Just to learn a little about piracy protection and payments, I was thinking of making a simple WordPress plugin. It would probably not earn a lot of money, but give me experience. So top security is not needed.
I was thinking of letting the user pay to PayPal giving his WP-domain. Paypal sends message to my server. My server encodes the domain and current date w/ private key and sends to the user that enters the data into the plugin. The plugin decrypts using public key and if the domain is ok and date has not passed by more than one year, runs full capacity.
A secure message about payment from PayPal requires business account. PayPal business account is $30/month which might be more than this experiment would earn. So maybe I would just read my mailbox by PHP to see if payments have been made to a personal account. (A plugin password could then be falsely obtained by spoofing an email from PayPal to me.)
OpenSSL seems to reside in servers so I would not have to supply a library to the user.
I have no experience in these things. The question is just. How do you construct the simplest possible anti-piracy/payment system which requires only “moderate” degree of security. (The software would be so simple (and running interpreter PHP) so security could probably be by-passed anyway.)