Mandatory Purchase key validation for installing the wordpress theme

Hi There!

We are all fed up of theme piracy and warez. So I was thinking today to make a custom plugin and installation process of wordpress theme with purchase code validation tightly integrated into it. This installation process must should validate the purchase key in order to complete the installation. Also the data import or demo import will only get enabled if right purchase code was passed & validated.

I am sure envato would have no problem approving my theme if I do the same.

Anybody of you think I will be violating any rules of marketplace by doing so, or any license policy or anything else? Please guide me to understand.

Also it would be nice to hear other people’s feedback.

PS: We will be distributing this plugin for free to community, but before start on this we seriously need to understand if any method here stopping us to do this.


mentions: @KingDog @scottwills @matthewcoxy @kailoon @Crusader12 @Ivor


Get an official response but I am 95% sure it would depend how the plugin works.

As I understand it you cannot restrict a file or force a buyer to be tracked in anyway (not sure how a plugin like this would work unless it tracked where it as being used?) .

Check this out for possible reasons why: Protecting your Theme by Activation Codes/License Keys

It strikes me that if this was as simple as adding verification then just like many other seemingly obvious features etc. envato would have already instigated it.

Unfortunately this may just be part of selling stuff online (it’s not an exclusive problem for authors here).

I think you do need to be careful and make sure you are in the right before initiating anything like this and the way some authors have ‘voluntary’ code entry for things like auto updates may be the closest you will get.

I am more than happy to be proved wrong and completely on your side about stopping the piracy etc. but fear there is a bigger picture to consider.

My advice would be to contact support for an official answer.

Kill only the pirates who RESELL your theme.
Forget about others or even collaborate with them to promote your licensed version in a better way.

There will be always 3 categories of users:

  • Non-payers – they will NEVER pay you, no matter what. (you should use them to promote your paid package)
  • Standard buyers
  • VIP clients

Once you learn how to use all these three categories for good – your business will grow with every pirate share.

Thanks @charlie4282 for comment. Nice thoughts. Here are my views.

Surely I can not and no one should. I am even not in the favor of tracking the customers domain, site, host or website. I believe this is completely unethical.
But purpose matters here. that for what purpose and why the website is being tracked. There are thousands of services does track the website we know, its the purpose of the service which demands this tracking access. We could think this tracking as well in the same way.

The point is we all have to take a bold step forward to stop the piracy, its a huge problem, not only on envato but on all over the web. and Wordpress covering the major part of web and major sales here on envato. I think we have got this responsibility automatically to do something solid in this direction. If we feel that tracking the website at every user’s end per website wise would be a problem, then envato may come with a service which will track each theme sold with valid purchase code to ensure they are able to install the themes purchased from envato and updates are only downloaded if the theme has valid key. this way it will be a centralized and trusted platform.

And trust me I am an author as well and I would be happy if I have to do this to validate myself an a trusted themeforest buyer and supporting this ecosystem. Buyers here respect the work with authors does for a mare price of 59 USD maximum for a wordpress theme, we all know this. Do you think, there is a space for piracy of wordpress themes which are already being sold for very very low compared to the cost of the same work if done on a custom requirement? I think No. We should all stand unite and build a space/something to stop it. A plugin or something is an Idea envato must should approve.

Well, that silly simple if we actually wish to do this. The plugin I am thinking is to just ask a valid code in order to start the installation process (one time communication outside the host) and further if customer wants to download demo data that entered purchase code must be validated once again. so everytime when a customer is trying to download or connect themeselves this validation check should be done. this will help generating a logs of purchase code with life history of action as well as making it sure at every step that customer has a valid license else he would not be able to perform the required action. So in this case seriously no tracking is required nor this is really a big deal to develop.

I am on web since 2006 and I have seen so much evolution in web, almost everything has changed. but one thing which has not changed in piracy. the person who is going to get a pirated copy will never download the updates and will be using the themes forever, so we need to check the validity at two major steps, one at the time of installation and another while they want to download the demo data.

I understand, that for the comment once again.

