Revocation & Blacklists
WPLM gives you several ways to stop a license — from a reversible hold to a permanent kill — plus global deny lists and a signed revocation list that works offline.
Revocation operations
Section titled “Revocation operations”| Operation | Effect | Reversible? |
|---|---|---|
| Suspend | Temporary hold — validations fail. | Yes (reinstate). |
| Revoke | Permanently killed — all validations fail. | Yes, via explicit reinstate. |
| Reinstate | Returns a suspended/revoked license to inactive (seats preserved). | — |
| Terminate | Hard, irreversible kill switch (status 6). | No. |
| Revoke device | Kicks a single device, frees its seat. | — |
wplm_suspend_license( $key );wplm_revoke_license( $key );wplm_reinstate_license( $key );wplm_terminate_license( $key ); // irreversiblewplm_revoke_device( $machine_id );Each operation also has a REST endpoint (e.g.
POST /wplm/v1/licenses/{key}/revoke) and fires a matching action hook.
Blacklists
Section titled “Blacklists”Global deny lists block fraud sources regardless of which license is involved:
| Type | Blocks |
|---|---|
fingerprint | Any activation from this device fingerprint. |
ip | Any request from this IP. |
email | This customer email. |
wplm_blacklist_add( 'fingerprint', $hash, 'Leaked key' );Manage them under License Manager → Blacklist.
Signed revocation list (CRL)
Section titled “Signed revocation list (CRL)”GET /wplm/v1/crl returns an Ed25519-signed JSON list of revoked key hashes
and revoked fingerprints. Offline clients cache it and refuse any cached-valid
license that appears on it — so a leaked key can be killed everywhere: online
instantly via /validate, and offline within the client’s CRL refresh window.
The CRL is regenerated automatically on any revoke/terminate, and can be rebuilt manually under Settings → Tools → Rebuild revocation list.