infinite

Hi all

I have a bit of a problem that I hope someone may be able to help me with.

I have (outsourced) created a plugin for Wordpress and it works exactly as I wanted it to.

I have two versions of the plugin - a standard and a pro version.

There are a couple of files but one that I really want to encrypt so that no-one (99% of people anyhow as I realize NOTHING is impossible to hack/decrypt) can easily come along and change it (i.e. remove my link etc)

Initially I thought it could be done in IonCube or Zend so I outsourced that task but so far two programmers have failed to provide me with something that is encrypted and works.

I get errors like "the plugin does not have a valid header" - I assume this is because they shouldn't encode the entire code but leave the header in tact?

And with another version I got the below error - even though the folders DID in fact exist and had the correct permissions.

"Warning: move_uploaded_file(./bg/D-and-A-WP-Banner4.gif) [function.move-uploaded-file]: failed to open stream: No such file or directory in /home/daveanda/public_html/wp-content/plugins/htmlbox/htmlbox.php on line 79

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpXLnulu' to './bg/D-and-A-WP-Banner4.gif' in /home/daveanda/public_html/wp-content/plugins/htmlbox/htmlbox.php on line 79"


Long story short - no programmer has yet been able to encrypt the file and make the plugin work yet. It's a very small php file - less than 15kb.

Anyone got any advice or know how it can be done? Obviously I'd be happy to pay someone if they can do it. :-)

Aaron

The VERY LAST Wordpress Popup Plugin You'll EVER NEED! => Download It Here

We'll Write Your Weekly Internet Marketing Newsletter FOR YOU! - Get More Details Here

Download My FREE Video Blueprint Showing You How To Earn $100 A Day!

Luke Graham

While I understand your reasons for doing so, if get incredibly annoyed if i buy a product and find out its been encrypted. Im in a minority for sure, but ill only but something to save myself the time of writing it myself; ill edit/make changes to whatever i buy to suit my needs, and this just makes it a PITA to do.

But thats just my opinion, and you probably dont care abouty that

You can do it easily enough with an md5 hash. You shouldnt need to pay someone to do it, there are scripts that will do it for you.

E.G PHP LockIt! - PHP obfuscating encoder. Obfuscate, encrypt and protect your PHP script

Best Ways To Make Money Online

Eight bytes walk into a bar. The bartender asks, “Can I get you anything?”
“Yeah,” reply the bytes. “Make us a double.”

infinite

lol - thanks...

I will give that a whirl.

My main reason for encrypting is simply because there is a free version of the plugin and all I am asking in return is a link back to the plugin download page.

There IS an upgrade option with more features but I can only imagine how easy it would be for someone to change my link and sell the plugin as their own if I left it unencrypted. Unfortunately it's the old adage that the minority spoil things for the majority!

Thanks for the link... :-)

I was thinking about bringing out my VERY OLD paypal button encryption software (which I haven't used in about 7 years - lol) just this afternoon. ;-)

Aaron

The VERY LAST Wordpress Popup Plugin You'll EVER NEED! => Download It Here

We'll Write Your Weekly Internet Marketing Newsletter FOR YOU! - Get More Details Here

Download My FREE Video Blueprint Showing You How To Earn $100 A Day!

mastermute

Zend encoder also needs a Zend component on the server when it executes, so the header error you see is correct unless you fork up and use Zend Engine on your server. And that is something you are not likely to see your potential users do to use your free version.

Kirk Ward

About the only secure method is something that uses iocube or zend, which as you've found out, requires the zend engine on the users erver.

Howsomever, that being said, I am of the opinion that the zend engine is a freebie as the developers want to sell as many of the encoders as possible. But, mayhaps I has it backwards.

Would suggest you check a bit more on this as I also think most hosting companies provide the zend engine for free, so you may not have wasted your development money. It may just be that the php.ini file needs a flag switched.

