Remote Disabling Plugins by Authors

This is a question about the plugins allowed in Code Canyon and best practices by Authors.

Are authors allowed to remote disable plugins on live websites if they believe a purchase code is not valid?

Here is the scenario:

Ladela, the author of the Bookly plugin, has remotely disabled the plugin from my website even though I have purchased the plugin on Code Canyon and enter my purchase code when activating the plugin on my site. This is actually the second time they have done something like this.

So now, I have their plugin on my site, actively accepting bookings, but they have disabled my ability to see the calendar or access the booking data.

This is not the result of a plugin update (that I know of) because I have not run any updates on the plugin lately and the last release is showing on 2018-06-05. So my assumption is the plugin “phones home” to check the purchase code at regular intervals. My guess is something in the response told it to disable the admin features of the plugin.

Looking at the comments on the plugin purchase page, it shows that others are having the same issue.

So is this acceptable behavior from plugin developers?

I am going to look through the code now for a way around so I can access my booking data and will report any findings.

The original problem has brought up an interesting issue.

If a Wordpress install is accessed by two different domains but displays the exact same wordpress website, is that a multi-domain install?

For example:
Domain A - mapped to ip address 10.0.0.1
Domain B - mapped to ip address 10.0.0.1

Wordpress install on 10.0.0.1 accepts both domains and just displays the same website regardless of source.

Now, in our case, this was a DNS issue as the server shouldn’t have been accepting any domain mapped to the ip address and Domain B was supposed to be forwarding to Domain A to prevent indexing as a duplicate website.

The problem with the purchase code has been solved but I still take issue with an author disabling a site without notification or warning because of a licensing issue. I could understand a notification or warning message, but to disable access to data seems excessive.

I also wonder, what is the benefit? While troubleshooting the issue, we disabled the license check to restore access to our data to see what events were on the calendar. I would assume anyone who wanted to use the plugin and was not willing to pay for a license, could also figure out how to disable the license check. So are you hurting legitimate customers more than you are preventing unauthorized use?

You can’t do it. Because, your PHP codes will be readable without encryption and someone can search all the plugin and remove the domain checker code easily.