Protecting your Theme by Activation Codes/License Keys

wordpress

#1

Hi all,

Hope you are all well.

Close to finally submitting my first Theme (a LayersWP Child Theme). Just wanted to ask the forum about setting up Activation Codes/License Keys for my Theme. This is where users copy and paste the Code/Key provided to them by Envato in the WP-Admin after downloading and installing the theme in order to activate it.

Is this something that ThemeForest adds to my Theme after accepting a Theme?
Or, is this functionality that I have to add to my Theme?

Either way, if there are any resources on this provided by Envato, if someone could point me in their direction that’d be great! :smile: Any help would be much appreciated.

Many thanks,

Ash / PikxelThemes


#2

You can’t do this or force any kind of tracking/restriction on purchased files.

The closest thing is to offer auto updates etc via theme options which require buyers to enter their P/code but the point here is that it is voluntary i.e. they could choose to download the theme again and do it that way.

Hope that helps


#3

Hey,

This has to be implemented by yourself. Like Charlie explained, it can’t be forced, it has to be voluntarily accomplished by a user.

If you are afraid of having users using a single license on many websites against the rules, you could code a simple API like WooThemes do - they control which license key is assigned to what website. If a user wants to move a license key to another WordPress installation, they have to log in to their WooThemes account and revoke existing website from the license key (in other words, free it up). Hope this makes sense :stuck_out_tongue:

I’ve created a basic API for license validation for my only plugin on CodeCanyon with an idea to extend it later as described above.


#4

This is based on users voluntarily submitting their license key though right?


#5

Indeed. It’s only purpose is to receive auto-updates. You can still use any WooTheme products without providing the key.


#6

Thanks for clarification - I’ve seen a few author son here doing this by allowing automatic updates/content etc via license key submission.

While (as a big buyer) It would be great if there was a way to stop people breaking rules and files ending up on illicit sites, even the most experienced authors will tell you it is near on not avoidable and I completely understand the reasons behind why buyers cannot be forced into a tracked or registered situation.


#7

Hi Charlie / NerdCow,

Thank you very much for your quick and helpful replies.

So, just to get it straight in my mind - I would just submit my theme “unprotected”? ThemeForest then does the rest in terms of selling to the customer and providing them a license key to activate it?

The idea behind adding a license key was - as Charlie mentioned - to avoid it ending up on illicit websites for free.

Many thanks,

Ash


#8

So you submit it unrestricted.

If you want to add the VOLUNTARY functionality of auto updates etc via license key entry then that is up to you.

Envato sell the file and provide a license key but this is not required to ‘use the theme’.

There are numerous reasons why it has to work this way the biggest of which is privacy law and data secrecy (among many more!) and bottom line is buyers cannot be forced into a situation where their purchase is tracked one they have bought the license.

Does that make sense?


#9

Lol are you sure about this? Nearly all themes on Top Selling list have this protection.


#10

I am 99% sure that they can all be used without submitting their license.

you might need to add the p/code to download demo content or get automatic updates but the theme will still work aside form these features without it


#11

This was a reply to previous discussion abut this. It’s on old forums so I can’t link directly to the individual post and the thread was quite long but as I understand it at least… (happy to be proved wrong).


- Several big authors are already using opt-in auto updates, one-click demo installation etc. This is because it is the safest and easiest way.

- The biggest issue: Forced registration makes sense BUT is actually a huge shake up of how envato works & will mean entirely new policies, agreements, licenses, for both buyers, authors, data, legal etc.

- While less experienced buyers might not care, those who understand the change would be hugely deterred from – far from just because they have something to hide.

- What ‘clients’ of these developers are going to be ok with their site being tracked by a random 3rd party?

- The countless potential data, hacking, security etc. issues

- Right or not we all know ‘developers’ build sites on one server then transfer to a client. What if there is an upgrade whilst initially developing? If they have registered then when they move the file the ‘client’ on the new domain won’t be able to have them?

- Legally (in the EU), while many sites don’t properly adhere to it there are several laws around tracking, cookies etc. on websites that would be impacted by the idea

- Privacy laws differ quite dramatically from region to region so it would be VERY hard to have a one size fits all rule


Again in no way do I condone buyers taking the piss with licenses but just like with a few things that frustrate people here – there normally is a good reason & envato are experts in what they do.

Personally I would be happy if there was a less intrusive way to achieve enforcing the licenses but unfortunately whatever is done (just like pirate copies etc.) it rarely takes long for the less scrupulous people to find a way around it and sometimes we just have to accept it.

Hope that makes sense


Mandatory Purchase key validation for installing the wordpress theme
Extra verification of the theme purchase
#12

OK - that’s fine and makes sense, thank you so much for your help Charlie :smile:

The crux of it is really just didn’t want my “unrestricted” theme to be rejected on submission by Envato. But if that is not the case then it makes my job a lot easier! :smile:

The less scrupulous will always find a way to steal, right?


#13

@charlie4282 +1


#14

Unfortunately yes - one day someone will find a solution but (speaking as a buyer not a moderator) in envato’s defense they are stuck in rock and a hard-place and have to consider the bigger picture.

Good luck with your submission


#15

Thanks Charlie


#16

I am a bit confused on why this is an issue. The Wix.com widget store does this without issue albeit with respect to enabling / disabling widgets and they are the ones providing all the themes and everything is a recurring license and not one time license as seems to be the model here.

STILL, If a theme is being purchased on a single site license, or even an app/widget which is more applicable for me, what is so difficult about Envato asking the user to provide a specific site URL from the purchaser at the point of sale and then generating a unique activation code enabling the theme, widget or app (certainly the widget / app) to simply check its home URL against the activation code to see if they match when they run. If they don’t match then they don’t run or maybe they don’t run with premium capabilities.

I don’t see a privacy issue to simply go out to a database and compare an activation code with the site URL trying to run the code or the theme. Could it be hacked? Ya maybe, but your theme or app would have to be sufficiently popular to warrant the hack and I think it would cut down quite a bit on illegal distribution.

Also, and again I am kinda a newbie to the web and site tracking world, but doesn’t google (aka a third party) crawl around the web tracking and even running javascript on every site imaginable in order to rank you page? And if you try to block them they rank your page lower? I guess I don’t really understand the issue with privacy with respect to a public site. It is kinda like celebrities wanting privacy when they walk down a public street. Ya you definitely shouldn’t take their picture thru their bedroom or even hotel window, but if they are endorsing a political candidate to influence votes then you should be able to track the hell out of them. Just like a website that is using unlicensed content. If it is intelligent content, then it should be allowed to shut itself down when it is operating in an unlicensed environment and I think Envato could do a whole lot more to protect that.

But admittedly, I am still learning how Envato works and I can only compare it to what I know about Wix and other third party app stores with activation codes.