really hope he will do it.