Kirk

"We are not here to sell a parcel of boilers and vats, but the potentiality of growing rich beyond the dreams of avarice."

Dr. Samuel Johnson (Presiding at the sale of Thrales brewery, London, 1781)

infinite

Hi Kirk

Yes - I agree. I believe MOST "good" hosts provide zend and ioncube free of charge on their servers... although some may only offer one or the other. Ideally I was looking to have an ioncube version made and a zend version but it seems everyone who tries to encode this seems to fail.

I noticed that the plugin has sections of HTML so therefore I have even tried a basic HTML encryption program to encrypt the vital bits of HTML and that "almost worked" but the output on the blog is not perfect yet.

I never thought this would be as hard as it seems to be!

Aaron

The VERY LAST Wordpress Popup Plugin You'll EVER NEED! => Download It Here

We'll Write Your Weekly Internet Marketing Newsletter FOR YOU! - Get More Details Here

Download My FREE Video Blueprint Showing You How To Earn $100 A Day!

infinite

I give up! lol

Anyone who thinks this might be easy, then feel free to let me know and I will PAY you to do it (assuming you can get it actually working!)

Aaron

The VERY LAST Wordpress Popup Plugin You'll EVER NEED! => Download It Here

We'll Write Your Weekly Internet Marketing Newsletter FOR YOU! - Get More Details Here

Download My FREE Video Blueprint Showing You How To Earn $100 A Day!

Kirk Ward

It ain't easy. But it can be done.

In Wordpress, I think there has to be the unencrypted header part, that WP reads to show that the piece is a plugin, and in the list of Plugins. That is most likely all that needs to be HTML or regular PHP.

The remainder of the file can be encrypted. I have several that are that way.

One thought is to create the plugin header in one file, and encrypt another totally, and have the unencrypted file "include" the encrypted one with a PHP "include" statement.

Maybe even look at a program called "SourceGuardian." I think that uses the IonCube or Zend engine, and it has a way to put a PHP header.

One thought as I'm typing here just dawned on me. Are you creating these as HTML pages or PHP pages? They must be PHP files.

Good luck

"We are not here to sell a parcel of boilers and vats, but the potentiality of growing rich beyond the dreams of avarice."

Dr. Samuel Johnson (Presiding at the sale of Thrales brewery, London, 1781)

MemberWing

There are 2 ways to encrypt wordpress plugin:

1. IonCube. Just leave Wordpress plugin header file plain and unencrypted and have it include_once ("rest-of-encrypted-code.php");
   Advantages: security (99.99% protection against decoding efforts)
   Disadvantages:
   - cost of license.
   - must have support from hosting accounts. This is especially important if you are distributing Wordpress plugins - plenty of people are using lousy hosting services who doesn't have a clue how to enable IonCube suppport
2. ZenCrypt. Disclosure - this is encoder I personally wrote and use to overcome problems with IonCube.
   Advantages:
   - Does not require server support
   - works with all PHP versions and hosting accounts allowing for widest distribution.
   - works from all operating systems
   - allows batch file builds
   - allows partial encoding of source files (in case you want to encode only few functions)
   - strip comments
   Disadvantages:
   - easier for decode for skillful professional
   - no binary code protection

I am pretty good at using IonCube + generating batch build files + generating IonCube licenses that are safe from stealing via direct access. It works but as some mentioned Wordpress plugins community as biased toward free sources and free software - so any encoding could be met with resistance. Particularly hosting encoded plugins at wordpress.org is impossible.
But if you are working for a given client - you are free to do whatever fits your business.

Gleb

MemberWing

Feel free to contact me. I am not cheap - but if you need this stuff to work per your specs - let me know. I own IonCube license, use it all the time and build plugins and custom solutions for living .

Gleb

Kirk Ward

Personally, if I was wanting to build and distribute past the little one I give away, I'd get Gleb's ZenCrypt. The description makes it sound like a more sophisticated version of the obfuscator (Obfuscator is correct, it was not an encryptor.) that I used.

