Protect Your Commercial WP Theme: License & Copyright

by Soren
28 replies
Hi,

For the past 6 months I've been investing more than $100.000 (in developing hours), in a new Wordpress theme. Before I release it to the public, I want to make sure that I've "commercialized" it the right way, to reduce piracy and even worse theft (where people steel, refactor and sell it as threir own).

I know piracy can't be avoided, but I'd like to do what I can, to avoid frauds selling it as their own. Since my theme is made especially for Internet Marketers, I think this is likely to happen, if I don't take every possible precaution.

Since WP is usually free, how do I make my theme "mine to sell"? Where and how do I get a patent, and is there such a thing for WP themes? What copyright notices/statements/license needs to be where?

Tried searching for an answer, but didn't come up with any direct answers. Hope to get a good one here. Thanks.
#commercial #copyright #license #protect #theme
  • Profile picture of the author J Bold
    Interested to see answers. As I understand it many WP themes technically can be "stolen" legally due to the licensing of WP itself.

    Looks like you know that, though. I, myself, am not an expert on this one but I think there is a way as you suggest.

    Hope someone can give you the right information.
    {{ DiscussionBoard.errors[7341357].message }}
    • Profile picture of the author Jill Carpenter
      Originally Posted by Soren View Post


      Since WP is usually free, how do I make my theme "mine to sell"? Where and how do I get a patent, and is there such a thing for WP themes? What copyright notices/statements/license needs to be where?

      Tried searching for an answer, but didn't come up with any direct answers. Hope to get a good one here. Thanks.

      You could just require a license code for the theme to work. You make this a unique generated code that calls back to the server (or to a service) to activate the theme. On your side you'd be able to see where the theme is getting installed - and have the ability to remove the license.

      There are services you can hire out for this. There is also some pricy software you can put on your own server.
      Signature

      "May I have ten thousand marbles, please?"

      {{ DiscussionBoard.errors[7341391].message }}
    • Profile picture of the author SunilTanna
      Originally Posted by J Bold View Post

      Interested to see answers. As I understand it many WP themes technically can be "stolen" legally due to the licensing of WP itself.

      Looks like you know that, though. I, myself, am not an expert on this one but I think there is a way as you suggest.

      Hope someone can give you the right information.
      I am not a lawyer, but... No no no

      If it something should be gpl'ed and isn't (in this case a derivative of wp, like a plug-in), it does NOT become automagically gpl'ed against the author's wishes. Nor does John q. Public get to treat it as if gpl'ed against the author's wishes. If john q. Public did that he would be violating the plug-in author's copyright.

      The only thing that can happen is that the original copyright holder (in this case wp) could sue the plug-in author for copyright infringement. Even then they have no right to force the plug-in author to gpl against his wishes. They can however ask for damages and for an injunction to make the plug in author stop.

      I can't be bothered to re type everything I said previously, so forgive for quoting an old post.

      That's why I was asking if he meant ethical or legal.

      Ethically, someone may feel ripping off a powerful and expensive WP plugin and rebranding to your own is "wrong".

      But it is allowed under the GPL and the original author has little legal recourse.
      Even if we accept the developer is ripping off WP, that doesn't give you the right to rip him off.

      Developer's plug in = WP derivative (arguably, some people dispute this) + Original Code

      If the developer distributes this under any license other than the GPL, he is violating WP's copyright.

      The remedy is for WP to sue the developer. In this case, WP gets damages, and gets to make the developer stop infringing WP's copyright any further.

      Nobody but WP has a right (legal standing) to enforce WP's copyright.

      And if you just treat the developer's code as if it were GPLed, when it's not, then YOU are infringing the developer's copyright. The developer can then sue YOU for damages, and to stop you infringing.

      Something does not get auto-magically GPLed because it was created in violation of the GPL.

      Here is a quote from Eben Moglen, FSF's attorney - GrokLaw: The GPL is a License, Not a Contract, Which is Why the Sky Isn't Falling

      "Because the GPL does not require any promises in return from licensees, it does not need contract enforcement in order to work. A GPL licensor doesn't say in the event of trouble "But, judge, the licensee promised me he wouldn't do what he's doing now." The licensor plaintiff says 'Judge, the defendant is redistributing my copyrighted work without permission.' The defendant can then either agree that he has no permission, in which case he loses, or assert that his permission is the GPL, in which case he must show that he is obeying its terms. A defendant cannot simultaneously assert that the GPL is valid permission for his distribution and also assert that it is not a valid copyright license, which is why defendants do not 'challenge' the GPL.

