The Ultimate Guide To An Affiliate Program For WordPress Plugins And Themes

Affiliate Program for Plugins & Themes

When your plugin or theme business reaches a certain maturity, inevitably, you start to explore additional revenue streams. One trendy channel is affiliation. Setting up an Affiliate Program can be a powerful, long-term investment that will make you money, power up your SEO, and improve your brand awareness. Alternatively, if planned or executed incorrectly – become a huge waste of time and money.

This guide is (probably) the most comprehensive one for commercial WordPress plugin and theme business owners and indie developers. If your team is considering setting up an Affiliate Program you should probably send this over to the person who makes the evaluation. It will help you/them make the right decisions.


One of the most frequent questions we’ve been asked by plugin and theme developers that are considering to use Freemius for monetization is if they can use it with an Affiliation Platform. Due to the way Freemius works, it wasn’t possible. Plus, for various good reasons, we postponed the development of our Affiliation Platform for a long time. But finally, after 25 pages of specs, six long months of planning, development, and testing, we have released our fully-featured Affiliation Platform so our partners can now onboard affiliate marketers (all for free!).

While we were planning and designing our solution, we had a unique opportunity to evaluate the different capabilities of other existing Affiliate Platforms, inspect the guts of affiliation and Affiliate Fraud, and learn about the biggest misconception plugin and theme business owners have with regards to affiliation (discussed further down).


I’m sharing everything that we’ve learned during our research on affiliation, specifically for commercial WordPress plugin businesses and theme shops: why, how, and when, setting up an Affiliate Program makes sense to avoid wasting time and money; what to expect from an Affiliate Program (financially); The benefits of an Affiliate Network (SaaS) vs. a self-hosted Affiliate Platform; Best practices to attract affiliates; A proven strategy to recruit great affiliates; what are the risks and common practices of Affiliate Fraud, and how to avoid them; and what to look for in an Affiliation Platform;

Let’s get started!

While there are a lot of excitement and expectations from an Affiliate Program, setting up and managing a successful program requires significant time investment and efforts, which are an overhead that not every WordPress plugin/theme business can afford. The biggest misconception among developers is that an Affiliate Program will skyrocket the business’ bottom line.

So I first want to address this “sacred cow.”

What Percentage Of Increase In Revenues Should You Expect From An Affiliate Program?

Don’t expect your WordPress plugin or theme revenues to skyrocket after introducing an Affiliate Program. After chatting with lots of popular plugin and theme business owners, the best performing Affiliate Programs yield around 10% of those businesses’ gross revenue.

Just to be safe with my assessment of the market, I ran a poll on the Selling WordPress Products Facebook group in which most businesses who participated stated that they are generating less than 5% of their gross revenue via affiliation:

a poll on Selling WordPress Products Facebook group
Link to poll

Some of the participants in this poll represent businesses with dedicated personnel managing their Affiliate Program, which means that they take affiliation very seriously. So, no – you’re probably not going to double your revenues overnight 🙂

During my research, I also had an interesting chat with my friend Yaniv Nizan, the CEO and co-founder at Soomla, who’s an expert in the mobile gaming world. Yaniv revealed that the numbers in mobile gaming affiliation are way lower and average around 0.5%. While an Affiliate Program for a WordPress product business can yield 20x more than a mobile gaming one and 10% can be a large amount when you’re selling licenses worth millions of dollars, most WordPress plugin and theme businesses are not there.

Now let’s do some napkin calculations based on the following very reasonable, and probably higher than the average numbers:

  • Your plugin/theme business is generating $100k a year.
  • The gross revenue generated by an Affiliate Program is 5% of the total revenues, which is still a very respectful number.
  • The affiliation commission is 25% (usually ranging between 20%-30%).
  • Out of your registered affiliates, 20 are actually generating revenues.
  • The average cost of a payout to an affiliate is $2.
  • You pay affiliates once a month.

So what is the annual gross from affiliation in this scenario?

