Skip to content

Revocation & Blacklists

WPLM gives you several ways to stop a license — from a reversible hold to a permanent kill — plus global deny lists and a signed revocation list that works offline.

OperationEffectReversible?
SuspendTemporary hold — validations fail.Yes (reinstate).
RevokePermanently killed — all validations fail.Yes, via explicit reinstate.
ReinstateReturns a suspended/revoked license to inactive (seats preserved).
TerminateHard, irreversible kill switch (status 6).No.
Revoke deviceKicks a single device, frees its seat.
wplm_suspend_license( $key );
wplm_revoke_license( $key );
wplm_reinstate_license( $key );
wplm_terminate_license( $key ); // irreversible
wplm_revoke_device( $machine_id );

Each operation also has a REST endpoint (e.g. POST /wplm/v1/licenses/{key}/revoke) and fires a matching action hook.

Global deny lists block fraud sources regardless of which license is involved:

TypeBlocks
fingerprintAny activation from this device fingerprint.
ipAny request from this IP.
emailThis customer email.
wplm_blacklist_add( 'fingerprint', $hash, 'Leaked key' );

Manage them under License Manager → Blacklist.

GET /wplm/v1/crl returns an Ed25519-signed JSON list of revoked key hashes and revoked fingerprints. Offline clients cache it and refuse any cached-valid license that appears on it — so a leaked key can be killed everywhere: online instantly via /validate, and offline within the client’s CRL refresh window.

The CRL is regenerated automatically on any revoke/terminate, and can be rebuilt manually under Settings → Tools → Rebuild revocation list.