      "The claim that a GPL violation could lead to the forcing open of proprietary code that has wrongfully included GPL'd components is simply wrong. There is no provision in the Copyright Act to require distribution of infringing work on altered terms. What copyright plaintiffs are entitled to, under the Act, are damages, injunctions to prevent infringing distribution, and--where appropriate--attorneys' fees. A defendant found to have wrongfully included GPL'd code in its own proprietary work can be mulcted in damages for the distribution that has already occurred, and prevented from distributing its product further. That's a sufficient disincentive to make wrongful use of GPL'd program code. And it is all that the Copyright Act permits."
      Signature
      ClickBank Vendor?
      - Protect Your Thank You Pages & Downloads
      - Give Your Affiliates Multiple Landing Pages (Video Demo)
      - Killer Graphics for Your Site
      SPECIAL WSO PRICES FOR WARRIORS + GET THE "CLICKBANK DISCOUNT" TOO!
      {{ DiscussionBoard.errors[7857365].message }}
  • Profile picture of the author Soren
    Jill thanks, but it wasn't exactly what I meant. I know how to setup memberships when a payment is verified from paypal/authorize.net, create user accounts and make a theme authorize against my server, but after I developed this system, it was clear to me that this isn't the way to go. If someone want it free, they'll find a way! - Same goes for trying to make captchas and custom registrations... it's simply impossible since blackhatters will always be one step ahead!

    Everyone with just a little bit of knowledge in PHP could just remove this auth in a short time.

    What I'm looking for is more like; how do I legally make it mine. So I can say the thieves are indeed that (thieves). In a legal sense..
    {{ DiscussionBoard.errors[7341415].message }}
    • Profile picture of the author Jill Carpenter
      See if you don't get a PDF at the top of this search:

      http://www.google.com/url?sa=t&rct=j...Ct9IOIyS8EuqXQ

      Edit: I see you are in Denmark so not sure if there is a better option for where you live
      Signature

      "May I have ten thousand marbles, please?"

      {{ DiscussionBoard.errors[7341428].message }}
      • Profile picture of the author Soren
        "Copyright protection extends to all the copyrightable expression embodied
        in the computer program. Copyright protection is not available for ideas, program
        logic, algorithms, systems, methods, concepts, or layouts."


        SUCKS, but I believe this answered my question. Now time to mess up my code, so only I can understand it! Hah great idea for a new script - WP MESSUP 3.0 ;-)

        Thanks for the link Jill, and Will.. I'm sorry but you're right! I guess left for me is only to push the button then (biting my nails off.. ) ;p
        {{ DiscussionBoard.errors[7341512].message }}
        • Profile picture of the author WillR
          Originally Posted by Soren View Post

          "Copyright protection extends to all the copyrightable expression embodied
          in the computer program. Copyright protection is not available for ideas, program
          logic, algorithms, systems, methods, concepts, or layouts."


          SUCKS, but I believe this answered my question. Now time to mess up my code, so only I can understand it! Hah great idea for a new script - WP MESSUP 3.0 ;-)

          Thanks for the link Jill, and Will.. I'm sorry but you're right! I guess left for me is only to push the button then (biting my nails off.. ) ;p
          I admire those who are prepared to put it all on the line and go after something they believe in... which you obviously must to have invested that much time and money.

          So yeah, I really hope it goes well for you and I'll be keeping an eye out.
          {{ DiscussionBoard.errors[7341537].message }}
  • Profile picture of the author WillR
    If something is successful people are always going to find a way to copy it. Even if you have protection all it takes is them changing things just enough so as to not get into trouble. It's very easy to copy things and still be different.

    I can't believe you have invested $100,000 on a single Wordpress theme?! That's amazing. I'm sure you have done your market research... I hope for your sake. That's a lot of money on the line there.

    I hope it goes well.
    {{ DiscussionBoard.errors[7341427].message }}
  • Profile picture of the author Chris_Willow
    If you encrypt the source of your app and call home every time it's accessed, you should be able to protect it just enough 99% of the wannabe hackers can't steal it.

