Kernl Now Supports Gumroad License Validation

If you use Gumroad to sell your WordPress plugins or themes you can now use Kernl to validate those licenses before new updates are made available.

How does it work?

When you create a plugin/theme in Kernl you can select the “Validate Gumroad License?” checkbox and fill out the “Gumroad Product Permalink” field. With those two fields completed Kernl will validate the license code passed into the Kernl via the update checker against Gumroad’s public license API. If the license code passes validation Kernl will allow the update to proceed.

That’s all there is to it! If you need any help getting things set up reach out to

License Management Update: Limit Updates to Specific Version

Kernl WordPress license management now allows you to limit updates up to a specific version.

How it Works

Assuming that you already use Kernl’s license management, go to the License Management area of Kernl. Once there add or edit a license.

Now you can fill in the “Max Update Version” field. This field can simply be described as “the version of your product which requires a customer to buy a new license”. For example:

  • Customer A bought a license with “Max Update Version” set to 2.0.0. The product was at version 1.7.0 at the time of purchase. Over the next few months you release 1.8.0, 1.9.0, 1.9.1, 2.0.0, 2.0.1. Customer A only receives product update versions 1.8.0, 1.9.0, and 1.9.1.

Why should I use this?

Drive. More. Sales. This new feature allows you to be extremely granular about what updates a specific customer receives. We also made updates to plugin_update_check.php and theme_update_check.php that allow you to customize the invalid/expired license message. We strongly believe that this combination of better license expiration messages and limiting through specific update version can be instrumental in helping you drive more sales.

Introducing the Kernl Referral Program

For most of Kernl’s life our best channel for adding new customers has been word-of-mouth referrals and now you can be rewarded for referring new customers!

How It Works

When you go to your Kernl profile you’ll see a new section called “Referrals”.

It briefly explains how the Kernl referral program works, gives you your referral link, tells you how many referrals you’ve made, and how many free months you’ve earned.


The rewards for the Kernl referral program are as follows:

  • For the referrer: Every 3 customers you refer to Kernl earn you one free month. No restrictions on plan or usage. There is a max of 24 referrals. If you somehow manage to bump in to this restriction, shoot us an email and we’ll work with you. 🙂
  • For the new customer: By using your referral code they earn 3 free months of Kernl (instead of the usual 30 day free trial).

That’s it! Kernl’s referral program is intentionally simple. Thanks to everyone who spreads the word about Kernl. The more customers we have the better we become.

What’s New With Kernl – May 2018

Welcome to May! Lets go ahead and dive right in.

  • Data Export – You can now export (most) of your Kernl data. To export your data, log in to Kernl, go to your profile, and scroll down to the “Export My Data” button.
  • Node.js Upgraded – Kernl has been updated to use the latest LTS version of Node.js. We are now on 8.11.1.
  • Kernl Analytics Hardware Upgraded – Kernl analytics sees a lot of traffic on a daily basis. As that number continued to grow we were seeing some resource contention issues during peak periods. We were able to mitigate all resource issues by upgrading our hardware from a single vCPU setup to a three vCPU setup.
  • – Check out our new public WordPress installation statistics page! Most of this information is readily available on, but Kernl’s data is interesting because it only includes data points from websites that purchase plugins or themes. The data is also available via our API for public consumption.

Thats it for this month! I hope everyone in the northern hemisphere is enjoying the start of summer.

Tips to Keep a WordPress Site Safe

If you want to get a website developed for your business you should definitely take a look at WordPress. It can be considered one of the most convenient methods available for getting a website up and running. But when you are building your website with WordPress, you should never overlook security.

When you are done with creating your website you are open to a whole world. If you have not integrated the necessary security precautions your website might face some serious security issues. Your website might contain sensitive data like; customers credit card details and personal details. Therefore, if you have not taken precautions, you and your customers may be exposed to a considerable risk of being hacked.

Once a hacker gets into your website they can not only steal your information but also destroy all the information of your website. The most dangerous part of such destruction is you can never undo such disastrous act. Therefore it is your duty to take the necessary precautions to discourage hackers and keep your data safe and let the business continue to run smoothly.