Kirk

"We are not here to sell a parcel of boilers and vats, but the potentiality of growing rich beyond the dreams of avarice."

Dr. Samuel Johnson (Presiding at the sale of Thrales brewery, London, 1781)

edynas

Done this with one of my plugins. Zend and ioncube was not the way I went as that does need to be installed on the client server and yes on most hosting it is but I didn't wanted the support questions etcetc. So I obfuscated it. It's not bulletproof and you have to know which functions to leave in tact as other wise wordpress will break on it if you rename for instance wp_post() to D564opKQJWE() then you will get those errors.

Send me a pm if you want me to do it for you.

Edwin

All my products - an overview is at : http://edwinboiten.com

blur

Please reconsider not encrypting our plugin.

Every time you update the plugin you'll have to encode it. Plus not all servers have the capabilities to decode to files either. And if you do encode the files it's just more of a challenge for script nullers to crack it and redistribute it (without your link).

I remember when I was part of the VB community that some people encoded their plugins for vBulletin. They had more issues due to the encoding then the actual plugin itself.

I understand where you are coming from on this...

MemberWing

..and don't close the doors to your house while you're at work - otherwise thiefs won't be able to get in and take your possessions!

MemberWing

I agree with Jonathan. IonCube is overkill for me in 95% of cases. 5% covers the case with my proprietary digital watermarking script that allows webmasters to trace back their digital content to member who illegally distributed it. The other 95% of my needs is to prevent kiddie to fiddle with my branding links and ZenCrypt obfuscator does it perfectly and works on all hosting accounts and all PHP versions.

Gleb

infinite

Hi Gleb

Just sending you a PM.

I agree that I don't need to ENCRYPT it per se and just want to stop someone changing my links etc.

Wanted to ask you a question though so will PM you.

Thanks!

Aaron

The VERY LAST Wordpress Popup Plugin You'll EVER NEED! => Download It Here

We'll Write Your Weekly Internet Marketing Newsletter FOR YOU! - Get More Details Here

Download My FREE Video Blueprint Showing You How To Earn $100 A Day!

infinite

Just wanted to say a HUGE THANKS to Gleb. His Zencrypt encoding software has done the trick where nothing else would. :-) This is fantastic and whilst it might not necessarily stop the most hardened hackers, this was never my intention - I was only ever interested in detering the casual user. Fantastic - thanks Gleb... it is VERY MUCH APPRECIATED!

Aaron

The VERY LAST Wordpress Popup Plugin You'll EVER NEED! => Download It Here

We'll Write Your Weekly Internet Marketing Newsletter FOR YOU! - Get More Details Here

Download My FREE Video Blueprint Showing You How To Earn $100 A Day!

MemberWing

My pleasure Aaron - ZenCrypt PHP encoder was specifically designed to accomodate sensitive nature of Wordpress plugins development - I glad it worked for you just like it does for me.
Just like you - I tried *everything* under the sun and everything failed before I had to create my own stuff that works.

Gleb

customertools

Why not just create a file called pluginname.php with the header information in it, and then do a simple include the zend or ioncube encoded file?
example:
Side note: Also, 99.9% of this stuff can be reverse engineered in a matter of days by someone with 1/2 a brain. And when you stop supporting your plugin and someone has relied on it to make a living with, and it breaks because wordpress 3.x comes out and they cannot have it updated by someone because you've encoded it.

IMO Don't encode it, it will make your job more difficult. The beauty of open source is that if someone finds a bug, they can tell you and help fix it VS you having to find it and fix it.

Ultimate Keyword Tool - Create HUGE Targeted Keyword Lists In Minutes Not Hours Or Days. $7 seven day trial.

Mark Ford

Thanks for this, I will bookmark your page, and the next plugin job where I need it encoded will grab your Zencrypt. Looks like it will save me hours of work.

Thanks
Mark