Annual affiliate gross = 5% of total grossaffiliates commissionpayouts cost = $5,000 – 25% x $5,000 – 12 x 20 x $2 = $3,270

So it’s not really $5k, after commissions we are already at $3,270, without calculating the cost of your time, which we, developers, tend to forget easily 🙂

Here are a few additional assumptions related to time cost:

  • It takes 15 min to pay the earnings to affiliates.
  • It takes 3 hours to initially set up the Affiliate Program configuration.
  • It takes 8 hours to build a landing page where affiliates can apply for your Affiliate Program.
  • You spend an hour a month on average reviewing affiliate applications, making sure affiliates are not trying to game the system, etc.
  • Your hourly rate is $100.

Affiliate program time cost = $100 x (¼ hour x 12 + 1 hour x 12 + 3 hours + 8 hours) = $2,600

This leaves you with only $670 of gross revenue for the 1st year, and $1,770 per year, afterward.


What about the cost of the Affiliate Platform? SaaS (software as a service) solutions usually start at hundreds of dollars per month, and larger players such as ImpactRadius can even get to thousands of dollars per month. While self-hosted solutions are usually cheaper, you’ll still need to pay at least $100 a year.

Now, if you need to collect W9/W8-BEN forms and issue 1099-MISC, that is an additional time overhead and dollars that you’ll need to pay to your accountant.

And this is all before taxes 🙂

Am I trying to discourage you from getting into the shiny affiliation world? Not at all. But you do need to do your math properly because running an Affiliate Program might not be a good fit if the main drive is strictly financial. Plus, time is the most valuable asset you have, especially if you are a sole developer, you may want to invest this time into something that offers a better ROI (return on investment). Moreover, managing all these logistics is not fun at all.

PRO TIP: Selling subscriptions with automatic renewals can significantly improve your ROI for the long run since those new customers your affiliates on-board will generate more revenues as their subscriptions renew, without any additional overhead.

Grab a free copy of our Cheat Sheet for
Selling Plugins and Themes

A growth roadmap with concise, actionable tips for every milestone of WordPress product development.

blue book with the title “Cheat Sheet for Selling Themes and Plugins by Freemius” written on it

The Added Benefits of An Affiliation Program, Besides Money

“Free” Content Marketing

The most common affiliate marketing technique that your affiliates will use is reviews and promotional content. Basically, affiliates will write about your plugin or theme on their blog, website, or any other web assets they are connected to. More people will get to “hear” about your product, learn about its benefits, and visit your site or your listing page. This is especially valuable when you are a sole developer and prefer to focus on the product and development, and don’t like to handle the marketing part.


You may think that SEO is a by-product of the content marketing I just mentioned above. In most cases – it’s not. Most Affiliate Platforms will use special redirection links that link to the Affiliation Platform’s domain and not to yours. A common structure of an affiliate link looks like this:

Therefore, when an affiliate marketer writes a review about your plugin or theme, they will have to use this special link structure to make it work, which means that you will not get the SEO juice for your domain. Bummer, right?

Luckily, there are ways to work around that issue. Let’s say that you want affiliates to link directly to your homepage, You can store a mapping table on your backend, linking between the affiliates’ domains to their affiliate IDs, something like: -> 1 -> 2
... -> N

Then, add some code to the target page’s backend (on that will check the HTTP referrer, and when there’s a match in the table, redirect it to the special link. For example, if a visitor clicks on a link to from, your backend logic will auto-redirect the page to:

If you have some sys-admin knowledge and don’t mind getting your hands dirty, you can make this all happen without any coding on the server level using Nginx / Apache redirect rules.

The main drawback of that technique is that you won’t be able to easily cache your homepage (or other pages that you’d like to allow affiliates to link to). One simple workaround for this would be adding a querystring parameter to hint your server whether the HTTP request should continue to the application level or just return a cached version. So instead of asking your affiliates to link directly to, they should link to, where “r” is the querystring parameter that hints the server to ignore the cached version. I know it’s not pretty as just having the site’s URL, but it’s hard to have your cake and eat it too.

In addition to the SEO benefit for you, this approach and organic links structure are also better for the affiliates for the long run because even if something bad happens to the affiliation platform (e.g. the Affiliate Platform is down), you can turn off the mapping logic and the links will work just fine, as simple links, without the redirection.

