How to Protect Your MT4/MT5 Expert Advisor Before You Sell It (2026 Guide)

You built an Expert Advisor. It works. Someone wants to buy it. This is the part nobody warns you about: an EA is just a file, and once that file leaves your hands, one paying client can copy it onto ten accounts, hand it to friends, or resell it under their own name — and you'll never know.

If you're about to sell your first EA, the time to think about protection is now, before the first download, not after you spot your strategy running on an account you never sold to. The good news: protecting it properly is a solved problem. The bad news: most of the "protection" first-time sellers reach for doesn't actually work. Let's fix that.

01 / The problemWhy an unprotected EA leaks

When you compile an EA, you get an .ex4 (MT4) or .ex5 (MT5) file. You send that file to your buyer. From that second on, the file is on someone else's machine, and you have zero technical control over what they do with it. Copying a file is free and instant. There's no built-in "this can only run once" in MetaTrader.

So the real question isn't "how do I stop someone copying the file" — you can't. The question is: how do I make the copied file refuse to run unless I've authorized it? That's what license protection actually means.

02 / What doesn't workThe duct-tape that fails

These are the approaches first-time sellers usually try first. Each one feels like protection. None of them holds up against a client who's even a little motivated.

Won't hold

Hardcoding an account number inside the EA. You bake if(AccountNumber() != 12345) return; into the code. The problem: that check lives inside the file, and anything inside the file can be found and patched out. Someone unlocks one copy, and now it runs on any account.

Won't hold

A password the user types in. If the EA stores the password or the "valid" answer, it's extractable. If it's the same password for everyone, one buyer shares it with everyone.

Won't hold

Obfuscation alone. Scrambling your code makes it harder to read, not impossible — and it does nothing to stop simple copying. It slows down the curious, not the determined.

The common thread: if the decision about whether the EA is allowed to run lives inside the file, that decision can be removed. Real protection has to move the decision somewhere the buyer can't reach.

03 / What actually worksServer-side license validation

Here's the approach that holds up, and it's the one every serious EA seller uses. Instead of the EA deciding for itself whether it's allowed to run, it asks a server it doesn't control.

On startup — and on a timer while it runs — the EA sends the account number plus a license key to your server. The server checks: is this key valid? Is it bound to this account? Has it expired? Then it answers. The buyer can copy the file all they want, but they can't copy your server's decision.

There's one detail that separates a real implementation from a fake one, and it's worth understanding even if you never build it yourself:

Check inside the file

// inside your .ex4
if(key != "ABC") return;
runStrategy();

↓ client patches out the check

Decision on the server

// inside your .ex4
lot = server(account,key);
trade(lot);

↓ remove it and the EA breaks

Don't have the server return a plain true/false — that's just one more line to delete. Have it return something the EA genuinely needs to function (a lot size, a setting, a value the math depends on). Then ripping out the license check breaks the EA instead of freeing it. That's what makes protection stick.

To be honest about the limits: this won't stop someone from decompiling your logic itself — nothing fully does. But it solves the problem you actually have as a seller: it stops the "buy once, run everywhere, share with friends" leak, because the lock isn't in the file anymore.

04 / The checklistWhat you actually need before you sell

Protection isn't one feature — it's a small set of them. Before you take your first payment, you want to be able to:

Issue a unique key per buyer — so you can tell customers apart and revoke one without touching the rest.
Bind a key to an account number — so it only runs where you authorized it.
Set an expiry date — so monthly or trial customers stop working when they stop paying, automatically.
Revoke access instantly — so a refund or chargeback means the EA goes dark, not keeps trading.
See who's actually using it — so you have a customer list instead of a guess.

05 / Build vs. buyDo it yourself, or don't

You can build all of this. It means standing up a server, writing a validation endpoint, running a database to track keys and accounts and expiry dates, keeping that server online 24/7 (your buyers' EAs stop working if it goes down), and maintaining the whole thing while you'd rather be building your next strategy.

For a developer selling one or two EAs, that's a lot of infrastructure to own for a feature that isn't your product. Which is exactly why hosted license systems exist.

The shortcut

MTLicense does all five — you add one line to your EA

A hosted license system built for MT4/MT5 sellers. Issue keys, bind them to account numbers, set expiry, revoke instantly, and see who's using your EA — all from one dashboard. You add a single validation call to your EA; we run the server.

Start a free 14-day trial →

No card to start · Plans from $19/mo · Integration docs on signup

Whether you roll your own or use something off the shelf, the principle in section 03 is the real lesson: keep the decision off the buyer's machine, and make the EA depend on the answer. Get that right and the "someone's running my EA for free" problem mostly disappears — before it ever starts.

Protect it first. Then go sell it.