Below are some security precautions you can think consider for your website. By taking these steps you can help seriously reduce the chance that you’ll get hacked.

1.  Stay Updated

Be aware of the latest threats in the digital world. You should at least know the basic information of the possible threats and which will help you decide what  precautions you should take. There are few websites which can assist you to get up to date information. You can take a look at those websites and then you will be able to stay updated with ease.

2.  Lock Down Your Access Control

Make sure that your basic precautions are tough enough to discourage a hacker. Never use easy-to-guess passwords and usernames. It is much better if you change the default database prefix from wp to a harder and more random prefix. You can even limit login attempts. If there is more than one user on your WordPress website, you need to introduce strong security policies for all of those users. Following these precautions can give you the peace of mind of knowing that your website cannot be hacked by guessing the password.

3.  Software updates are crucial

It is important to update your software regularly. Do not neglect the updates. What if the most recent update is about security vulnerability and you have neglected it? Hackers are quick to become familiar with security issues in WordPress, so take advantage of the security updates that WordPress provides. Ideally you should automatically install all core WordPress updates.

4.  Install Security Ninja

If you’re wondering how to keep your WordPress site safe, you must take a look at the security plugins available as well. That’s where Security Ninja comes into play. It is one of the best and most popular security plugins available WordPress users. Security Ninja makes it easy to secure your WordPress site.

Security Ninja only takes a minute to scan your whole site for security issues and then helps you deal with them one by one. Easy and efficient!

WP Security Ninja

5.  Maintain a strong network security system

You should pay a good attention to the security your network. You never know if users in your office inadvertently provide easy access to your servers. Therefore, make sure that you have taken action to:

  • Expire user logins after a short idle period
  • Frequently change the passwords
  • Use strong passwords and never write them down.
  • Scan all the peripherals whenever you use them with the computer

6.  Try a Web Application Firewall (WAF)

WAF can be software, hardware or can be a combination of both. It stands between your web server and the data connection to read each and every bit of data transmitted. WAFs have the ability of blocking malicious accesses and hacking attempts to provide you the peace in mind. There are some built-in firewall options available in WordPress for you to try out. You can take a look at them as well. 

Again, we advise checking the Security Ninja PRO plugins which now feature a Cloud Firewall that will protect you.

7.  Install security applications

Although not affective as WAF’s, security applications can make hacking attempts difficult to a certain extent. There are free and paid applications available to download. These are good in preventing automated hacking attempts

8.  Use SSL

You have the option of using an encrypted SSL protocol when transferring your users’ sensitive data. In fact, this can protect your information from being read by unauthorized persons. Setting up SSL with WordPress is pretty easy and should be considered an important step in securing any WordPress installation.

9.  Backing up

Last but not least, you should back up your website’s data both online and offline very often. This will be useful if any damage is caused to your website. Use an automated backup system to backup the website multiple times a day.

Introducing the Kernl WordPress Statistics Page

On an average day Kernl handles around 2 million requests from 135,000 unique domains. Our analytics offering lets you use this data to make better product development decisions, but there is also a more holistic view of the Kernl and WordPress ecosystem to be had. I’d like to introduce to you the Kernl WordPress Statistics page!

What is it?

The statistics page gives you a high level overview of Kernl ecosystem. This is a subset of the overall WordPress ecosystem with the important distinction that every domain represented has paid for a plugin or theme. It includes information around WordPress versions, PHP versions, and the language that the site is in.

Kernl WordPress Statistic Image



There are a lot of neat visualizations that you could make with this data over time, so the API is exposed and can be used by anyone. Check out the Kernl API documentation to get started. No authentication required.

Awesome! Where do I go to see this in action?

Check out , or go to the Kernl homepage and scroll all the way to the bottom.

What’s New With Kernl – April 2018

Welcome to April! It was fairly light month for Kernl feature-wise as we’ve been spending more of our efforts on marketing and advertising. We did manage to get a few things done, so lets get in to it!

