Issue a license key for a wordpress plugin?

by ProEFI
70 replies
I'm having a Wordpress plugin developed and I would like to issue a license key to each user/purchaser of the plugin that will allow them to use it on unlimited domains. Can someone refer me to an information source to learn more on how to do this?

Thanks
Andrew
#issue #key #license #plugin #wordpress
  • Profile picture of the author mywebwork
    Originally Posted by h_al View Post

    You need to do the programming yourself I guess. Hire a coder.
    Now there's a flash of brilliance! Good luck with the post count building efforts!:rolleyes:

    Now seriously, to answer your question:

    I recently designed a WP plugin that did the exact same thing - it issues an API key and user ID to a user after they pay with ClickBank or PayPal.

    In my case I did it with the information sent to me by ClickBank or PayPal, I built an IPN "listener" that received the transaction details. I then use a piece of code that essentially creates an API key (a random unique string with some rules regarding formatting). the API key is stored in the user table, along with the user ID (I used the users e-mail address from the CB/PayPal transaction as the ID). I also mail the key to the user.

    On every call to the API I have the user ID and API key included (the Plugin Dashboard has fields to enter this data). If they validate then the user is permitted to make the API call, otherwise it fails.

    Hope this is of some use to you, please feel free to contact me if you want any more details - always happy to help a fellow Canadian (actually, I'm always happy to help a fellow Warrior, no matter what nationality)!

    Happy Holidays

    Bill
    {{ DiscussionBoard.errors[3079897].message }}
  • Profile picture of the author ProEFI
    Hi Bill,
    Thanks so much for the reply. It definitely helps me to better understand what needs to be done. However, it's definitely above my skill level.
    I'm using Wishlist Member too so I'm sure that will add another level of complexity.

    Andrew
    {{ DiscussionBoard.errors[3082088].message }}
  • Profile picture of the author mywebwork
    Hi Andrew

    Actually I don't think WishList will add to the complexity, although I'd have to know a bit more about what you are trying to accomplish before I could say that with authority.

    Bottom line is that you need a method of managing and validating keys. The method I described above is one way, no doubt there are countless others. Without knowing what your plugin actually does (and I understand if its a secret) makes it difficult to recommend the best method.

    As you said you are having the plugin "developed" I assume you are working with a developer? No doubt he/she could offer a suggestion about the best way to accomplish this for your particular plugin design.

    Best of luck with your plugin!

    Bill
    {{ DiscussionBoard.errors[3082830].message }}
    • Profile picture of the author apexNSW
      Hello Andrew,

      I am currently developing a plugin and I have come across some of these same questions myself. If your plugin doesn't have to make a call-back to your server to operate, you may just want to encode your completed script. You can "compile" your code with a license key that has to be entered by the end-user. I am planning on using CodeLock because it is way cheaper than other competing software. (FYI: It is POSSIBLE to reverse engineer the encoding done by this program and other software like it, but it isn't necessarily easy!) Anyway, I am still in the development phase, but this is what I am planning to use myself.

      Best of luck,
      Nick
      {{ DiscussionBoard.errors[3084388].message }}
      • Profile picture of the author xrvel
        While i was trying to put license system into my plugin, my suggestion are :
        - callback to your server is a must (to check key, etc)
        - source code encryption is a must (my suggestion : ioncube -- although nothing is 100% perfect, i heard ioncube can be decoded)
        {{ DiscussionBoard.errors[3101564].message }}
      • Profile picture of the author Evan-M
        Originally Posted by apexNSW View Post

        Hello Andrew,

        I am currently developing a plugin and I have come across some of these same questions myself. If your plugin doesn't have to make a call-back to your server to operate, you may just want to encode your completed script. You can "compile" your code with a license key that has to be entered by the end-user. I am planning on using CodeLock because it is way cheaper than other competing software. (FYI: It is POSSIBLE to reverse engineer the encoding done by this program and other software like it, but it isn't necessarily easy!) Anyway, I am still in the development phase, but this is what I am planning to use myself.

        Best of luck,
        Nick

        It is easy, there is another program called "codelock Decoder" you run any codelock program through it, and it outputs a decoded version ( doesn't get much easier actually) just a heads up.

        http://www.google.com/search?sourcei...delock+decoder
        Signature

        Evan-M

        Easily The Worlds Best Wordpress Popup plugin

        Visit Website Design Firm For All Your Wordpress Coding Needs

        {{ DiscussionBoard.errors[3415702].message }}
      • Profile picture of the author intenseblog
        Originally Posted by Skylr View Post

        I too have a WP plugin that I want to charge for and also PROTECT.

        I like the way Optimize Press has a license code system in place to protect their theme from being shared.

        Has anyone see purchased it and seen how they do things?

        You need to put the domain names of the sites you plan on using the theme on into a place on their site/server (??) and then it automatically displays a license code you need to enter into the dashboard of the site where you want the theme to activate it.

        i would like to do the same thing for my plugin.

        Anyone know if there is anything out there like that? Or would I have to hire a coder myself?

        Thanks!

        Sky
        Instead of issue a license key like that why don't you allow your customers provide their WP address on your server and then, at the customers' website, your plugin will send out their address to your server to check the license?

        But it's not a real problem, by "calling home" each time your plugin used, your server will comsume a lot of bandwidth and also slow down your customers' websites, a solution for this is storing and retrieving a local license variable, but all of them will easily be bypassed if you don't encrypt the code
        Signature
        Do you want to build an authority website? Visit my blog today and learn everything to create the successful web blog.
        {{ DiscussionBoard.errors[3659766].message }}
        • Profile picture of the author xrvel
          Originally Posted by intenseblog View Post

          But it's not a real problem, by "calling home" each time your plugin used, your server will comsume a lot of bandwidth and also slow down your customers' websites, a solution for this is storing and retrieving a local license variable, but all of them will easily be bypassed if you don't encrypt the code
          Then dont always call. Do it for example with 1% chance of each visitor visit.
          So every 100 visitors, 1 call.
          {{ DiscussionBoard.errors[3664276].message }}
      • Profile picture of the author webtechprodigy
        Originally Posted by Skylr View Post

        I too have a WP plugin that I want to charge for and also PROTECT.