FREEMIUS DEVS: Once we see more traction by developers using our Affiliate Platform, we plan to release a free WordPress plugin that will automatically sync the data from the Freemius API and dynamically build this mapping so if you’re running your website on WordPress you’ll have an out-of-the-box solution to address exactly that.


If you have a freemium product make sure that the affiliation solution you choose supports linking to 3rd party assets that you don’t own, and later attributes an upgrade to the affiliate that promoted the installation of your free version. As we invest a lot in the freemium model, that was an important functionality when we designed the Freemius Affiliation Platform. So for example, if your free theme’s listing is, with the Freemius Affiliate Platform, affiliates can promote the free theme with a URL that looks like this:

This URL is quite ugly so usually what affiliates can do is install a URL shortener plugin such as pretty links, and map it to a nicer URL that can look like this:

TIP: If you do want to get SEO juice even for your free version, you can leverage the RESTful API to dynamically build a replica of your listing and ask affiliates to link to that page instead.

If your Affiliate Platform supports 3rd party assets linking like ours, your affiliates will be able to promote your free products while getting rewarded for the free users who eventually upgrade to paid. It’s a win-win since promoting a free product is much easier and the conversion rate is higher. You can get more users to try out your free offering, get into your marketing funnel if you use an opt-in solution like Insights, and eventually maybe upgrade.

SECURITY TIP: A good Affiliate Platform should restrict the destination URLs to avoid abuse and cookie stuffing while linking to URLs that are not even related to your product.

Why We Chose SaaS Over A Self-Hosted Affiliate Platform Solution?

When we were exploring the different options to tackle affiliation, we were internally debating whether we should go with a self-hosted solution or a SaaS (software as a service).

If we inspect the WordPress ecosystem, most commercial plugin and theme businesses that have an Affiliate Program in place are using self-hosted solutions such as AffiliateWP. But when we peek outside the WordPress bubble, the vast majority of the companies are not using self-hosted solutions. Instead, they use services with Affiliate Networks.

So we started to do some digging to understand the differences, and while the easier and quicker course of action was forking a GPL licensed Affiliate Platform, we decided to stay away from the self-hosted route and build a service with a network instead. Here’s why:

  1. One of the main challenges with affiliation is bringing affiliate marketers to sign up for your Affiliate Program. A self-hosted solution means that the marketer will have to hear about the program somehow, then register for another website, then learn its dashboard and how to use the specific program’s assets. That’s a hassle; professional affiliate marketers simply don’t work that way. An Affiliate Network offers a platform for connecting affiliates and businesses in one place with one account. Looking to the future, we have a growing inventory of WordPress plugins and themes. If a person becomes an affiliate of PluginX, we can offer them to also become an affiliate of ThemeY with almost no extra efforts – everyone wins!
  2. Self-hosted affiliate solutions rely on the server’s performance where they are installed. We wanted to bring affiliation to all of our partners, whether they are making tens of thousands of dollars a month, or just got started and are still pursuing their first dollars. Since there’s no correlation between the revenues of a product to the amount of traffic generated via affiliate links, potentially, a developer who just started to sell their plugin or theme, will get a sudden boost in traffic that can kill their server and will require to scale up the server which can cost a lot of money and may even require a migration process. Commercial plugin and theme developers have enough challenges of their own, scaling servers due to a spike in affiliation traffic is by far not a core of the business.
  3. Affiliate Fraud is a big thing. For instance, eBay’s top affiliate marketer was arrested back in 2014 after paying him and his partner over $35M in commission over the years. We’ll dive into Affiliate Fraud later. While there are different techniques that significantly reduce the chances of fraud, attackers are constantly looking for creative ways to trick Affiliate Platforms. When running a self-hosted Affiliate Platform, there’s no “shared knowledge” and you have to fight fraud yourself. When running a network, when an affiliate is flagged as an abuser, they can be flagged out of the whole network.

Since we decided to go with SaaS, any developer on our network, small or big, can confidently start onboarding as many developers as they wish. The network effect helps us to protect developers from fraud, and in the future, we’ll make it easy for affiliates to start promoting additional products inside our network.

