Protect wordpress theme with license key validation

holiveira picture holiveira · Jul 7, 2011 · Viewed 9.6k times · Source

I'm planning to develop some professional Wordpress Themes and would like to protect it using license keys, is it possible?

If so, would any one be willing to link to some posts or articles to help me get started?

Answer

eyecatchUp picture eyecatchUp · May 1, 2012

You could set up a database on your own server, holding the license key and the licensed url for the theme. Then, set up an admin page for your theme. Within, first register a license settings array. Then implement a hidden settings field on that same page that gets updated whenever the license key is being updated by site admin. the update function sends a request to your server passing the license key and the $_SERVER's host and setting the hidden license_settings field to either true or false.

A really simplified code would look like this:

functions.php

<?php
// functions.php
require("myadminpage.php");

# Functions follow here...
?>

myadminpage.php

<?php
// myadminpage.php

// register settings
function my_settings_init() {
  register_setting('settings_license', 'settings_license');
}
// register admin page
function my_add_admin_page() {
  add_menu_page(__( '' ), __( 'Manage License' ), 'administrator', 'myadminpage', 'my_admin_page');
}
add_action('admin_init', 'my_settings_init');   
add_action('admin_menu', 'my_add_admin_page' );

if(isset($_GET["settings-updated"]) && $_GET["settings-updated"] == true) { 
    $options = get_option('settings_license');
    $key = $options["key"];
    $host = parse_url($GLOBALS['HTTP_SERVER_VARS']['REQUEST_URI'], PHP_URL_HOST);
    $url = sprintf("http://you.com/check-license.php?key=%s&url=%s", $key, $host);
    $options["valid"] = trim(file_get_contents($url)) == 1) ? "true" : "false"; 
    update_option('settings_license', $options);
}

// callback function that renders your admin page
function my_admin_page() {
  settings_fields('settings_license'); 
  $options = get_option('settings_license'); 
  ?>
  <form method="post" action="options.php"> 
  <input id="settings_license[key]" type="text" name="settings_license[key]" value="<?php echo $options["key"]; ?>">
  <input id="settings_license[valid]" type="hidden" name="settings_license[valid]" value="<?php echo $options["valid"]; ?>">
  <input type="submit" value="Save"> 
  </form> 
  <?php
}
?>

Now you can, when ever you need/want, get the license options and handle the invalid usage in any way you want. Eg (a rude way):

header.php

<?php
// very first line
$license = get_option('settings_license');
// see: http://ckon.wordpress.com/2006/08/09/server-request_uri-doesnt-always-work-correctly-heres-how-to-fix/
$ruri = $GLOBALS['HTTP_SERVER_VARS']['REQUEST_URI'];
if(!preg_match("#wp-admin#", $ruri) && $license["valid"] != "true") {
  wp_die( __('This website uses unlicensed software.<br>Administrators can update their license key <a href="'. get_bloginfo('url') .'/wp-admin/admin.php?page=myadminpage.php">here</a>.') );
}

# rest of header.php comes here..    

Finally obfuscate your php code (eg http://www.ioncube.com/sa_encoder.php) and you're done. However, make sure you're not violating any other licenses, such as WP's. If there's one single line of WordPress core functions used within your final code, you can not release it under any other license than WP, which is GPL.