        I like the way Optimize Press has a license code system in place to protect their theme from being shared.

        Has anyone see purchased it and seen how they do things?

        You need to put the domain names of the sites you plan on using the theme on into a place on their site/server (??) and then it automatically displays a license code you need to enter into the dashboard of the site where you want the theme to activate it.

        i would like to do the same thing for my plugin.

        Anyone know if there is anything out there like that? Or would I have to hire a coder myself?

        Thanks!

        Sky
        There is a custom XML file that you will need to embed in your plugin/theme which has a call back function to your main site where you are hosting your sales site.

        You might have seen that some themes and plugins give a 'there is a new version of this plugin available please upgrade' messages in your dashboard. This is the same XML file that is used to do so...
        {{ DiscussionBoard.errors[5208396].message }}
  • Profile picture of the author Tim Franklin
    I have developed a custom script that does this however it is still in development, I can tell you a few things about this process, it is not as easy as it sounds, and you may encounter issues, that could cause you to pull your hair out, I am still working on this and eventually I will release the script however, one of the biggest problems that I keep encountering is the rapid development cycle of word-press,

    3.0 3.01 3.02 3.03 3.04, one or more could end up breaking your code so you have to go back and try again, it is a real pain in the butt, trying to find the best balance between what works and what works best, now that is the real challenge.
    Signature
    Bitcoin | Crypto | Blockchain Secrets |
    {{ DiscussionBoard.errors[3102283].message }}
  • Profile picture of the author Revolves
    mywebwork's solution will work if your plugin has to communicate with your server to get the job done, something like Askimet. However, if it's self-sufficient, then an API key won't be of any use.

    As far as encoding the source code of the plugin is concerned, I'm not sure if it'd provide any additional security. WordPress plugins have to be GPL, and anyone can request the full source to it (as per GPL).

    If your plugin is good enough, then the good guys won't share it with others. And the pirates will always be pirating stuff. You can't help it. Rather, put additional efforts into satisfying your loyal customers.

    Regards,
    Revolves
    {{ DiscussionBoard.errors[3102920].message }}
    • Profile picture of the author mywebwork
      Originally Posted by Revolves View Post

      mywebwork's solution will work if your plugin has to communicate with your server to get the job done, something like Askimet. However, if it's self-sufficient, then an API key won't be of any use.
      Yes, the design I created was indeed for a plugin that depended upon an API for its operation. However the same concept could also be used for a "self-sufficient" plugin.

      Even if the plugin didn't require an API you could still have it "call home" with a username and activation key. It would actually have several advantages:

      - You could keep track of the number of sites that have the plugin installed, and restrict that number if required.
      - You could deactivate plugins that use keys that were stolen or illegally distributed.
      - If you wanted to you could even capture usage statistics, which may be useful for marketing purposes.

      Again there are a number of possible solutions, this is only one of them.

      Happy New Year everyone!

      Bill
      {{ DiscussionBoard.errors[3103443].message }}
      • Profile picture of the author Revolves
        Originally Posted by mywebwork View Post

        Yes, the design I created was indeed for a plugin that depended upon an API for its operation. However the same concept could also be used for a "self-sufficient" plugin.

        Even if the plugin didn't require an API you could still have it "call home" with a username and activation key. It would actually have several advantages:

        - You could keep track of the number of sites that have the plugin installed, and restrict that number if required.
        - You could deactivate plugins that use keys that were stolen or illegally distributed.
        - If you wanted to you could even capture usage statistics, which may be useful for marketing purposes.

        Again there are a number of possible solutions, this is only one of them.

        Happy New Year everyone!

        Bill
        Happy New Year!

        You're right. API keys can also be used with "self-sufficient" plugins. However, you'll then also have to encode your plugin. Or else, people can just remove the checks from the plugin's source.

        But then, I start thinking whether it's worth the effort, all just keep the pirates away, who'll keep on pirating no matter what. We can simply concentrate on the customers who have honestly bought the product.

        However, the situation is different when it comes to "non self-sufficient" plugins, as was your case. That's because you don't want pirates feeding on your bandwidth. In that case, it's always good to have an API key.

        Regards,
        Revolves
        {{ DiscussionBoard.errors[3103852].message }}
    • Profile picture of the author apexNSW
      Originally Posted by Revolves View Post

      As far as encoding the source code of the plugin is concerned, I'm not sure if it'd provide any additional security. WordPress plugins have to be GPL, and anyone can request the full source to it (as per GPL).
      I do not believe that all plugins have to be GPL compatible. The plugin I am currently developing is not. I have read a variety of information on the subject and I think it is widely misinterpreted.

      Here is one opinion: Why They’re Wrong: WordPress Plugins Shouldn’t Have to be GPL

      Just food for thought.
      {{ DiscussionBoard.errors[3108580].message }}
  • Profile picture of the author phpbbxpert
    The whole GLP spec is quite touchy on how you can/can not have a different license for a plug-in.

    Frequently Asked Questions about the GNU Licenses - GNU Project - Free Software Foundation (FSF)
    Basically if you use functions from WordPress it has to be GLP.

