Ask your WordPress questions! Pay money and get answers fast! Comodo Trusted Site Seal
Official PayPal Seal

How to best build a license framework for a premium-plugin? WordPress


I consider building a premium plugin. Users will be able to purchase a license key for one or unlimited sites. The plugin should allow a 14day trial and afterwards a valid license key has to be entered (This is the same mechanism which is offered by the seo plugin

Unfortunately I dont have a clue how to best approach this issue. I couldnt find any tutorials on this topic nor code examples which I could reuse. Especially the server side of the required solution is still unclear to me.

I would therefore appreciate any tutorial links, code examples, best practices, libaries etc on how to best build a licensing framework for a premium WordPress plugin.

Answers (4)


Dbranes answers:

Here is a review of membership plugins that might be helpful

[[LINK href=""]][[/LINK]]

e.g. s2member has lot of options according to

[[LINK href=""]][[/LINK]]

Dbranes comments:

Here is a licence key service (free for < 26 customers):

[[LINK href=""]][[/LINK]]

Robert Harm comments:

thanks - this exactly the type of software I was looking for!


Pali Madra answers:

There are a couple of resources I would recommend looking at

[[LINK href=""]]Blair Williams: How to Create a Premium WordPress Plugin[[/LINK]]

The other is a service provided which takes on the pain of how to go about distributing your plugin at [[LINK href=""]]Make WP plugins[[/LINK]]. It has cost associated with it.

Hope this helps!

Robert Harm comments:

thanks for the links - very informative!


Wordpressing answers:

Licensing and WordPress, is kind of like Oil and Water - they don't mix so well for those who want to protect their intellectual property. Just take a look at the WordPress vs Thesis (Matt Mullenweg vs Chris Pearson) debacle of recent times and the whole host of other GPL related debate surrounding the topic of protected works.

All fun aside, there are various methods you can go to in order to protect your products which include,

- Using license/serial keys that validate to an external API server
- Obfuscating your code
- Encrypting your code (using Zend or IonCube)

Technically you are not supposed to Obfuscate or Encrypt your code, under the GPL licensing system of which WordPress is licensed. WordPress considers themes and plugins, whether they are free or premium, to be derivative works of WordPress and therefore must share the same license as they do.

The GPL promotes free and open source software and you'll find many people in uproar over the fact I dare mention Obfuscation and Encryption - but we're just laying down the possibilities here.

There was and still is great debate over Obfuscation and Encryption use within GPL licensed software, however an amendment was made to the GPL that does not prohibit the aforementioned but recommends that free and open source access to a version of the software be made available elsewhere for download or use.

Under the GPL, you are allowed to sell your work, but once you sell your work, others may choose to redistribute those works and modify them at will according to the license.

Its grey area and then some.

Onto the code:

There is a script at Code Canyon by the name of,
<strong>PHP Key Generation and Authentication Class</strong>, which can be found [[LINK href=""]]HERE[[/LINK]].

This is mostly likely going to be the easiest option for you to start out with and the features include;

<strong>Customizable key pattern</strong>
Add a Prefix and/or Suffix to your keys.
Define key length with two variables, length of each chunk, and number of chunks in each key.
Change the chunk separator, default of ”-” works well but maybe you want a seamless key.

<strong>MySQL based key storage</strong>
Store, Activate, and Deactivate Keys via the database or included class functions.

<strong>Time sensitive keys</strong>
Set a key to expire in one minute, or 10 years, its up to you.

<strong>One time use keys</strong>
User validation.
One time use promotion keys.

<strong>KeyMatch system for an extra layer of authentication.</strong>
Store the clients email, username, domain, server ip, possibilities are endless.

<strong>An easy to use API .</strong>
Integrate authentication into any programming language.
Use for scripts, desktop applications, mobile applications, etc.

This will go a long way to helping you secure your products but by no means is this a fool proof method as anyone with enough knowledge on how to safely remove and nullify your script can remove such license systems unless you take the further precaution of either obfuscating or encrypting your code or both!

That brings you right back to that grey area with regards to WordPress.

However obfuscation and encryption do make it much more difficult for people to abuse your works and redistribute it or work ways around your license system. Encryption can be extremely difficult to crack but not entirely impossible. Obfuscation tends to render code completely unreadable and can be even more difficult to decipher if you employ a proper obfuscation technique and algorithm.

A license that talks to an external API and either of obfuscation or encryption will make your work pretty hard to get at for its worth and in fact you could even require that your script download particular functionality from your external API too should you need to go to that extreme.

All of this is provided without any guarantee that you will be limited from liability or compliant with the GPL and WordPress license system so you might want to seek advice about that.

In the meantime take a look at the link provided above and see if that doesn't set you off in the right direction.



Martin Pham answers:

Did you try this, but I'm not sure it will be effective. It relies on your ability to encode.
When your customers use the plugin for a certain action, it will request to the server to validate your license. If the license is invalid, it will automatically move to enter the license key page

# This class will be encode
# Example eval(base64_decode(base64string));
class License {
function license_check() {
$settings = $this->getSettings();
$response = wp_remote_get(add_query_arg(array("domain" => parse_url(site_url(""), PHP_URL_HOST), "license" => $settings["license"], "type" => $this->_licensing_Type), $this->_licensing_Url));
if(!is_wp_error($response)) {
return wp_remote_retrieve_body($response) == 1;
} else {
return false;

// No encode class
if(!class_exists('DoLicenseFunc') && class_exists('License')) {
class DoLicenseFunc extends License {
var $_licensing_Type = 1;
var $_licensing_Url = '';
var $_option_SettingsKey = '_your_plugin_setting_key';

function getSettings() {
$settings = wp_cache_get($this->_option_SettingsKey);
if(!is_array($settings)) {
$settings = wp_parse_args(get_option($this->_option_SettingsKey, array()), $this->_option_SettingsDefaults);
wp_cache_set($this->_option_SettingsKey, $settings, null, time() + 24*60*60);
return $settings;

function something_action() {
// encode without $value =
// Example: $value = eval(base64_decode(base64string));
$value = if(!$this->license_check()) { return new WP_Error("license_invalid", sprintf(__("You must configure you license key."), admin_url("admin.php?page=my-plugin-option-page"))); }
if($value) {
return $value;