What is the Best Way to Secure a Commercial Wordpress Plugin?

A friend has built a very powerful Wordpress plugin that was build mainly for his own use - and now he is considering opening it up to the public by selling it, but…

But he’s concerned that it will be pirated, and since this plugin is so powerful he really doesn’t like that to happen… He doesn’t want the plugin to just get into anybody’s hands.

So my question is:

What are the best options out there for securing something like a Wordpress plugin? And how bulletproof can you make the security with it?

I’m assuming at least a part of having strong security is when you use licence keys that need an internet connection to be validated, but I have no hands-on experience the complete picture, so I’m asking here.

Take a look here.

A lot of developers tend to sell service for the plugin, rather than the plugin by itself. There was a recent discussion related to this:

Could take a look at ioncube, but I think what Force Flow says makes sense.