    This is pointed at themes, but it is a similar concept.
    http://wordpress.org/news/2009/07/themes-are-gpl-too/
    {{ DiscussionBoard.errors[3109825].message }}
  • Profile picture of the author andreasnrb
    phpbbxpert: GPL for WP is a grayarea. WordPress Core Devs and Matt have their view on the subject but its not universal. All pro WP GPL is biased in the WP world. But its basically all gray when it comes to PHP since the GPLv2 wasnt written for dynamic stuff, linking etc.
    And we don't know until its tried in court until then we are all bull****ting.
    {{ DiscussionBoard.errors[3115317].message }}
  • Profile picture of the author mrmagos
    I thought the whole themes-and-plugins-are-GPL had been resolved some time ago. Since themes and plugins run under the same process and use the same hooks as the core software, then they are considered to be derivative works and therefore subject to GPL. However, any css, javacript or images (and other non-PHP parts) bundled with said plugin or theme are not subject to GPL, provided those components themselves are not derived from GPL code. Therefore, the PHP portions are most definitely GPL, though you can 'sell' the other parts. You could even release the entirety as GPL, but place it behind a paywall and 'sell' support and updates.
    {{ DiscussionBoard.errors[3116288].message }}
  • Profile picture of the author Tim Franklin
    Well, one thing for sure everyone has an opinion, on this however, legally, one entity cannot take away the legal rights of another entity.

    In other words If I create a plugin, and it contains my personal intellectual property which I can also copyright, by the way as well as apply for a patent, if I wanted, why bother, right.

    So just because my plug-in touches word-press does not give word-press rights to my intellectual property see how that works, if this were in fact legal then wordpress could claim the rights to all server software where it runs including Cpanel,

    Does that make sense? No, it does not, why, simply because just because wordpress runs on Cpanel does not mean that Cpanel is now GPL, that would be like trying to sell ice to an Eskimo no offense to the Eskimos.

    Wanting something does not make it true, The biggest problem here is that most people here have never bothered to read the GPL, mostly because it is totally confusing unless you have a law background and even then its full of conversant facts,

    But none of that matters, because, unless and until some case law is developed in this area, the final word is yet to come out, in other words the fat lady has not sung yet.

    I think that intellectual property and the GPL are capable of playing well together, but they are not going to be having sex or children any time soon.
    Signature
    Bitcoin | Crypto | Blockchain Secrets |
    {{ DiscussionBoard.errors[3116334].message }}
    • Profile picture of the author wayfarer
      Originally Posted by Tim Franklin View Post

      So just because my plug-in touches word-press does not give word-press rights to my intellectual property see how that works, if this were in fact legal then wordpress could claim the rights to all server software where it runs including Cpanel
      Wordpress doesn't use any of Cpanel's functions, or use any of its APIs, etc. When you make a Wordpress plugin, you're using Wordpress's functions to build it. If you don't, it won't be a Wordpress plugin. Just by doing this you are subject to its license, and cannot break the terms of the GPL. If you release it in an incompatible license, you are breaking the law and can be subject to damages in a court of law.

      This doesn't mean you can't sell plugins. As pointed out above, customers are paying for support.
      Signature
      I build web things, server things. I help build the startup Veenome. | Remote Programming Jobs
      {{ DiscussionBoard.errors[3416494].message }}
      • Profile picture of the author SteveJohnson
        Originally Posted by wayfarer View Post

        ... Just by doing this you are subject to its license, and cannot break the terms of the GPL. If you release it in an incompatible license, you are breaking the law and can be subject to damages in a court of law. ...
        While IANAL, you'd not be 'breaking the law' -- even if the terms of the GPL are in fact enforceable, which no one really knows because there haven't been any court cases concerning it yet -- and if you were to be sued over it, you'd end up in civil court, not criminal court.
        Signature

        The 2nd Amendment, 1789 - The Original Homeland Security.

        Gun control means never having to say, "I missed you."

        {{ DiscussionBoard.errors[3420326].message }}
        • Profile picture of the author wayfarer
          Originally Posted by SteveJohnson View Post

          While IANAL, you'd not be 'breaking the law' -- even if the terms of the GPL are in fact enforceable, which no one really knows because there haven't been any court cases concerning it yet -- and if you were to be sued over it, you'd end up in civil court, not criminal court.
          That's not true, there's been lots of court cases where the GPL side won out, just none about this particular case (building plugins to a popular GPL application).

          Here's a list of GPL cases, in the EU and the US:

          FST vs Cisco
          Skype loses GPL lawsuit in Germany
          US Busybox GPL Lawsuits
          4 lawsuits won by GPL side (including Busybox)

          Usually open source cases are settled by a letter, without ever going to court, but as you can see, there have been a few cases. The FST (Free Software Foundation) is usually the one to file suit. I haven't found any cases where the GPL side didn't win.

          The question of plugins is basically going to come down to whether the plugin is a derivative work. If so, going against the license is a copyright violation. No one is saying you're going to end up in criminal court.
          Signature
          I build web things, server things. I help build the startup Veenome. | Remote Programming Jobs
          {{ DiscussionBoard.errors[3422007].message }}
    • Profile picture of the author jminkler
      Originally Posted by Tim Franklin View Post

      Well, one thing for sure everyone has an opinion, on this however, legally, one entity cannot take away the legal rights of another entity.

      In other words If I create a plugin, and it contains my personal intellectual property which I can also copyright, by the way as well as apply for a patent, if I wanted, why bother, right.

      So just because my plug-in touches word-press does not give word-press rights to my intellectual property see how that works, if this were in fact legal then wordpress could claim the rights to all server software where it runs including Cpanel,

      Does that make sense? No, it does not, why, simply because just because wordpress runs on Cpanel does not mean that Cpanel is now GPL, that would be like trying to sell ice to an Eskimo no offense to the Eskimos.

      Wanting something does not make it true, The biggest problem here is that most people here have never bothered to read the GPL, mostly because it is totally confusing unless you have a law background and even then its full of conversant facts,

      But none of that matters, because, unless and until some case law is developed in this area, the final word is yet to come out, in other words the fat lady has not sung yet.