Best Practices for Attracting Affiliate Marketers

A Good Product

It’s obvious, but first and foremost, your product has to be good or at least has to have a good reputation. When an affiliate marketer considers whether to promote your WordPress product or not, just like in any investment process, they will calculate the risk vs. reward. If the potential affiliate thinks that your product is shitty, most likely, they will not “invest” in promoting your product, even if the affiliate terms are superb.

Marketing Your Affiliate Program

Just like any other product, you’ll need to market your Affiliate Program. You’ll have to spread the word out and explain why it’s appealing.

This too may sound obvious, but many developers tend to forget it. Having an informative landing page for your Affiliate Program and linking to it from your site’s footer section is just the start. A few examples of how you can market an Affiliate Program:

  1. Getting your Affiliate Program featured in articles like “Top Money Making Affiliate WordPress Plugins”
  2. Getting a social shout out from leading affiliate marketers with a large followers base
  3. Collecting and featuring testimonials from your top affiliates, showing potential affiliates that your program is not a scam and there are real people that make money by promoting your product
  4. Linking to your Affiliate Program from your product’s listing

A great technique that we found that we found converts very well is marketing your Affiliate Program right from within the WP Admin dashboard of your users:

marketing your Affiliate Program right from within the WP Admin dashboard

Using this technique significantly increases the visibility of your Affiliate Program among your users. If you feel that adding a submenu item is too intrusive, you can use a tab, or alternatively, include a dismissable admin notice that will show up after 30 days of usage, or based on any other trigger that you find suitable for your plugin or theme. If you do go with the notice approach, just make sure that you only show it to users who have not yet applied to the Affiliate Program. Otherwise, it could be slightly annoying.

To keep the experience as seamless as possible and increase the conversion rate for registration, include the application form right within the WP Admin:

include the application form right within the WP Admin

Just to give you some numbers, since introducing that option in one of our plugins two years ago, 503 users applied to the plugin’s Affiliate Program. That’s 21 affiliate applications every month!

The upcoming release of the Freemius WordPress SDK will include it out-of-the-box to help our partners spread the word out about their Affiliate Program without sweating 🙂

The reason this technique is so powerful is that your users and customers are great candidates to promote your product. They already use and hopefully also like it, and can write about it from their personal experience. Also, since they are running WordPress, most likely they run a blog on their site which makes the path to a nice review of your product shorter than ever.

Stand Out With A Lucrative Affiliate Offering

As mentioned, the bigger the affiliation reward, the higher the chance of attracting more affiliates. The two fundamental parameters that affect the affiliate reward are:

  1. Affiliate Commission: The higher the commission, the more money the affiliate will generate every time they manage to drive a customer to your paid version. The commission can be set in absolute money value, or as a percentage of the transaction. Here’s what it looks like on Freemius:
    Affiliate Commission
    In the WordPress plugins and themes ecosystem the average commission is ranging between 20% to 30%, so if you can offer more than that – your Affiliate Program will stand out.
  2. Cookie Expiration: The cookie expiration means the number of days the referral tracking cookie is valid for. A longer cookie expiration period is better for affiliates since it increases the chance that a purchase will be attributed to the affiliate. For example, if a user stumbled upon a review with an affiliate link and clicked it, and then purchased your product only 45 days later – if the cookie is only valid for 30 days, the affiliate will not get rewarded for that purchase. However, if the cookie is valid for 60 days, the affiliate will get their commission. While increasing the cookie expiration period is more attractive, it also increases the chance for Affiliate Fraud which we are going to cover further in this article.
    At Freemius, we allow developers to set the cookie expiration period by days, or alternatively, only reward affiliates when the purchase occurs within the same browser session after clicking the affiliate link:
    set the cookie expiration period by days or by session

Reward Subscription Renewals

To make your offering more appealing, a good strategy for products with recurring payments is offering a commission for the initial subscription payment as well as its renewals. As the affiliate drives more subscriptions to your business, they accumulate more recurring affiliate commission in the future. With Freemius, you can either reward all renewals or limit it to a specified number of days:

limit renewal rewards to a specified number of days

Lifetime Commission

Whether you sell subscriptions or only one-time licenses, a great way to make your Affiliate Program “shine” when compared with others is offering a “Lifetime commission”. When a new customer’s upgrade is attributed to an affiliate, the customer will be linked to the affiliate for life, allowing the affiliate to get a commission for all future purchases and subscriptions made by that customer. This is a powerful option, so before you choose your Affiliate Platform, make sure it’s supported.

