Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Protecting PHP Code

Encryption or Obfuscator?



9:58 pm on Jan 1, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Hello everyone,

I have a PHP program that I have created and would like to offer to customers. I currently use IonCube for encryption but I'm finding many customers don't know how to enable support on their hosting/server for this type of encryption.

I'm looking for a better way to protect my code while still offering it to my customers. Does anyone here have any experience with offering a PHP application that works across most hosting accounts but still protects the PHP code?

Is it possible to setup an external "offsite" PHP include that houses all the PHP functions? Or, do most hosting accounts not support this?

Thanks in advance for your help!


11:07 pm on Jan 5, 2010 (gmt 0)

10+ Year Member

I have been thinking about this same issue lately with my most recent project. But you are going to have issues setting up trust relationships between servers, and in most shared enviroments this wont be possible.

You could build your own API that accepts HTTP requests and return the data in JSON or XML.

You supply open code wrapper that makes calls to this api via curl or fopen and return the work. Probably would be a lot of work to recode your application, but might be worth it to keep it safe.


11:11 pm on Jan 5, 2010 (gmt 0)

10+ Year Member

One other idea, the way I have gone with my latest web app, is to start your own hosting company.

Virtual Dedicated, and Dedicated servers are pretty cheap. If you code is that valuable, people may be willing to switch over to your hosting company to have access to this code.

Will take some work to build everything, but with Enom, for purchasing domains and SSL, and Cpanel/WHM for management, you can build something fairly quick, and remarkably cheap.


1:18 pm on Jan 6, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Thanks Willis! The XML is a good idea but might be a bit taxing on my server if I get multiple people using my application.

I already offer hosting and considered the option of offering the hosting with the application and not providing them FTP access.

Do you know anything about setting up an API or Serial for the code? I already created a PHP function that creates a serial number based on their domain but it is in the code so they would be able to see the function and how it works.


11:28 pm on Jan 6, 2010 (gmt 0)

10+ Year Member

That is the problem with having the code being translated by a function/method that the user has access to.

Im really not too sure. Dont know what you can do to "truly" protect your code. PHP compiles on the fly, so the code is visible to whomever is running it at 1 pointe or another.

However, you can run code precompiled, however I do not know if this will solve your cross server problems. There are a couple of places you can take a look at thanks to wikipedia.



I dont know much about these, but the first one offers obfuscate (experimental though).

And precompiled PHP code unlike JAVA; I dont think there are decompilers out there, so this might protect you fairly well.


3:37 am on Jan 7, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Thanks again for the info. I will look over the two links to see if I can figure out a solution.


1:39 pm on Jan 7, 2010 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member

most every php host have zend optimizer (not zend engine, but the optimizer) installed by default - see it using phpinfo(). suggest it over ioncube.

Featured Threads

Hot Threads This Week

Hot Threads This Month