      I think that intellectual property and the GPL are capable of playing well together, but they are not going to be having sex or children any time soon.
      These arguments make no sense
      {{ DiscussionBoard.errors[3667970].message }}
  • Profile picture of the author russjam
    I implemented a similar approach to the premium plugin, Gravity Forms, in my own plugin, Slickr Flickr. I came up with the solution by inspecting their code.

    I addressed the GPL and licensing issues as follow

    1) Plugin is GPL and non encoded

    2) Plugin has free version

    3) Premium version comes with support and access to membership forum as well as bonus features that are unlocked with the license key

    4) When someone buys the system generate a random 32 character key that has a few decillion possible unique values, sets up a membership account and emails them the login so they can log in and get their license key

    5) Member enters their license key in the plugin's admin settings

    6) Custom validation makes remote call to check license key is valid - a green tick is placed alongside the key if it is valid and a red cross if it is invalid

    7) Whenever, the plugins page is visited, and the 12 hour cache has expired, a remote license check is made: I collect referrer information so I know on how many domains the license is being used - I could add more restrictions in the license validator but do not need to yet as nobody is taking the mickey


    Because the code is GPL anyone can take it and remove the license checking if they wanted to so the security will not deter anyone with a little bit of time and determination who does not want to pay me for my work. This approach makes sense for me as the plugin is cheap so it is not worth spending a lot of time and effort to protect it.

    However, I would go down the IonCube encryption route if you need to protect the code better. This can still be GPL as long as you offer to give anyone a copy of the unencrypted code to anyone who asks for it. (That's the rules). However you can send them a printout of the code by post so it you think the requestor has mal intent you can make it a little more difficult for them.

    If you require more protection, then you can move some of the code on to a server and implement the plugin as a client/server implementation. Here you protect your IPR by hosting the key components on your own server while the client part of the plugin is GNU Lesser General Public License. Matt Mullenweg's own Akismet plugin is an example of the client/server approach

    If you would like the random license key generator code just PM me.
    {{ DiscussionBoard.errors[3415570].message }}
    • Profile picture of the author Istvan Horvath
      Originally Posted by russjam View Post

      I implemented a similar approach to the premium plugin, Gravity Forms, in my own plugin, Slickr Flickr. I came up with the solution by inspecting their code.

      I addressed the GPL and licensing issues as follow

      1) Plugin is GPL and non encoded

      2) Plugin has free version

      3) Premium version comes with support and access to membership forum as well as bonus features that are unlocked with the license key

      4) When someone buys the system generate a random 32 character key that has a few decillion possible unique values, sets up a membership account and emails them the login so they can log in and get their license key

      5) Member enters their license key in the plugin's admin settings

      6) Custom validation makes remote call to check license key is valid - a green tick is placed alongside the key if it is valid and a red cross if it is invalid

      7) Whenever, the plugins page is visited, and the 12 hour cache has expired, a remote license check is made: I collect referrer information so I know on how many domains the license is being used - I could add more restrictions in the license validator but do not need to yet as nobody is taking the mickey

      [...]
      Congratulations!

      This is the most common sense post ever in the WF regarding WP, GPL, themes and plugins.

      Everyone else talking about WP/GPL/plugins - they are just pushing their own personal agenda without ever having a convincing argument... (sorry, guys) and showing often times lack of fundamental knowledge in this field.

      P.S. I don't make plugins, LOL
      Signature

      {{ DiscussionBoard.errors[3416199].message }}
    • Profile picture of the author mitoshthewarrior
      Originally Posted by russjam View Post

      I implemented a similar approach to the premium plugin, Gravity Forms, in my own plugin, Slickr Flickr. I came up with the solution by inspecting their code.

      I addressed the GPL and licensing issues as follow

      1) Plugin is GPL and non encoded

      2) Plugin has free version

      3) Premium version comes with support and access to membership forum as well as bonus features that are unlocked with the license key

      4) When someone buys the system generate a random 32 character key that has a few decillion possible unique values, sets up a membership account and emails them the login so they can log in and get their license key

      5) Member enters their license key in the plugin's admin settings

      6) Custom validation makes remote call to check license key is valid - a green tick is placed alongside the key if it is valid and a red cross if it is invalid

      7) Whenever, the plugins page is visited, and the 12 hour cache has expired, a remote license check is made: I collect referrer information so I know on how many domains the license is being used - I could add more restrictions in the license validator but do not need to yet as nobody is taking the mickey


      Because the code is GPL anyone can take it and remove the license checking if they wanted to so the security will not deter anyone with a little bit of time and determination who does not want to pay me for my work. This approach makes sense for me as the plugin is cheap so it is not worth spending a lot of time and effort to protect it.

      However, I would go down the IonCube encryption route if you need to protect the code better. This can still be GPL as long as you offer to give anyone a copy of the unencrypted code to anyone who asks for it. (That's the rules). However you can send them a printout of the code by post so it you think the requestor has mal intent you can make it a little more difficult for them.

      If you require more protection, then you can move some of the code on to a server and implement the plugin as a client/server implementation. Here you protect your IPR by hosting the key components on your own server while the client part of the plugin is GNU Lesser General Public License. Matt Mullenweg's own Akismet plugin is an example of the client/server approach

      If you would like the random license key generator code just PM me.
      Gravity Forms is also one of the most pirated plugins out there. They still do really well because they have a great product and a known brand.
      Signature

      "Do the actors on Unsolved Mysteries ever get arrested because they look just like the criminal they are playing?"

      {{ DiscussionBoard.errors[4725067].message }}
    • Profile picture of the author mstdev
      Originally Posted by russjam View Post

      I implemented a similar approach to the premium plugin, Gravity Forms, in my own plugin, Slickr Flickr. I came up with the solution by inspecting their code.