Which Customers to Reward?

If you’re on Envato’s ecosystem, i.e. you’ve been selling WordPress plugins on CodeCanyon, or commercial themes on ThemeForest, you probably noticed that Envato’s Affiliate Program terms state that affiliates are only rewarded for new users. Envato’s offering is quite discouraging for affiliates, especially since Envato’s community has over 11M users already. So even if the user clicks on an affiliate link and makes an immediate purchase, there’s a high chance that this user is already part of their 11M users’ community. Hence, the affiliate won’t get a commission for such an upgrade.

At Freemius, we give developers the flexibility to choose to reward for every affiliated purchase (regardless of the type of customer) or reward only new customers who never purchased the plugin or theme before but maybe have used its free version. Additionally, rewarding affiliates only for new users just like Envato does is also an option.

choose how to reward for every affiliated purchase

As a rule of thumb, as long as your user-base is below 1M users, I’d recommend rewarding for all upgrades, regardless of the type of customer. Once you cross the million users milestone, you may want to consider making the affiliate terms stricter.

Performance-Based Incentives

Just like when hiring an employee, if they do the same work for two years straight, without any motivational rewarding, there’s a good chance that there will be a reduction in motivation. Offering financial incentives to affiliates that hit certain milestones is a great way to keep them going.

You can either offer cash rewards or an increase in the affiliate commission percentage. Examples:

  • $100 bonus when hitting $1,000 in referrals gross revenues.
  • 10% increase in affiliate commission when hitting 3,000 referred sales.

Make sure to include those special milestone based bonuses in your Affiliate Program marketing page.

Affiliate Coupons

Marketing any product is not an easy job. An easy technique to increase the potential conversion rate is offering an exclusive coupon for affiliates. If you include an affiliate coupon as part of your Affiliate Program’s offering, potential affiliates will know that it will be easier to drive traffic to their site by promoting the coupon, as well as an easier sell since customers will have an additional incentive to purchase your product.

This is a partial list of the most popular incentives which can make the terms of your Affiliate Program sweeter.

There are more creative techniques you can use; it’s really up to your imagination.

How To Recruit The Best Affiliates for Your Commercial WordPress Theme or Plugin?

While having a lucrative affiliate offering and providing an easy way to apply is great, it doesn’t mean you’ll get the best, or more precisely, the most suited affiliates for your product.

If you like to get the most of your Affiliate Program you have to be proactive. Waiting for amazing affiliate marketers to fall into your arms is an unrealistic scenario. So instead of waiting for them, go and get them yourself!

  1. You first need to identify the social influencers that are most relevant to your product. For example, if you are selling WooCommerce extensions, you can check WooConf’s speakers line up, and then do some research on the social influence every speaker has. An easy way to check the influence of a person is using the Klout score.
  2. After you have a list of at least 20 influencers, it’s time to reach out to them.
    • The best way is to try and “hunt” those influencers in conferences/meetups, engage in a conversation and casually, talk about your product and affiliate offers. This requires a LOT of resources and time investment, so maybe just do it with the top 3 influencers in your product’s space.
    • The 2nd best option is trying to get warm intros from mutual connections. In this scenario, face-to-face intros at conferences will likely work best, but email intros are also great.
    • And the last resort you’ll have to settle for is cold emails. While it’s “cold”, it doesn’t mean that it’s not converting 🙂
  3. It’s very likely that you’ll need to offer special affiliation terms for influencers. They usually are very aware of the fact that they are influencers 🙂
  4. Once you get a few influencers on board (even if it’s only one person), if they are serious, they will start mentioning/recommending your product in various channels like Twitter, in conferences, mention it in podcasts, etc.

Affiliate Fraud

What Is An Affiliate Fraud?

Affiliate Fraud is any affiliate activity that violates the Affiliate Programs terms of use, usually, with the intention of tricking sellers and customers, eventually misleading the seller into paying affiliate commissions that they shouldn’t be paying.

