I'm looking to offer WordPress as a pre-configured product solution (containing core + specific plugins) targeting a niche user base.
I'm seeking a way to prevent the package from being installed on countless domains or passed around to non-license holders.
In researching licensing systems (add-ons for Easy Digital Downloads & WooCommerce), I've found the systems to be ideal for themes and plugins which are internal components within WordPress:
Licensing Functionality for Internal Themes & Plugins:
- Limiting # of Domain Installations
- Automatic generation of Unique License Keys
- Remote Activation / Deactivation of License Keys
- Theme & Plugin Update Notifications Sent To Users
These functions are great, but I'd like to restrict access to the entire WordPress platform if the license key is invalid (or the number of domains permitted for installation is exceeded) which from my understanding, in the case of EDD, will make use of the software's API for non-wordpress related software licensing.
I have a few questions based upon my initial research:
To apply licensing (via EDD, for example) to WordPress as a whole – the API would be utilized in conjunction with a piece of code to redirect invalid licenses to the frontend, persist the license screen or permit valid license access. Is this assumption of procedure correct?
For Example: Sample License Redirect Snippet:
add_action('admin_init', 'check_license_key');
function check_license_key() !validate_license_key($license_key))
wp_redirect(home_url());
exit;
function validate_license_key($key)
// Implement your license key validation logic here
// Return true if valid, false otherwise
How would you protect your 'Preconfigured WordPress Platform' from being propagated while ensuring it only operates within the hands of licensed customers?
I'm open to approaches which don't use Easy Digital Downloads. All help and guidance is appreciated.
You will probably need to create an abstraction layer on top of your package (which I am assuming is WordPress + plugins + a database). The WordPress base (files and database) would have to be encrypted on customers’ server so they don’t just run away with the data. Your customers will have to point their web server at this abstraction layer, which will manage all interaction with WordPress. Your abstraction layer would have to include a custom initial setup which, among other things, will accept a valid license key to decrypt the WordPress setup on the fly (this will severely hamper performance). You would also have to account for the many quirks that will happen in this setup. The database will be an issue – how will you ship a database in a preconfigured package when you don’t know your customer’s environment?
You will also need to release your source code under GPL.
I am no expert, but chances are it won’t work at all. This is also not “preconfigured” as your customers have to configure php, web server, and other stuff.
Viable alternatives are rolling out your own web hosting where you control everything, or releasing a paid plugin that does the configuration when activated.