      I addressed the GPL and licensing issues as follow

      1) Plugin is GPL and non encoded

      2) Plugin has free version

      3) Premium version comes with support and access to membership forum as well as bonus features that are unlocked with the license key

      4) When someone buys the system generate a random 32 character key that has a few decillion possible unique values, sets up a membership account and emails them the login so they can log in and get their license key

      5) Member enters their license key in the plugin's admin settings

      6) Custom validation makes remote call to check license key is valid - a green tick is placed alongside the key if it is valid and a red cross if it is invalid

      7) Whenever, the plugins page is visited, and the 12 hour cache has expired, a remote license check is made: I collect referrer information so I know on how many domains the license is being used - I could add more restrictions in the license validator but do not need to yet as nobody is taking the mickey


      Because the code is GPL anyone can take it and remove the license checking if they wanted to so the security will not deter anyone with a little bit of time and determination who does not want to pay me for my work. This approach makes sense for me as the plugin is cheap so it is not worth spending a lot of time and effort to protect it.

      However, I would go down the IonCube encryption route if you need to protect the code better. This can still be GPL as long as you offer to give anyone a copy of the unencrypted code to anyone who asks for it. (That's the rules). However you can send them a printout of the code by post so it you think the requestor has mal intent you can make it a little more difficult for them.

      If you require more protection, then you can move some of the code on to a server and implement the plugin as a client/server implementation. Here you protect your IPR by hosting the key components on your own server while the client part of the plugin is GNU Lesser General Public License. Matt Mullenweg's own Akismet plugin is an example of the client/server approach

      If you would like the random license key generator code just PM me.
      hi russjam

      can you share that license key generator code to me.

      I want to use that on my wordpress plugin. Please share that

      Thanks
      {{ DiscussionBoard.errors[5592831].message }}
  • Profile picture of the author wayfarer
    Yep, as long as you keep the plugin GPL (or compatible licenses like MIT or BSD) it will be legal. I think people understand you're paying for support, which is fine. Just don't encrypt it.
    Signature
    I build web things, server things. I help build the startup Veenome. | Remote Programming Jobs
    {{ DiscussionBoard.errors[3416477].message }}
  • Profile picture of the author Tim Franklin
    Actually it makes perfect sense, from a purely ideological perspective, as Robin Williams once said during a standup comedy routine, (for those of you on Quaaludes) this is a disargeement between copyright, Intellectual rights advocates, and copyleft Socialized Code advocates, as mentioned previously there is no case law to support one position over another, (before you go there, read, when a case is settled, it does not mean case law has been created) additionally, when hardware is represented it is a totally different aspect of software, so the position some mentioned in some threads are not properly mounted in terms of argument.

    Since hardware, cannot be distributed with a on demand GPL version,
    (which by the way does not include IP rights to any code generated in a plugin)

    Additionally, a copy of wordpress can be pointed to as a link and satisfy any GPL reguirements, along with a base statement, (which means that if you demand access to code from thesis or any other for hire, code) you will be laughed out of their email box.

    Still, I remain unconvinced that the copy left theory of ordained law is accurate at all.

    If wordpress continues down this path there will be consequences, likely not now and probably not in the near future, but in the tired but truthful analogy

    Cant we all just get along,)

    If PHP is BSD (like) and Wordpress wants to be GPL, fine, but you cannot makes reckless statements about how one license trumps another simply because they work together.

    LAMP is quite different in its license terms.

    again for those on
    Quaaludes different strokes for different folks.
    Signature
    Bitcoin | Crypto | Blockchain Secrets |
    {{ DiscussionBoard.errors[3668043].message }}
  • Profile picture of the author ProEFI
    As the OP, I'm still looking for a solution for a licensing key for a plugin. If anyone knows how to set this up and is looking to take this project on please PM me.

    Thanks
    Andrew
    {{ DiscussionBoard.errors[3678850].message }}
  • Profile picture of the author AzzamS
    Any solution to this problem since I need to use something for a theme.
    My coder is thinking of including this:

    class-jfile-php at class.jfile.php - Free PHP Code

    But it does not offer an automated process of providing a licence key upon payment.

    I am chatting with him now to work on a solution, if i find something then I will be back here to provide a solution
    Signature
    Download 101 Actions for a Complete Website SEO Technical Audit Sample FREE today and charge clients $$$ with it.
    SEO Case Study: 1.7M Visitors from 27,000 Keywords Click here to read the post .
    {{ DiscussionBoard.errors[3807361].message }}
    • Profile picture of the author spamfighter
      Generally speaking, you would probably want to use encrypted php code if you provide license keys.
      Otherwise customers can just remove the routine to check the key.

      For encryption I'd suggest: IonCube
      For offering license Keys and provide an order and accounting system, I would suggest: WHMCS + Licensing Addon

      Or SPBAS, which is a little harder in handling IMHO
      {{ DiscussionBoard.errors[3829883].message }}
  • Profile picture of the author wayfarer
    The problem with encrypting source code is that anyone who's not an idiot and knows the slightest thing about programming, can unencrypt it. The people who don't know anything about programming are not going to know what to do with your code anyway.
    Signature
    I build web things, server things. I help build the startup Veenome. | Remote Programming Jobs
    {{ DiscussionBoard.errors[3830124].message }}
    • Profile picture of the author Mark Ford
      The problem with encrypting source code is that anyone who's not an idiot and knows the slightest thing about programming, can unencrypt it
      Good luck with that on Ioncube - I know a few developers who tried and failed miserably to unencrypt - and I have been caught with it once - encrypted a file and somehow managed to misplace the source file.

      For encryption I'd suggest: IonCube
      Ioncube is what we use, Pro and Cerberus versions provide PHP encoding plus the abililty to create license files for your products. License files can protect your scripts against unauthorised use by locking to specific machines. They can also time expire, which is ideal for releasing evaluation versions. The Windows Pro or Cerberus Encoder also comes with a license generator for Linux, which is useful for automating license generation from a web server.
      {{ DiscussionBoard.errors[3832866].message }}
      • Profile picture of the author spamfighter
        and I have been caught with it once - encrypted a file and somehow managed to misplace the source file.
        Yeah these things happen hehe...
        Not much you can do than trying to recall the code and write it again lol...