There’s a wide range of Affiliate Fraud techniques; I will cover the most popular ones and how to protect against them:

Stolen Credit Cards

Credit card theft is a global epidemic. I personally replaced 4 credit cards in the last 3 years due to fraudulent activity. In the US alone, according to this fraud research, 15.4M Americans got hit by identity or credit card theft during 2016. That’s about 5% of the entire US population! Now if you peek into the dark web, you can easily find stolen credit cards for sale as little £1 each. Some black hat affiliates may go as far as buying bulks of stolen credit cards and make purchases of your premium plugin or theme under fake identities just to get the affiliate commission.

Credit Card Theft

These transactions will later turn into refunds, disputes, and chargebacks, but it can be too late if the affiliate commission has already been paid.

Refunds And Money Back Guarantee

Many WordPress plugins and theme shops offer a money back guarantee or some other refund policy. An “evil” affiliate can buy multiple copies of your product(s), get the commission, and then ask for a refund or dispute the payments with their credit card company. If you have a “no questions asked” money back guarantee policy and fail to connect the dots and realize that the requested refunds are all associated with the same affiliate, you may lose a lot of money for no reason.

Email Spamming

Buying a mailing list of WordPress site owners is way easier than acquiring stolen credit cards. For example, you can easily buy a leads list of WooCommerce sites, with the admin emails, from BuiltWith. Some affiliates will gain access to such lists and spam their inbox with promotional emails to drive clicks.

Most of these spam emails, unsurprisingly, end up in the spam folder, and there’s a good chance that people that actually open the email will associate your brand and product as spammy – which will eventually lead to a negative effect, hurting your credibility.

Cloning With Domain Typos

This is a very interesting abuse which is usually used for phishing attacks. Let’s say that your product’s domain is An affiliate can register the domain (zero instead of the letter ‘o’) and clone your site to mislead potential buyers that will not notice the typo in the domain and may think that the clone is the original site. This is purely a traffic and sales theft, resulting in direct losses to your WordPress business.

Fake Clicks And Impressions

Another popular way to reward affiliate marketers is based on CPC (Cost Per Click) or CPM (Cost Per Mille – where a mille is 1,000 impressions). Basically, instead of paying commission on sales, you can reward an affiliate based on Pageviews or Clicks. Many affiliates find this reward more appealing than sales commission since the opportunity is more predictable. For example, if an affiliate marketer owns a WordPress themes review blog with 1,000,000 pageviews a month, a CPM based Affiliate Program with a $1 per 1,000 impressions will yield $1,000 every month. Faking clicks and impressions just to bloat the numbers is quite simple. Just like in advertising, fake pageviews and clicks are not converting and it’s just money that goes down the drain.

Cookie Stuffing

Cookie Stuffing is probably the favorite and most popular affiliation fraud out there. In a proper, non-abused affiliation mechanism, the affiliate cookie is set when the user visits a page on your site, or on a 3rd party URL such as your listing – a page that is directly related to your plugin or theme. Cookie stuffing fraud will infect visitors with the affiliation cookie from a website that is unrelated to your products, usually without the user being aware of it. It comes in many shapes and forms, but the concept of the fraud is the same. The easiest technique is adding a hidden iframe linked to an affiliate link. So all the visitors of that page will be infected with the cookie unknowingly, and if any of those visitors will purchase your product later on while the cookie hasn’t yet expired, the malicious affiliate will be rewarded with a commission without ever promoting your product.


Clickjacking is a subcategory of cookie stuffing which many illegal downloads and streaming websites like to employ. When you visit such a site – unexpected pop-ups will open upon different actions. For example, when a visitor clicks the video play button, instead of playing the video, it usually triggers a background popup with some 3rd party website. Whether the visitor checks the content of that pop-up or just closes it right away, an affiliation cookie (and other tracking pixels) is stored on their device. A person that owns such an online property can sign as an affiliate, and maliciously infect all of their visitors. If an infected visitor later purchases a product from your site, this affiliate will earn a fraudulent commission without actually marketing your product.

