What is the Best Way to Secure a Wordpress Plugin to Prevent Piracy?

A friend has built a very powerful Wordpress plugin that was build mainly for his own use - and now he is considering opening it up to the public by selling it, but…

But he’s concerned that it will be pirated, and since this plugin is so powerful he really doesn’t like that to happen… He doesn’t want the plugin to just get into anybody’s hands.

So my question is:

What are the best options out there for securing something like a Wordpress plugin? And how bulletproof can you make the security with it?

I’m assuming at least a part of having strong security is when you use licence keys that need an internet connection to be validated, but I have no hands-on experience the complete picture, so I’m asking here.

You really can’t. Once someone has the plugin code, even if you put in some kind of validating system, they could just reverse engineer it and remove that part themselves.


From the plug-ins that I’ve worked I can say that most of those work with license keys. This license key in the case of Gravity Forms is hidden to the end users. So even if you were to access the back-end to your CMS you still won’t be able to see the key you’ve inputted.

I’ve also seen services that require you to add your URL to their website in order to allow you to fully access the plug-in. You can incorporate many ways to reduce piracy. You can update your plug-in regularly and track websites and product key’s easily.

I am not a plug-in developer but I’ve seen services do this and it works well for them.

Good luck and hope your friend get’s it sorted.