        Since it happened to me as well, I figured using DVDs to archive unencrypted code is not a bad idea
        {{ DiscussionBoard.errors[3835207].message }}
      • Profile picture of the author Tim Franklin
        Interesting looks like they even have an x86 MAC OSX version but the pricetag is 379.00 seems like a lot of hoops to go through, to get to a place where you could protect your source code, I guess though considering the bleeding alternatives, share sites, and other venues, you just about have to consider that if you do not take any steps then your product life will be short.

        Originally Posted by Mark Ford View Post

        Good luck with that on Ioncube - I know a few developers who tried and failed miserably to unencrypt - and I have been caught with it once - encrypted a file and somehow managed to misplace the source file.



        Ioncube is what we use, Pro and Cerberus versions provide PHP encoding plus the abililty to create license files for your products. License files can protect your scripts against unauthorised use by locking to specific machines. They can also time expire, which is ideal for releasing evaluation versions. The Windows Pro or Cerberus Encoder also comes with a license generator for Linux, which is useful for automating license generation from a web server.
        Signature
        Bitcoin | Crypto | Blockchain Secrets |
        {{ DiscussionBoard.errors[3836227].message }}
  • Profile picture of the author wayfarer
    Ioncube needs its own interpreter installed on the host though, doesn't it? Sort of like the Zend Optimizer? That seems it makes distribution more difficult to me. I don't know why most people are so worried about their source code anyway. Consumers are paying for support, not for products to steal.

    If you're selling to a very specific industry that is willing to install whatever you require in order to run your product, I understand, however.
    Signature
    I build web things, server things. I help build the startup Veenome. | Remote Programming Jobs
    {{ DiscussionBoard.errors[3838008].message }}
    • Profile picture of the author spamfighter
      Consumers are paying for support, not for products to steal.
      This might be true, but what about nosy competitors, or customers who change the source and ask you for support telling you "I didn't change anything"
      {{ DiscussionBoard.errors[3838238].message }}
      • Profile picture of the author wayfarer
        Originally Posted by spamfighter View Post

        This might be true, but what about nosy competitors, or customers who change the source and ask you for support telling you "I didn't change anything"
        Referring to the customers who change the source code, then ask for support: have you ever had major problems with that? Seems like a relatively rare occurrence, though it would be annoying if it happened.

        Nosy competitors I understand, but does that outweigh the distribution problems faced by requiring a third-party interpreter to read encrypted code? I guess you'd just have to weigh each situation individually. If you're going for as widespread of distribution as possible, I'd have to say no.
        Signature
        I build web things, server things. I help build the startup Veenome. | Remote Programming Jobs
        {{ DiscussionBoard.errors[3838263].message }}
  • Profile picture of the author majick
    A different approach might be using a members area for customers and having the script verify active members via another script in the members area. This saves having to come up with license keys etc, let's you track which domains are being used by which members and members are less likely to share their login information.
    Then obfuscate the PHP code with POBS. :-)
    {{ DiscussionBoard.errors[3904187].message }}
  • Profile picture of the author solaceten
    Hello I am also looking for a licensing option for a premium wordpress plugin and wondered if anyone had any suggestions.

    The best solution I have found is through using WHMCS licensing addon, but that is a bit overkill for my needs as I don't need the WHMCS application (which is typicaly used by webhosts / domain name registrars to automate billing etc)

    So, any suggestions ?
    Thanks
    {{ DiscussionBoard.errors[4416037].message }}
  • Profile picture of the author Harrison_Uhl
    AFAIK a 'derivative work' for GPL purposes is one that starts with GPL source code, and modifies that source code. A plugin need only access functionality exposed by the GPL code. Most often the functionality accessed is simply to tell Wordpress when to call back the plugin to perform the plugin's functions.

    This is essentially similar to any program utilizing the API's (Application Program Interface) of Linux itself. The notion that API usage would 'contaminate' code and force it to become GPL was the basis for M$'s claims that anything that touched Linux would become GPL.

    As I recall, this led to a distinction between 'utilizing' (via an API or otherwise) functionality exposed by GPL code VERSUS 'incorporating' GPL code, where 'utilizing' was not sufficient to force GPL licensing.

    If I remember correctly, one of M$'s arguments was that if someone ran a GPL program on Windows, this would force Windows to become GPL. This was the basis for all sorts of anti-GPL activity. I think the matter resolved with some statement from the OSF that said that was not the intent of the GPL.

    Regarding 'securing' a theme or plugin
    Anything on a computer under a user's control can eventually be taken apart, and modified to ignore usage (i.e. license) restrictions. The only solution is to keep some of the functionality on computers never under the user's control. For a theme this might be a gui designer that runs on the vendor's computer. For a plugin, it might be fresh data, or providing a gateway to another service.

    Security conscious system admins are skeptical about code from unknown sources that cannot be inspected. Encrypting your first plugin will make your marketing effort more up hill. (Also, I don't think you can get an encrypted theme or plugin listed in the Wordpress.org directory.)

    Harrison
    {{ DiscussionBoard.errors[4460573].message }}
    • Profile picture of the author RobKonrad
      Hello everyone,

      followed the initial discussion with great interest, being about to release my first commercial WP plugin.

      My question to all the people who already invested time into this:

      Any chance to "buy into" your development? I guess it doesn't make much sense to start from scratch if others invested time and/or money into this - so if anyone is willing to share, I'd be happy to compensate accordingly.