How to Avoid Affiliate Fraud While Choosing The Right Affiliate Platform


The main principle to avoid fraud is moderation – approving all of the affiliates in your program manually. Make sure that your affiliate program application form contains questions about the applicant and their web assets. Here are the questions we require marketers to fill in when applying to become affiliates for any Freemius-powered plugins and themes:

approving all of the affiliates in your program manually

Once you have that data, don’t just automatically accept every person that applies. Do some diligence, such as checking the applicant’s social identity, verifying that the web assets are really owned by that person, and making sure the website category relates to your products. For example, if you sell premium WordPress themes strictly for the Automotive space and you receive an affiliate application to promote your themes on an online Gaming website, that should raise a red flag.

While we do recommend manually approving affiliates, Freemius partners have the flexibility of auto-approving customers or users who apply as affiliates:

auto-approving customers or users who apply as affiliates

That way you at least can be certain that the affiliate tried out your product or is paying for it, so it’s not just a random troll.

Delayed Commission Payouts

You can mitigate the stolen credit cards and refund frauds relatively easy by adding a time buffer before you pay the commission to affiliates. Developers who monetize with Freemius have a 30-day period in which they can optionally refund payments, whether they have a refund policy or not. Therefore, any referrals (conversions that are associated with a valid affiliate cookie) are set as pending for 30 days.

Delayed Commission Payouts

That way, if a refund request is initiated, the developer can process a refund which will immediately void the referral. Similarly, if the referral was generated by a stolen credit card, 30 days is enough time for the cardholder to report the theft and for the payment to be disputed by the credit card company. In both cases, the referral will be voided, and the developer won’t lose the affiliate commission.

Verifying Credit Card CVC & Zipcode

The most common credit card theft technique is scanning the number of the magnetic strip. Unlike the number, the CVC 3 digits code (or 4 digits for AMEX cards) isn’t stored on the strip or chip. Therefore, requiring a CVC validation from your gateway provider adds an extra security layer which can decrease some of the fraudulent transactions when the card wasn’t physically stolen. On top of that, requiring the cardholder’s zip code adds another security layer since the zip code isn’t located anywhere on the card. Getting back to the usage of stolen credit card numbers, it’s significantly harder to get access to a database of stolen credit cards with their CVC and cardholders’ zip codes.

Avoid CPC and CPM

As mentioned, faking clicks and pageviews is pretty straightforward. Even if you use a cookie to tag the visitor or track the visitor by IP, cookies can be easily erased, and there are plenty of tools to mask the IP. Moreover, if an affiliate has a technical background, with today’s modern virtual cloud infrastructures, it’s not too hard to code a script that will dynamically spin up servers with different IPs, fake clicks, and impressions, and kill the server, in an ongoing loop. Therefore, I recommend staying away from CPC- or CPM-based Affiliate Programs. If you want to do advertising, let the ad giants handle it for you, that’s their specialty. Instead, focus on CPA (Cost Per Action) like sales or installation of your free plugin or theme version, in case you are using the freemium model.

Use Gateways With Fraud Protection

Popular payment gateways process millions of transactions every month. Since they are exposed to such huge volumes, they can leverage the network effect to run pattern recognition algorithms to identify high-risk IP addresses and other fraudulent activity. For instance, if a bank disputes a transaction due to a credit card theft, the payments gateway will flag the card and block all future transactions initiated with the same card number. Therefore, it’s highly recommended to use popular payment gateways that have a fraud protection layer. We use PayPal, and Stripe for credit cards processing, both are widely popular and have strong fraud protection mechanics in place.

Restrict The Source And Target URLs

Make sure that your Affiliate Platform can restrict/whitelist the referrer site URLs and the target URL per affiliate. That way, you can selectively control the incoming traffic sources, and the target pages, and fight the common techniques of cookie stuffing. Few examples:

