A friend has built a very powerful Wordpress plugin that was build mainly for his own use - and now he is considering opening it up to the public by selling it, but...

But he's concerned that it will be pirated, and since this plugin is so powerful he really doesn't like that to happen... He doesn't want the plugin to just get into anybody's hands.

So my question is:

What are the best options out there for securing something like a Wordpress plugin? And how bulletproof can you make the security with it?

I'm assuming at least a part of having strong security is when you use licence keys that need an internet connection to be validated, but I have no hands-on experience the complete picture, so I'm asking here.