Features & Bug Fixes

Plugin Update Icons – You can now set the icon that shows up in the WordPress update dashboard! No more gray power outlet icon! To set it, go to your plugin -> edit -> meta and then upload an image.

Multi-Subscription Bug – It was possible (although hard) to get your account into a state where you had multiple Kernl subscriptions assigned to it. This has been resolved. If you notice this happening to you on your invoice, please reach out to

Upgrade to Node.js 8.10.0 – Kernl is now run on the latest LTS version of Node.js. Performance and security updates were part of the upgrade.

Envato License Check Bug – There were certain situations where the Envato license check functionality wasn’t working. This has been resolved.

Blog Post – A new blog post about how I develop features for

How I Develop Features for

A little over 2 years ago I started a tiny side project called Kernl to scratch an itch, solve a problem, and learn some new technologies. It has been successful beyond anything I could have imagined and I’ve learned a ton of new things along the way. One of those things is how to ship new features to customers quickly, safely, and with the commitment to stability and performance that my customers have come to expect.

The full process for developing features on Kernl touches a lot of different areas: Customer Support, Product Management, Software Development, and Marketing. It’s taken me some time to figure out a good process for all of these things, so I’m sharing my learnings in hope that it helps someone out.


Kernl isn’t that big. Honestly, it isn’t big at all compared to the likes of Facebook, Instagram, Google, etc. But Kernl isn’t small either. It’s just big enough that I have to worry about scale, availability, and consequences to the WordPress sites that it interacts with on a daily basis should it go down.

Kernl Scale Google Analytics Image

Remember how I said Kernl was a tiny side project when it started? Well it was developed that way too originally: A full-stack monolith on a single $5 DigitalOcean droplet. As time went on and Kernl grew I eventually split everything up and landed at a highly available setup that can scale horizontally, but I got some scars along the way. Those scars taught me two things:

  1. Your customers don’t care why you went down.
  2. Don’t take unnecessary risks.

With those two things in mind, I organically grew into a process that helps release features slowly, gather feedback from targeted customers, and then release it into the wild.

Customer First Development

Kernl has a backlog of about 200 items that should probably get developed in the future. There is a constant stream of new ideas that get added to backlog, sorted, and filed for later. But the one thing that always makes it to the very top of the backlog is a customer feature request.

Kernl Trello Board with Backlog

When a customer feature request comes in, the first thing I do is try to figure out what exactly it is they are requesting. Once I have an OK handle on that, I respond to the customer and explain what I think they are asking for. This helps me clarify the requirements and solidify my understanding of the feature.

Once I’ve got a handle on what they’re asking for I take a few moments and decide not only if I can implement this feature, but also if I should implement the feature. As I don’t yet work on Kernl full-time, the hour (or less!) that I spend working on it every night is precious. If I don’t think that the return on a feature is going to be high enough I often have to turn it down. Most of the time though feature requests are reasonable 4-5 hour projects and I’m happy to implement them.

Developing for Safety

I have an extremely low risk tolerance when it comes to Kernl. One of the things I like about Kernl is that I can leave it alone for a few days and be confident that it won’t have exploded while I’m gone. Every feature I develop for Kernl has the potential to ruin my confidence in it, so I’m very careful about how I do things.

The first step I take is to always create a feature branch. This may seem like a no-brainer to most software developers, but I have very unpleasant memories from 10 years ago before I realized how stupid it was to always develop directly on master. Once I have a branch created I get to work. If the code I’m writing is in one of the critical high traffic paths I’ll do proper TDD because it helps give me confidence that I’m not going to get woken up at 2am because of a coding mistake. If the code is not in the critical path I’ll generally write the tests afterwards or as I go along. The coverage is still good and meaningful, but development tends to be a bit quicker for me this way.

Once the feature is mostly complete, I wrap it in a feature flag so that I can easily toggle it on and off when I need to. If you aren’t familiar with feature flagging, its a process that allows you to decouple feature releases from code releases. For Kernl, I dogfood and use Kernl’s feature flag infrastructure to toggle features on specifically for the customer who requested it.