    A possible issue is server compatibility, because not all hosting companies have the necessary software installed to work with encrypted source code.

    That's something to think about...
    {{ DiscussionBoard.errors[7341529].message }}
  • Profile picture of the author Mark Singletary
    One thing to consider is whether or not your code should fall under the GPL license. If so, it is legal to copy, redo, resell, etc. without permission or even your knowledge.

    For example, something covered under the GPL can be locked down requiring a license key. However you MUST provide the unencrypted source code if anyone asks and it has to be provided without any kind of hidden protection. They can then legally go and share and do pretty much what they like including naming it something else and selling it and keeping all the profits.

    You may be able to protect images though and it not be covered under the GPL.

    I'm not a lawyer but this is how the GPL works. Not sure if your WP theme would fall under it but pretty sure it would if you hook into the WP internals in any substantial way.

    Mark

    PS If it is legal and ethical to follow a license's terms, which include the above stipulations, then the person following it can't be a fraud and a thief. The GPL license encourages sharing freely.
    {{ DiscussionBoard.errors[7341564].message }}
    • Profile picture of the author Soren
      Mark: Your reply lead me to this article, which points out why GPL could potentionally be a "not so bad" idea instead of insisting on DRM, time consuming anti piracy counter-measures, exhaustive efforts to prevent theft and expensive legal rights stuff.

      Regarding the question you raised, whether WP themes has to be licensed under the GPL.. as I understand it from this article, this is not the case.

      Chris: Great suggestion, however I did a little research. Simple Base64 encoding would probably be pointless, however Ion Cube encoding should be really tough to break.. at least they update their software so frequently that when decoding is finally possible, a new version is already out.

      Using this level of encoding on an entire theme or core files, would probably not be very wise - considering performance, but also the customers who bought the code and wants to edit it - however encoding the authorization parts, and where you implement/integrate this/weave it in (so it can't easily be removed without breaking the code elsewhere) would certainly be a possibility I'd have to consider carefully. However I wont waste much more time trying to prevent spam and theft.

      As Will said, "If something is successful people are always going to find a way to copy it."

      Interesting comments so far!
      {{ DiscussionBoard.errors[7341724].message }}
  • Profile picture of the author ot
    If it needs WordPress to make it work then you are stuck with GPL. All you can realistically protect are any images you've created.
    Signature
    abcdefghijklmnopqrstuvwxyz
    {{ DiscussionBoard.errors[7341965].message }}
  • Profile picture of the author superowid
    -EDIT- Sorry for my English.
    Signature

    I'm learning to draw again ...
    I want to sell my drawing later on!
    Wish me luck, okay?!

    {{ DiscussionBoard.errors[7342193].message }}
    • Profile picture of the author Jill Carpenter
      Originally Posted by superowid View Post

      If you can spend more than $100,000 for a WP theme...
      For the past 6 months I've been investing more than $100.000 (in developing hours)
      If he's considering his hourly rate to be $100 an hour, that's only 1000 hours - over a course of 6 months, about 5.55 hours a day. That's 'assuming' he uses that figure.

      If he values his time at $200 per hour, we are down to just over a couple of hours a day.

      How much money does a computer programmer earn
      Signature

      "May I have ten thousand marbles, please?"

      {{ DiscussionBoard.errors[7342269].message }}
  • Profile picture of the author Soren
    superowid: Believe me, my english is THAT bad!
    Also Jill is right... I only work for myself for $100/hr - I charge at least twice that amount for client project - unless it's a friend, partner... or Christmas of course ;-p

    Realizing it's probably GPL if you hook into WP core files, I think I've come up with a solution (comment #11). Just encoding the authorize/verification part, making the rest of the code depend on this. And then updating frequently, and giving access to a support forum. That's probably the best approach I think.