  1. Incoming traffic:
    1. There are many copycat websites that are automatically republishing the exact same content from other sites. If an affiliate reviewed your WordPress plugin and used the special affiliate link, the copycat website will also use the same link. If you don’t restrict the referred traffic by source, all traffic coming from the copycat will associate the visitors with the affiliate, even though it’s not their website.
    2. A potential malicious affiliate can have a popular online asset that has nothing to do with WordPress plugins or themes. This affiliate can add a misleading link to your site labeled as “Check out this exclusive deal” or “Freebies”, which will get some users to click it. If you don’t restrict the incoming source of the referrer, all those innocent visitors will be “infected” with the affiliate’s cookie, and if they later buy your product, the purchases will be attributed to the affiliate. So you risk paying a commission that you weren’t supposed to pay.
  2. Target pages:
    1. Let’s assume that you have a themes shop with free and paid themes. You decide to onboard affiliates to promote your top-selling premium theme that is targeting the automotive space. If you don’t restrict your target pages, a malicious affiliate can promote one of your free themes, which is in a totally different niche, “infect” the visitor with their affiliate cookie and potentially later get a commission without ever promoting the paid automotive theme.
    2. Another typical example is abusing unrelated content from your blog. Sticking to the theme shop use-case, many small business owners share their entrepreneurial journey as part of their blog. A malicious affiliate can submit an affiliated link to such a post on Reddit, which can potentially bring nice traction and “infect” all those visitors with the affiliate cookie, even though the blog post has nothing to do with promoting the product. This example emphasizes the need to restrict both the source traffic (Reddit in this case) and target URL (the blog post).

Anti-Cookie Stuffing Mechanism

While restriction of the source traffic is a great way to reduce cookie stuffing, an abusive affiliate can still include a hidden iframe into a whitelisted page which will infect all of their traffic.

Cookie Stuffing

Modern Affiliate Platforms can leverage special HTTP headers to hint browsers they should block and not render a page when it’s loaded from within an iframe. In addition, there are AI algorithms that help to identify real humans browsing behavior and identify clickjacking activities. For example, a simple heuristic is if there’s a sudden increase in affiliate traffic that is unusual for the source URL, an intelligent Affiliate Platform will flag that affiliate as suspicious and will notify the developer for further investigation.

Keep The Affiliate Cookie Lifetime Relatively Short

While longer cookies are more lucrative for affiliates, keeping the cookie for long periods increases the chance of a fraudulent commission generated through cookie stuffing/clickjacking. An extreme example of short cookie expiration period is Amazon. Amazon runs one of the biggest and most popular Affiliate Programs. To reduce fraud, their cookie expiration period is only 24 hours.

IP Restriction

One of the most trivial affiliate abuse techniques is registering as an affiliate before purchasing a product, just to get the commission money back. A simple solution to avoid that activity is by flagging purchases that were generated from the same IP that the affiliate had when they signed up for the Affiliate Program, as invalid referrals. Of course that a sophisticated abuser can use a VPN, but at least you’re making the process harder.

No Second Chances

If a user violates your Affiliate Program terms don’t hesitate to ban them from your Affiliate Program and block their commission. Spammers are spammers, are spammers. There are no honest mistakes in the spamming business 🙂


An Affiliate Program can be a great vehicle to spread the word out about your premium WordPress plugin or theme, boost your SEO, and drive an increase in your revenues. Having said that, developing a successful Affiliate Program requires persistence and hard work, and unless your monetization platform comes with a built-in Affiliate Platform support as we offer with Freemius, it can be quite an expensive investment. Do your homework before rushing into affiliation, make sure that it’s worth your time and money.

While there are many potential risks for an Affiliate Fraud, choosing the right Affiliate Platform will help you to significantly reduce them, and by manually moderating the affiliates approval process and conducting sufficient diligence, you can practically eliminate those risks.

Running an Affiliate Program and have some valuable tricks which can help others? Share your best practices in the comments below.

Vova Feldman

Published by

Freemius CEO & Founder, a serial entrepreneur and full-stack developer since age 14, propelled by a pursuit of excellence, embraces a holistic approach to life shaped by invaluable lessons in hard work and discipline.

Jason Lemieux

“We had a notion of a new SaaS product for the WordPress ecosystem. We rolled it into Freemius to handle all the monetization, plans, subscriptions, analytics, transactional emails, licences: everything we needed to turn an idea into a production ready SaaS.”

Jason Lemieux - Founder at Postmatic Try Freemius Today

Hand-picked related articles