Kernl Feature Flag Overview

The Slow Release

As I mentioned above, using Kernl’s feature flagging I can be extremely choosey about who sees a new feature. The first thing that I do once I deploy a new feature is toggle it on for myself. After I’ve taken some time to test it out and verify the functionality I’ll toggle the feature on for the customer who requested it.

One of the great things about having developers as your main customer base is that they’re often very happy to help shake out features (especially when they requested it!). If the customer doesn’t find any bugs over the course of a few days and I’m satisfied that feature won’t cause any trouble, I change the feature toggle to a simple on/off toggle and leave it on for everyone.

The best part about this approach to development is that it gives me peace of mind. If I start getting notified in the middle of the night that the new feature I just released is acting up, I can just log in to Kernl, disable the feature flag, and go back to bed. Obviously this doesn’t work if the offending code is in the feature flag area, but most of the time its a non-issue.

Basic Marketing

As a developer it took me awhile to realize something about releasing new features: People won’t notice them unless you market them. After learning that hard lesson, every new feature that Kernl gets also receives a simple blog post, Twitter message, and marketing email. I personally believe that every new feature should be celebrated and I’ve found that generally customers are happy to see active development happening on a product that they’re paying for.

Sendgrid Marketing Campaigns

Kernl customers don’t log in to the product every day. Ideally they have WordPress continuous deployment set up so they only need log in to setup a new product, so chances of them noticing a new feature just by usage are small. Because of this usage pattern basic marketing is essential for existing Kernl customers so they know what’s new.

While this full process can seem a little bit heavy for a side-project, when you have a bunch of paying customers who rely on you for a critical piece of their product you have to be careful.

Kernl Now Supports Update Icons

Have you ever wished that Kernl supported plugin update icons? Well, your wish is our command!


As you can see, before this change the icon displayed on the WordPress update dashboard for Kernl-based plugins was the default “power cord” image.

Kernl Plugin Update Icon - Before


Now you can upload your own icon to Kernl and have it displayed in the update dashboard.

Kernl Plugin Update Icon - After

Getting Started

Using the new plugin update icon feature is easy.

  1. Add the latest version of the plugin_update_check.php file to your plugin.
  2. Upload an icon (64×64) to Kernl in the plugin meta tab.

How to upload new plugin icon

That’s it! Deploy your update so that all of your customers get the new plugin_update_check file and Kernl will start serving your update icon when you release your next update.

If you have any questions or need help getting set up, shoot and email to

What’s New With Kernl – March 2018

Welcome to March everyone! Lots of great stuff happened with Kernl this month, so lets get into it.


  • New Marketing Site – The new marketing website for Kernl launched! For most of Kernl’s life the marketing page has been a single landing page optimized for only plugin and theme updates. Since inception Kernl has grown to include a lot more than just updates and the new marketing site reflects that.
  • PHP Version and Install Language Analytics – Kernl Analytics can now track what PHP version your customers have installed as well as the written language of the site. Knowing this information can help you make smart data-driven decisions about internationalization and which programming language features you can target.
  • Plugin & Theme Dashboard Views – Previously when you went to the “versions” page in Kernl you were greeted with just a list of versions for the plugin/theme. Now you can easily see downloads stats, licenses, versions, and Git deployments in one easy screen.
  • Let’s Encrypt SSL Certificates – Kernl switched over to using Let’s Encrypt SSL certificates.

Bugs Fixes & Other

  • The /latest-version endpoint now includes the version id.
  • Build emails were not displaying the correct repository. This has been resolved.
  • Digital Ocean has been doing scheduled hard reboots of servers to handle Meltdown/Spectre issues. We’ve had to carefully manage this process but it looks like we made it through mostly unscathed.
  • There is now a simple proof-of-concept realtime channel on the marketing home page that updates the download count. Eventually we hope to use realtime with feature flags and any other number of things.