    Thx for all your help.
    {{ DiscussionBoard.errors[7342498].message }}
    • Profile picture of the author CyberSEO
      Originally Posted by Soren View Post

      Realizing it's probably GPL if you hook into WP core files, I think I've come up with a solution (comment #11).
      Will work for plugins but not for themes (templates). Can you show me at least one WP theme which does not contain parts of GPL code from WordPress?
      {{ DiscussionBoard.errors[7342538].message }}
      • Profile picture of the author Jill Carpenter
        Originally Posted by CyberSEO View Post

        Will work for plugins but not for themes (templates). Can you show me at least one WP theme which does not contain parts of GPL code from WordPress?
        Well, I think he was saying to use ioncube to make it harder to copy?

        I've used a theme in the past which was reliant on ioncube to function.

        I was very limited in what I could edit.
        Signature

        "May I have ten thousand marbles, please?"

        {{ DiscussionBoard.errors[7349577].message }}
        • Profile picture of the author Mark Singletary
          Originally Posted by Jill Carpenter View Post

          Well, I think he was saying to use ioncube to make it harder to copy?

          I've used a theme in the past which was reliant on ioncube to function.

          I was very limited in what I could edit.

          But if you had asked for an obfuscated copy of the source code that is 100% readable and editable, under the terms of the GPL, they would have to comply.

          Mark
          {{ DiscussionBoard.errors[7349735].message }}
  • Profile picture of the author jacktackett
    Soren,
    I wish you luck on your product- you've done the hardest thing - taking action.
    I am not familiar with copyright/trademark/patent law in Denmark - but you may want to investigate that to help protect your code/design. In the US you can register your copyright for $35. This will get you a bar code you can then use in legal proceedings. It is not going to stop theft - that really can't be economically done.
    One thing I will caution you and others on using encoders like Ion cube - they will deter the general public, but will not even slow down true crackers. I've been the manager of several data centers and part of that responsibility is to monitor so called black hat sites etc. Breaking encoding will cost someone anywhere from $25 bucks upwards to crack encrypted code. I'm not saying don't use encryption - just saying don't think its as safe as the marketing material claims.

    Finally, intellectual property laws are not simple - that's why there are so many lawyers in the world practicing IP law.

    Good luck,
    --Jack
    Signature
    Let's get Tim the kidney he needs!HELP Tim
    Mega Monster WSO for KimW http://ow.ly/4JdHm


    {{ DiscussionBoard.errors[7350546].message }}
  • Profile picture of the author mpettigr
    You could try PHPMyLicense.

    Its a great product that can encode and licenses your scripts.

    Also, can automatically create a license key bound to the customer's domain on checkout and automatically deactivate the license if the customer makes a charge back or you make a refund.

    We use it ourselves. Here it is and you can try out the demo: PHPMyLicense License Script

    Best Wishes,

    Mike
    Signature
    Transformation and Empowerment - Be Inspired, Motivated and Empowered. High content videos, podcasts and courses to help you to transform your life. Signup now for "The Keys to Empowernent" - a FREE 4 part Video Course that reveals the exact steps that will lead you to a life of happiness, success and fulfilment.
    {{ DiscussionBoard.errors[7847362].message }}
    • Profile picture of the author Brian Tayler
      Originally Posted by mpettigr View Post

      You could try PHPMyLicense.

      Its a great product that can encode and licenses your scripts.

      Also, can automatically create a license key bound to the customer's domain on checkout and automatically deactivate the license if the customer makes a charge back or you make a refund.

      We use it ourselves. Here it is and you can try out the demo: PHPMyLicense License Script

      Best Wishes,

      Mike
      Man I was all set on using this product until I did a quick view of the demo... then my heart sunk when I saw it used eval(gzinflate(base64_decode($string)); which is a VERY easy PHP encoding process to decode. So easy in fact that a web site allows a novice user to enter the "encrypted" code into to the site and outputs the decrypted (unprotected) content in seconds.

      I guess it goes to show you really can't cut corners and really need to stick to the high priced ionCube and Zend Encoders.
      {{ DiscussionBoard.errors[7856969].message }}
      • Profile picture of the author mpettigr
        Originally Posted by Brian Tayler View Post

        Man I was all set on using this product until I did a quick view of the demo... then my heart sunk when I saw it used eval(gzinflate(base64_decode()); which is a VERY easy PHP encoding process to decode. So easy in fact that a web site allows a novice user to enter the "encrypted" code into to the site and outputs the decrypted (unprotected) content in seconds.

