In this three-part tutorial, I will show you how to set up, create and add license key functionality with authentication for your premium theme or plugin.
Specifically for this tutorial, we will create a plugin, but the same approach can be easily applied to a premium theme.
In the first part, I will show you how to add, store and retrieve the user license key data using WP options. Part two will discuss how to set up your API client (which will reside on your hosting client), and in part three, I will show you how to incorporate the API client within your plugin and link it with WordPress.
Note: My API client will reside within my Kinsta account, but you can easily apply the same technique with any other hosting provider or hosting.
The End Result
To get an idea of what we are building and our final goal, here is a quick screencast I put together of everything we will cover in this tutorial.
Use Case Scenario
Let’s get started.
Important: This tutorial is not a full working real-world example. It would help if you considered several things regarding security, license key generation, password hashing, etc. I want to give you an idea of one of the methods to approach this problem.
First, let us describe the use case scenario in which you might apply this approach. As I said, this tutorial is plugin-based, but the same can be applied to a premium theme.
- You have a premium plugin with 3 different packages (let say for maximum 1, 5 and 10 active installs at any given time), and want to limit installs and provide pro/paid features by using a license key.
- The license key and associated data (like start and end date, installs limit, unique user identifier, etc.) are generated when a new user has completed their registration and payment. This data will be linked to their WordPress user name.
- We will assume that the new user role is set to a subscriber during registration.
The next step will be to log in to their account, download the plugin from a secure location, upload and install it to their WordPress site.
Now you want to either give them some premium features or, in the current example, limit the number of installs based on the package they have selected. The same approach can be easily applied to switching from a free to a premium/pro plugin version.
And here comes the need to add settings within our plugin where the user will enter username and password, and if correct (verified via API), the license key for the current site can be either activated or deactivated.
3rd Party Libraries
Also, before I move forward with the actual code for our first part, I would like to give you a quick intro about what you need to have installed or downloaded.
Here are all the third-party libraries we are going to use.
- You need to have installed Composer on your system.
- We will use the Slim PHP framework to build our API and a couple of packages a PHP HTTP client and an HTTP Basic Authentication Middleware see links below where you can download the latest releases.
Here are links to all 4 GitHub repositories:
- Composer – https://github.com/composer/composer
- Slim PHP Framework – https://github.com/slimphp/Slim
- Guzzle – https://github.com/guzzle/guzzle
- Slim Basic Auth – https://github.com/tuupola/slim-basic-auth
Still here? Let us dive into part one.
Once the user is has completed registration and payment, we would like to store some additional data associated with their license.
- unique license key (string)
- start date (timestamp)
- end date (timestamp)
- number of active installs (integer)
- total installs available (integer)
- sites, where the plugin was/is used (array)
- password (string) – hashed the same as WordPress login password; this can be improved.
- The functions above are loaded when we build our API client.
- To generate the initial license key data you need to pass WordPress username, password and a total number of installs based on the package that the user has selected during registration. This function is called after the user has completed payment.
- The second function will retrieve the license data for manipulation.
- And then the third function will update the active install +/-1 and add a site URL to a list. This way we can track all the sites where our plugin was active.
Note: This function, by default, will add +1 to active installs; you will need to pass false as a 3rd argument (used when a plugin is deactivated from a site).
Site tracking can be made even fancier where you have an associative array and track which sites are currently active and which aren’t. But for the sake of simplicity, we will have a list with URLs where our plugin has been active at any given time in the past or present.
The second and third functions will be used in part two of this tutorial within the controllers. This is when sending a call to our API client, and we would like to retrieve and update the license data.
This is for part one. In the next part of this series, we will set up the API client and see how the above functions can help us to interact between WordPress and the API.
‘Til the next one.