      Cheers,
      Rob
      Signature
      ================================================== ===
      This blog is awesome: http://www.robkonrad.com/blog. Read it.
      ================================================== ===
      {{ DiscussionBoard.errors[4570862].message }}
  • Profile picture of the author Gama Seva
    I've been researching this licensing stuff for a while for my project and I found out that there's nothing really an all-in-one off-the-shelves solution to protect your php scripts. You have to jump through a lot of hoops and spend a lot of money before you can get a solution.

    Here's my recommendations:

    1. If you are routing for software development for long term then I advice you to spend money for the development of your in house licensing solution.

    2. If you want an off-the-shelves solution then you may try "SPBAS". It's an expensive one but it's a great solution, it's not fully automatic but with a little bit of programming knowledge you can easily automate the process.

    3. If you need a low-end solution that works then try "PHPLicengine" + "ionCube". These 2 software can do the trick plus you can install it on your own server to control all your software and issue unlimited licenses without paying subscription.

    Hope this helps.

    Gama
    Signature

    FormBerry Advanced Form Builder Plugin For WordPress
    WPiFramer - Ultimate iFraming & Cookie Dropper Plugin!
    Instant eCover Pro - Create Unlimited High Quality eCovers In Minutes!
    {{ DiscussionBoard.errors[4585745].message }}
  • Profile picture of the author andreasnrb
    I got a working WordPress system with registration, license keys, automatic updates etc. Are there any interest in releasing it as a standalone package?
    {{ DiscussionBoard.errors[4587120].message }}
    • Profile picture of the author stcupp
      just so you know any licenseing done through php is extremely easy to crack unless the php is obfuscated and even then then license keys are very easy to crack id say if someone posts it on some reverse engineering forums theyd have it cracked in about a hour
      {{ DiscussionBoard.errors[4615217].message }}
  • Profile picture of the author rufaswan
    To OP,

    The way I envision would look something like this:

    First, you'll need a script. This script needs to connect to the database.

    When someone makes a purchase, your download page will make a calling to this script.

    The script will check for the transaction details and then generates a license key.

    The key will then updated into the database and finally displayed on the download page.

    After the buyer uploaded the plugin, he/she will needs to activate it.

    To activate, the buyer will need to enter their license key, and the info will be post to the script (on your server).

    The script will query the database and check if the license key is valid. If yes, return the unlock key to its referrer. The plugin is now unlocked.

    As you can see, the script itself consist of a lot of sensitive information, such as your database password, your Paypal/Clickbank API token, the secret algorithm to generate the license key and unlock key... For security reason, most people will prefer to develop the script in-house. It needs to be customized anyway.

    - Rufas
    {{ DiscussionBoard.errors[4619993].message }}
  • Profile picture of the author jaybaker
    Not sure on the cross domain connect to the db but you should be able to set the license key up using something like so to generate and store in the db.
    Code:
    if key is xxx-xxxx-xx-xxxx
    
     = rand(100,999);
     = rand(1000,9999);
    and so on.
    then pull them together with dashes and store in db.
    =.'-'.....
    email off to customer
    Signature

    Do you want to make successes or excuses? Success? Alright then... See what's in store for you....
    - The AC Assassin

    {{ DiscussionBoard.errors[4632577].message }}
  • Profile picture of the author lordspace
    I've done a similar licensing solution but I dropped it because I release my software as open source. It did indeed called *home* and cached the result/encrypted for 4hours.

    By the way ioncube has an online version of its encoder. It is much cheaper.
    It works on some kind of credits system and you are charged based on the complexity of your code.
    Signature

    Are you using WordPress? Have you tried qSandbox yet?

    {{ DiscussionBoard.errors[4695963].message }}
    • Profile picture of the author xrvel
      Originally Posted by lordspace View Post

      I've done a similar licensing solution but I dropped it because I release my software as open source. It did indeed called *home* and cached the result/encrypted for 4hours.

      By the way ioncube has an online version of its encoder. It is much cheaper.
      It works on some kind of credits system and you are charged based on the complexity of your code.
      Ioncube online encoder is definitely cheap but you can not use it 100% as final solution on licensing. It only encodes.

      Except for the not-online encoder, i heard it can lock a script to specific domain. Well, you have to ask what domain will the buyer use and encode a script every time there is a buyer. (am i right?)
      {{ DiscussionBoard.errors[4702905].message }}
  • Profile picture of the author Unomateo
    I run a central wordpress admin tool that allows me to manage remote wordpress networks. I built an Oauth client/server with tokens. Oauth is a standard used by nearly all social networks so it's well supported.

    My steps are as follows.
    1. user activates my plugin
    2. user connects their blog to my network. A secure window pops up asking for username and password. (they previously made a user account).
    3. If user is authenticated, I generate a random key and key secret and store it in the options of the wordpress blog and on my server. I also record the domain name.

    Now each call has the key, secret, domain, and signature sent. If the signature doesn't match, authentication fails and script dies...

    You're not going to be able to hide your code and people will be able to reverse engineer any code. that's just the nature of building on wordpress, but the upside is, if you make a good product you have a lot of blogs to market to (14.7 million)
    {{ DiscussionBoard.errors[4725115].message }}
  • Profile picture of the author RobKonrad
    @Andrew:

    Just found this thread when going though my subscription list. Am I right that this has evolved into your WP Plugin WSO?

    If so, I can happily close the subscription, if not let me know. I didn't have the time to have a look at my purchase so far...
    Cheers, Rob
    Signature
    ================================================== ===
    This blog is awesome: http://www.robkonrad.com/blog. Read it.
    ================================================== ===
    {{ DiscussionBoard.errors[5106485].message }}
  • Profile picture of the author ProEFI
    Hi Rob,

    That's right... since this post I have found a system and implemented it into my business model. I've packaged it into a WSO training program too.

    Andrew
    {{ DiscussionBoard.errors[5125355].message }}
  • Profile picture of the author EricHall
    Have you looked into Ioncube PHP Encoder?
    You can set it to have your plugin only run from certain websites or unlimited with a license key.