        I guess it goes to show you really can't cut corners and really need to stick to the high priced ionCube and Zend Encoders.
        Unfortunately, you can also very easily decode IonCube and Zend too...and they are recoginsed by many as the industry leaders.

        Here are two sites that allow this:

        Ioncube Decoder:
        Download Ioncube Decoder V2 | Ioncube Decoder

        Zend Guard:
        Show My Code | Free Online swf Adobe flash decompiler, java class decoder, java class decompiler, php dezender, Zend decompiler, Zend decoder,Zend Guard, ActionScript recover, QR bar code decoder

        I only wish there were methods available that are 100% safe but the reality is that there is no 100% safe encryption method out there when it comes to PHP code. This is because PHP is open source and no matter what you use a determined haker will find a way.

        The best we can do is to make the process inconvenient and by using encryption (even if its not total protection) you still manage to deter 90% of users from stealing your code.
        Signature
        Transformation and Empowerment - Be Inspired, Motivated and Empowered. High content videos, podcasts and courses to help you to transform your life. Signup now for "The Keys to Empowernent" - a FREE 4 part Video Course that reveals the exact steps that will lead you to a life of happiness, success and fulfilment.
        {{ DiscussionBoard.errors[7870483].message }}
  • Profile picture of the author onSubie
    WordPress › About » GPL

    WordPress.org Bans Themeforest Members from WordCamp

    The "grey area" argument seems to be around "linking" verses "incorporating" code.

    It doesn't really matter how you protect yourself. If someone "steals" your stuff, you will have a difficult and expensive time trying to fight the GPL in court.

    Wordpress has threatened a lawsuit againts DIY Themes in the past for the way they sell Thesis, but it didn't get beyond strong words.

    Woo Themes complies with the GPL and includes it with each of their themes.

    Theme Forest does not play like WP wants (see above link).

    A few years ago the guy who developed the $600 WP "Build A Blog Store" autoblog plug-in freaked out when it was ripped off by another who sold it under a different name. He created a site "outing" the thief and theatened lawsuits, but in the end it went nowhere.
    {{ DiscussionBoard.errors[7847396].message }}
  • Profile picture of the author CDawson
    Banned
    Don't quote me on this but I'm pretty sure once you brand your template with a name you can license it that way? If so, you can then just right or buy a terms of agreement, etc. etc.
    {{ DiscussionBoard.errors[7857467].message }}
  • Profile picture of the author PeterKnight
    I'm a little surprised someone who puts this much time into a WordPress theme isn't familiar with licensing around WordPress products. If you follow the WordPress scene at all it would be hard to miss all the controversies around the GPL license. A bit of a red flag, unless you're posting here as part of promoting your product (can't fault that).

    I also really disagree with the suggestion to encrypt the theme on many levels:

    - It's trivial to circumvent for anyone interested in stealing a theme, which is the group of people you'd be trying to protect against
    - it hurts performance
    - it makes your product harder for developers and customers to customize, which is a basic expectation WP product buying customers typically have
    - you will be less likely to be recommended by WordPress centric folks, as they prefer themes/plugins that follow best practices, follow the gpl etc.

    As for protecting your work, build a brand. Get known for quality work. Build a presence. That's your best recourse because people will call copycat's out for you, if you are a trusted and valued source. As mentioned above, if you really want to put a restrictive license on your stuff, use a split license for your css and images. The bigger brands in the WordPress theme space go full GPL and they seem to do just fine.
    {{ DiscussionBoard.errors[7857817].message }}
  • Profile picture of the author Istvan Horvath
    Soren, I think you are over-complicating it.. which happens a lot with novice WP theme authors (and plugin coders).

    I know of many theme authors and even companies that make a very good living selling themes and none of them is encoded ever. It's the cleanliness of the code, the features and the ease of use that count - well marketed and later by word of mouth, you will get plenty of legit buyers.

    On the other hand a warning: if you worked a half year on that theme, it must have a zillion "marketer" features and gizmos. Be careful with those: I have also seen very feature-rich themes that fell flat and didn't make practically any money. You know why? - It was too much of features and options and gizmos. Believe me, I am asked often to test WP things before release (only test because I refuse to write "reviews") and if I find a theme too complicated to use... then nobody can use it
    Signature

    {{ DiscussionBoard.errors[7857890].message }}

Trending Topics