I've got a wordpress website and 2 plug ins.

First the first is server, that is installed to my blog. I create customers with username, password and domain. Second wordpress plugin is perfect for clients by which clients login utilizing their username and passwords then every time they give a publish, it's instantly put into this site.

In client wordpress plugin, I publish data to server wordpress plugin. I wish to prevent fake logins with valid username-passwords but from wrong domain.

It is possible to method of doing this? Observe that clients can edit the code.

when the clients can edit the origin, they are able to remove any lock / licencing when they want. To avoid this make use of a php crypter like ioncube

I'd write the primary wordpress plugin encoded and allow the user perform some setting up in seperate files or wordpress itself. in case your script is encoded, you can easily communicate for your server. Just send some data with _SERVER["HTTP_HOST"] (the domain in which the bought client script is running) and appearance when the domain is within your db. if so, send some encoded "ok" to the calling script.