@lumbermandesigns Trust me I know so many people having good heavy pockets but still they dont pay as they get it on warez as pirated. But if they didn’t get it there, they will surely buy the stuffs properly licensed.
Do you know that all those user who usage the pirated copy, they first properly review the preview, demo, read the features and demo and then they search it on warez to find it for free. It means they do all actions as like a paid customer. If they would not get a copy on warez they most like go ahead and buy the product.

Secondly, I seriously dont want anyone to use my theme who don’t want to pay for it.

I do agree with you that it should be stopped but I fear that it is simply not that straight forward.

In particular of the points in that link…

  • A developer installs the theme to edit it before giving it to a client on a different domain. How is that going to work if they get a code which will activate it once?

  • I don’t tend to do ‘client work’ using TF files but I would think that even a single initial call to a client’s server would be an absolute no no and the buyer has zero legal right to allow/do this

  • this will mean a complete rewrite of the buyer terms (even if it is for the good) which I would think is actually a much bigger consideration that it may appear. What about files already sold?

In the interests of possible solutions:

I think if envato controlled this process somehow then that would improve the concept, although again I think it is a huge consideration that would impact far wider than simply helping control piracy.

The Demo data thing - this could potentially be easier to initiate as it is not a million miles from authors already asking for p/codes to receive auto updates.

That said authors could no longer advertise demo data with explicitly stating that it requires the code, and again this would probably also mean a rewrite of terms for envato.

Again just to reiterate I am not in anyway disagreeing that the problem should be stopped somehow but I am simply looking at it from perspective that considers the bigger picture and wider imapct.

Are there any other sites which do this or have a solution in place?

I’m going for GPL as there is more money with more users in any way. What I’m trying to tell you that you can use pirate users as free promoters. You just need to be creative.

You right, they do research as normal buyers and most likely they have 2-3 themes that suits the project, so if you have the theme locked with validation, they will install another one and you loose these free fools forever. ʕ•ᴥ•ʔ

That’s a really good point I had not even considered.

There are many companies who usage license policy to ensure their software are not being distributed for free. To answer your question. Here are my response as per what I could answer you based on my experience on web.

  1. no worries for that case, there should be temp license valid for month or so, if development is taking longer another temp/dev code should be generated manually to allow using on temp domain. Also there is nothing like tracing the domain. Its all about hitting the purchase code validation API and checking if code is valid or not, if valid let the action perform else discard the further action. no matter which website/domain (I mean no tracing of website/host/domain information). As we now have a temp license key for dev purpose right here, there is no need to worry about domain being locked for client’s domain if used code once. And now we need to check on updates or demo data import etc that each these actions are allowed for 2 or 3 times to perform. exceeded than that the options should not be available. All these things can be handled by plugin itself.

  2. as I said in point 1, no data of customer domain is being tracked and why that’s needed. not require to know where the site is running. purpose is just to bind the theme with a key and that key should be valid. that’s it.

  3. I am not that much legal, but envato will have to help us and support in this. and that’s the reason I have mentioned all senior staffs, so they could look at it.

Thanks for being positive and putting many concerns forward, hopefully we will be able to make an impact.

I have even a better, of making it functional. rather making it purchase code validation based. I would be generating another key (name it like access code) obviously by validating the purchase key. This access key will remain forever with author in a separate database, so in future if customer is coming up expecting any update and if any how the purchase code validation is not working or the item was moved or by any ways we are unable to validate the purchase key. That access code which was generated through author’s website on behalf of purchase code will always be there to be validated without any interruptions.
Similarly we could do to generate the temp/dev code for development purpose with 1 month default validity. and if generating another dev code on same access code, the temp code will again generate with 1 month validity.

1 Like

I need to understand that GPL thing first to understand how you are utilizing this.
And also if its legal and as per the marketplace guidelines.

It sounds like you have some good ideas.

Out of genuine interest (excuse the lack of tech understanding) - is it possible to have the theme call back via API to validate the code somehow without having to know where that connection is coming from?

I was trying to think of other brands who do this e.g. MS Office, Adobe etc. (wasn’t piracy a big cause of Adobe using CC as opposed to CDs?), but they all have very transparent connections to their users/info.

