How to Protect PHP Source Code

Maximum PHP developers need to protect their source code when they distribute their code to customers, to minimize the chances of their work being copied or modified without their permissions.

Read the entire topic to learn about PHP source code protection solutions l, and how our applications will help you to protect your PHP source code.

PHP Source Code Encryption

PHP programmers are commonly faced with the problem of protection of their intellectual property after delivering their PHP software application to the customer. A EULA (End User License Agreement) or a proprietary license provides legal protection but will not actually prevent unauthorized use of copies of the software product.

Encoding of the source code into some binary format would eliminate the problem but in maximum case it required a PHP extension or loader that needs to run the compiled code in the customer server. Although we phpdefend.com overcome on this issue with our PDW_ENCODER application but our PHP_DEFENDER application as usual required third party loader like others.

PHP Source Code Protection Techniques

The PHP application in the client's server needs 2 types of protection:

1. Protect from reading and modifying the PHP source code
2. Protect from redistribution of the entire application

First make the source code more difficult to read by "minification". What is minification? It is a normal and common technique, before distributing your source code remove the comments, white space and line breaks that significantly reduces readability. However, it is not a problem to write a small script to reformat minified code to make it readable.

Another measure that may help here is obfuscation. Renaming the variables with random names makes the source code some harder to understand, alter or use.

The minified and obfuscated source code can still be copied and installed in any other server. So, the PHP application must be protected to the client's site to restrict redistribution. There are several options for the protection of the source code using: server IP address, site domain name, a specific URL, hardware (MAC) address. The application must include necessary functionality to verify the lock criteria before performing any actions.

PHP Source Code Protection method

Normally 3 types of PHP code protection method available: minifiers, obfuscators, and encoders.

Minifiers

Minifiers remove parts of the source code text that are not necessary. The source code is modifying by stripping the comments and whitespace.

This source code often needs further scrambling which can be performed either by encoding or obfuscation. The simplest encoding method is to use the base64_encode() and eval() functions to the minified source code or to use some encryption.

It will be easy for maximum  PHP programmer to decode a minified PHP script to view the original source code.

Obfuscators

An obfuscator modify regular PHP source code into an equivalent but scramble version that is harder to red for user.

The most common way to build a lightweight obfuscator is to parse the source code lexically, replace the variables with meaningless names, and then rebuild the PHP source code. That must be done across all source code files.

Encoders

Encoders actually compile entire PHP source code to Zend opcodes and store the result in files that replace the original PHP source code.

But maximum encoders may require a loader extensions to load and execute the encoded PHP code. Example (Our PHP_DEFENDER, IoncubeEncoder, Nucoder, SourceGuardian, Zend Guard, etc..)

For Bypass this loader issue we have our innovative encoder (PDW_ENCODER) that will not require any loader installation.