Paid WordPress plugins typically require an active license in order to receive plugin updates. While I understand the need for plugin authors to utilize license keys, I really dislike dealing with them as a customer. I’m currently building Stackable, my first WordPress plugin, and I’ve come up with a fairly ingenious solution to make license keys completely painless. License keys automatically activate in the background without the customer needing to do anything other than install the plugin. Let’s dig in.
Easy Digital Downloads makes handling license keys for WordPress plugin authors fairly straightforward.
My solution doesn’t do away with license keys. In fact license keys are still necessary to track which websites a customer has installed their purchased WordPress plugin on. That is handled brilliantly with Easy Digital Downloads (EDD) and their Software Licensing extension. It’s a fairly common setup which many WordPress plugin authors use to sell plugins and releases updates.
A normal license activation requires the following steps.
- Customer purchases a WordPress plugin from a plugin author
- Receives a license key and download link
- Downloads, installs and activates the new WordPress plugin
- Finds section to fill in license key and then activates their license
Why not just eliminate steps involving the license key all together? This is how simple it can be.
- Customer purchases a WordPress plugin from a plugin author
- Downloads, installs and activates the new WordPress plugin
The license activation can still happen in the background. Here is walkthrough how I’m doing that with Stackable.
Part 1: Inject customer’s unique license key into the WordPress download zip itself.
When a customer clicks to download a paid WordPress plugin from EDD, we can intercept that request with the edd_requested_file
filter and add some custom functionality. The following code will look up the customer’s license key, add that key to a copy of the WordPress plugin zip file under purchased_license.php
and then deliver that customized zip file instead of the original zip file. This code is tailored to work with my Stackable WordPress plugin. It will need modified if you plan on doing something similar on your EDD store.
function stackable_edd_requested_file_callback( $requested_file, $download_files ) {
$order_parts = explode( ':', rawurldecode( $_GET['eddfile'] ) );
// Retrieve license ID for a purchase
$license = edd_software_licensing()->get_license_by_purchase( $order_parts[0] );
if ( empty ( $license ) ) {
return $requested_file;
}
$license_key = edd_software_licensing()->get_license_key( $license->ID );
// Copy Stackable.zip to Stackable-<id>.zip
$new_file_name = dirname ( $requested_file ) . "/stackable-${license_id}.zip";
if ( file_exists ( $new_file_name ) ) {
unlink ( $new_file_name );
}
copy ( $requested_file, $new_file_name );
$zip = new ZipArchive;
if ($zip->open( $new_file_name ) === TRUE) {
$zip->addFromString( 'stackable/purchased_license.php', $license_key );
$zip->close();
}
return $new_file_name;
}
add_filter( 'edd_requested_file', 'stackable_edd_requested_file_callback', 10, 2 );
Part 2: When the WordPress plugin is activated, extract license key from file, activate license and dispose of license key file.
I’ll include a stripped down version of the code I’m using inside Stackable as an example. The complete code would require a more in-depth explanation of my particular implementation which uses Vue.js, Vuetify and wp_ajax. The gist of it is we use register_activation_hook
to run code upon WordPress plugin activation. Within that activation function we extract the license key from purchased_license.php
, activate the license with EDD and then remove the unnecessary file purchased_license.php
.
namespace StackableMode;
class Run {
public function __construct() {
register_activation_hook( plugin_dir_path( __DIR__ ) . "stackable.php", [ $this, 'activate' ] );
}
public function activate() {
$license_file = plugin_dir_path( __DIR__ ) . "purchased_license.php";
if ( file_exists ( $license_file ) ) {
$license_key = file_get_contents ( $license_file );
( new Configurations )->activate_license( $license_key );
unlink ( $license_file );
}
}
}
See a complete walkthrough here.
Is this secure?
I wouldn’t consider this any less secure then having the customer manually deal with their license keys. Worst case would be if a paid customer downloads your WordPress plugin and intentionally shares it publicly. This would reveal their license key for others to use which I’d consider it a benefit being able to track that customer by their license.
I completely support open source and the GPL license.
In fact I prefer using the MIT license which is even more open and less restrictive then the GPL license. It’s not illegal to share any plugin code under the GPL license in fact I encourage you to take my code, learn from it and build something awesome with it. No need to ask me for permission to do that.
That said it’s also fine for plugin authors to discourage any distribution methods other then their own official store for safety and reliability. If I find any of my customers sharing my plugins to GPL clubs or other fancy schemes to make money, you can be sure that I’m going to invalidate your license without any refunds. That’s just not cool nor what the open source community is all about.
I can’t see any reason for anyone using EDD to not use keyless activation.
I suppose that means I should make this into an extension and sell keyless activation to other WordPress developers, 😆. Well I think I better finish and launch Stackable before I attempt making another WordPress plugin. For now this idea is freely available to anyone who reads this post. Feel free to take it and run wild with it. Enjoy!