The problem is that you also get malware with legit premium plugins. I bought a $59 plugin on codecanyon and my WordPress install was hacked because it had an unpatched bug that allowed anyone to register as admin.

Did not get any single warning email from codecanyon or the dev, I just got lucky that the hacker was dumb enough to try to claim my site on Google search console and Google warned me immediately, so I could just revert a backup after understanding what was going on. Luckily, again, the hacker left the hints in the admin panel by uninstalling my "premium" plugin, so I understood that was how he could get inside.

If it's a new website, avoid WordPress. It's a security mess and extremely inefficient. I am burdened by this technical debt, migrating now it's very time consuming.

I would ask you to reconsider. Maybe look for an open source alternative or just another solution rather than wp plugins, or wp in general. There are already alternative foss programs to wp if you really need a suite for making the website.

The reason I say this is simply security. Let's say you get your hands on a fully malware free version of that plugin today, so far so good. What happens when the plugin needs a security update? Your version is pirated so it obviously won't be updated automatically. Now until you find an updated pirated version your website has a security hole that you can't do anything about unless you disable the plugin. Depending on plugin, now your website is either broken, slow or whatever you get the point

Most of the paid plugins I've messed with have code to phone home and prevent operation if there's not a paid license of some sort.

However, before you bother trying to put effort into pirating those, I recommend making certain that what you want isn't already freely available a different way. Many paid plugins have decent open source and free alternative plugin(s) that can be used instead. You just have to look hard enough in the plugin listing. The WordPress ecosystem is vast, but there are a ton of smarmy assholes charging monthly subscriptions for plugins that replicate features provided by free plugins and hoping you won't notice.

This is the time to move your website to something other than WordPress or use free themes. I genuinely don't want anyone's website to end up like this: Overpaying me after using illegal plugins (I wrote this)

You might want to look at something like Drupal as an alternative to WordPress. Drupal tends toward a lot more open source for its plugins (which they call modules). As a developer myself, I also find it better engineered than WordPress, although maybe that's just because I used Drupal more.

aren't wordpress plugins just php code? i believe it would be trivial to look through, if you can obtain them in the first place.

Do not do that.

I made a reply instead of a top level comment, then remembered https://gpldl.com/repository/

I think it’s legit, but verify the code if you can. Since Wordpress plugins are all GPL technically it’s not piracy 🙃