I am sure you can appreciate the scale of having adjusting the buyer agreement, implement something like this let alone being able to manage temporary codes for dev purposes.

There is definite logic in your thoughts and while my biggest concenrs are the huge scale of adjusting agreements, licenses and if it could be being done then surely it would already, I’d be interested to hear what staff/support give you. Good luck

1 Like

The answer is Yes, because the logic will not let the user know or check the domain and atleast not require to do so.
We know that purchase code validation check is possible at envato’s end. So how it will work is like a theme being installed on any server, has an input field to enter the purchase code, and this form will communicate with envato api to validate the code and I am sure they don’t store or track the domain from which the require is coming from. the theme here on any domain we are installing just need 1/valid as return from envato API and it will go ahead in processing else it will stop for further steps.

So here you will see that it don’t require to trace the website.

Microsoft & Adobe are well manner giants and they do understand about the piracy concerns, we know their games and authorities. they are a single company developing and selling their products so its a different case. Trust me if this case has been with envato as well (envato being the dev company having all thousands of items developed by their own, they surely have has implemented license validation key yet now to ensure their work is not being and used freely)

I am appreciate and understand the legal or documentation corrections or policy changes. but if envato can do huge changes in policy and privacy if it comes to taxes and expansion than this matter is also equally or infact a bigger concern than anything else, I think. So its worth giving and devoting time to manage this bullshit of web which impact everyone of us in huge, atleast the small author who actually don’t understand this and untill they know about this, they have had lost their hard earned money in huge.

Thanks - it is good to learn more about this stuff. Last potentially stupid question.

If it is a plugin what happens if someone does not install it?

Surely the theme needs to work without relying 100% on having that plugin activated and being used?

Don’t you have to have the theme and/or installation done for the plugin to work with it?

I could be being very slow on this so apologies if that is a stupid question…

It should not be a standalone plugin, it should be tightly integrated with installation & demo import process process.

How? I’m interested in that… I’ve also fed up with legal fighting… Can you please explain about it?

I can’t share here all the possible solutions but here are the few ideas:

  • Every pirate website linking to your landing page helps to rank it higher.
  • Every pirate website is some sort of the free demo of your product. I know many of our theme buyers do install pirate version before buying it, just to see if it works as advertised.
  • Once the pirate use the theme for one project he will want to use it for every other to not learn another theme options. You get more chances to convert him into the buyer or use as promoter.
  • Your support should be awesome and updates released regularly to motivate pirates to buy the theme. In fact, people don’t really buy themes–as there are a myriad of great free themes available–they buy premium support and guarantee of the future updates.
  • Time to time, you can make the pirate user’s life a little bit more complex using various methods like changing source of the demo content with every theme update.
  • If you have a great product and pirates love it – they will recommend it to the friends, share it, etc.
  • Often we have theme users who came to us for support and they don’t even know that theme is pirate. They hired a cheap WP developer who charged for the work done and disappeared. In every such case the site owners are willing to buy the license to get support and updates.

There are 10+ more methods on how to make the pirates good for your business, but the idea is clear.


Agree @lumbermandesigns But don’t you think these are just the options we got to built because we could’t stop it? Answer is Yes.

Better is always to do something to stop stealing and piracy. We have changed our self as per the according to world of bad, I still feel Rather finding the convenient ways and using them for our person profits, we should have a stand to stop this wrongdoing with our right efforts so to earn goodness not for ourself but for everyone.


Take a look: here you have a great idea.
To make the activation message to show up after a few days. Like that the “ones that get the theme for free” will have time to test it for 3 days and then in order to use it, the key license will need to be added.

Purchase the top themes and you’ll see that almost all themes have the same configuration, so I don’t see any issue on creating your theme like this. If Envato doesn’t allow it, why the top authors are using this method?!

By “activating theme” they mean activating automatic updates.

My advice would be to take a technical working solution to envato when you ask about this.

Given it does not really exist yet (at least for marketplaces selling WordPress themes etc.) I would imagine envato’s response will almost certainly be, at least partly, that they could not comment without being able to see and test exactly how it works.

Good luck with it