    I have used this on several plugins. It works great!
    {{ DiscussionBoard.errors[5125468].message }}
    • Profile picture of the author xrvel
      @Eric : I use IonCube too. Sometimes just using Ioncube solves your problem. Sometimes it doesn't, really depends on your need.

      However i've created a library for WP licensing problem. You can use domain limitation such as user can use the product on max 10 domains, etc.
      Probably i'll throw it on WSO soon, i haven't tried to write a sales letter first LOL.
      Buf if you are interested, you can PM me and i can show you the explanation etc.

      Again, sometimes using IonCube is good enough (depends on your need) and IonCube online encoder is cheap
      {{ DiscussionBoard.errors[5127359].message }}
  • Profile picture of the author Terry Crim
    One thing you need to be sure of if you implement security like this is that the domain you use for checking the license needs to ALWAYS be online FOREVER. So in 5 years you still have to have this system up and running or else all the plugins people purchased from you instantly go dead.

    I implemented something like this but a little more advanced in a project once but it took into account the possible unavailability of the site by storing a custom activation code generated by the licensing site taken from part IP, domain name and special code generated from the plugin. Once activated it didn't need to call home except to check for updates and that was able to be disabled by user if they wanted.

    Each site had it's own code so you couldn't just plug in any code or one from another site. I also experimented with auto regeneration of the code but that got too complex for users so I abandoned that.

    Just be aware that if you implement a licensing scheme that requires the software, wp plugin or whatever to call home that you make allowances for that and purchase a domain name for more than one year at a time, preferably 5 to 10 years and make sure hosting is reliable.

    There are more than one expensive plugins for software that have gone dead due to either out right abandonment of the software, selling out to a competitor or another business or just not taking the time to make sure things would be up and running for years in the future eg: hosting or letting domain expire etc...


    - T
    {{ DiscussionBoard.errors[5128364].message }}
    • Profile picture of the author xrvel
      Originally Posted by Terry Crim View Post

      One thing you need to be sure of if you implement security like this is that the domain you use for checking the license needs to ALWAYS be online FOREVER. So in 5 years you still have to have this system up and running or else all the plugins people purchased from you instantly go dead.
      This is very true. And make sure the hosting that you use is very reliable (very very little downtime). VPS or dedicated server is suggested.
      {{ DiscussionBoard.errors[5128949].message }}
  • Profile picture of the author jasonthewebmaster
    Banned
    a script can be GPL and still be sold commercially. ultimately it's up to the developer. if they choose to publish under a GPL license, then they run the risk of having their stuff shared. by encoding the plugin, though, they break the GPL license and so are not following their own licenses. also, a plugin MUST be GPL to be featured on wordpress.org
    {{ DiscussionBoard.errors[5187407].message }}
  • Profile picture of the author honeyclarck
    Hello Bill
    I am new in this field i suggest you to go Google or youtube and write your problem it gives you the best solutions.
    {{ DiscussionBoard.errors[5209761].message }}
  • Profile picture of the author jackjohnson
    if someone has a licensing system they would like to make in to a WSO, I am up for writing the sales letter if that is a roadblock. I think a lot of people would like a system like this for their software development
    {{ DiscussionBoard.errors[5287795].message }}
  • Profile picture of the author Bamma
    Has anyone released anything yet that can do do the license key generation and check?

    @RussJam

    I would also like to see the generator code if possible.
    {{ DiscussionBoard.errors[5612258].message }}
  • Profile picture of the author gatech
    Did I miss something... did the user ever complete the licensing plugin he mentioned or more specifically detail how he solved the licensing problem?

    From ProEFI ...
    That's right... since this post I have found a system and implemented it into my business model. I've packaged it into a WSO training program too.
    Is the end result of this thread "I figured it out, buy my course to figure out what I did"?. I PROMISE I don't mean that as poorly as it may sound. It's late. I'm tired. I'm interested. I care :-).
    {{ DiscussionBoard.errors[6096335].message }}
  • {{ DiscussionBoard.errors[6099099].message }}
    • Profile picture of the author Jeff Baer
      Hi gatech,

      I went with SPBAS Business Automation Software | PHP Licensing, Client Management

      Thanks,
      Andrew
      Are you happy with your decision?
      Signature

      Jeff Baer

      {{ DiscussionBoard.errors[6139375].message }}
  • Profile picture of the author sorinnunca
    Hey, I just finished my wordpress plugin licensing software.
    You can check it out at Wordpress Plugin Licensing

    Sorin
    {{ DiscussionBoard.errors[6946632].message }}
    • Profile picture of the author jefK
      Have you tried PHPLicengine ? It supports several type of licenses, like local, remote and ionCube. I used its remote php licensing but now moved to its online ionCube license generation and it seems to be good.
      {{ DiscussionBoard.errors[9419588].message }}
      • Profile picture of the author SteveJohnson
        Originally Posted by jefK View Post

        Have you tried PHPLicengine ? It supports several type of licenses, like local, remote and ionCube. I used its remote php licensing but now moved to its online ionCube license generation and it seems to be good.
        He probably did - TWO+ YEARS AGO.

        Please don't dredge up dead threads.
        Signature

        The 2nd Amendment, 1789 - The Original Homeland Security.

        Gun control means never having to say, "I missed you."

        {{ DiscussionBoard.errors[9429396].message }}
  • {{ DiscussionBoard.errors[9450303].message }}
  • Profile picture of the author serpyre
    Callbacks only really work if there is enough trust between the developer and the purchaser, as most are startups that doesn't exist so you limit sales. On the other hand you need to make sure the IP stays yours. You have ionCube, but remember, everything about WP is free, so charging is hrder, charging with callback and not being a household name caysing lack of trust puts a damper on sales.
    {{ DiscussionBoard.errors[9456643].message }}

Trending Topics