23 {{ upvoteCount | shortNum }}
23 {{ upvoteCount | shortNum }}

Anyone know how I can do this? Encrypting a WP Plugin

by infinite
19 replies
Hi all

I have a bit of a problem that I hope someone may be able to help me with.

I have (outsourced) created a plugin for Wordpress and it works exactly as I wanted it to.

I have two versions of the plugin - a standard and a pro version.

There are a couple of files but one that I really want to encrypt so that no-one (99% of people anyhow as I realize NOTHING is impossible to hack/decrypt) can easily come along and change it (i.e. remove my link etc)

Initially I thought it could be done in IonCube or Zend so I outsourced that task but so far two programmers have failed to provide me with something that is encrypted and works.

I get errors like "the plugin does not have a valid header" - I assume this is because they shouldn't encode the entire code but leave the header in tact?

And with another version I got the below error - even though the folders DID in fact exist and had the correct permissions.

"Warning: move_uploaded_file(./bg/D-and-A-WP-Banner4.gif) [function.move-uploaded-file]: failed to open stream: No such file or directory in /home/daveanda/public_html/wp-content/plugins/htmlbox/htmlbox.php on line 79

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpXLnulu' to './bg/D-and-A-WP-Banner4.gif' in /home/daveanda/public_html/wp-content/plugins/htmlbox/htmlbox.php on line 79"


Long story short - no programmer has yet been able to encrypt the file and make the plugin work yet. It's a very small php file - less than 15kb.

Anyone got any advice or know how it can be done? Obviously I'd be happy to pay someone if they can do it. :-)

Aaron
#encrypting #plugin
  • Profile picture of the author chaos69
    While I understand your reasons for doing so, if get incredibly annoyed if i buy a product and find out its been encrypted. Im in a minority for sure, but ill only but something to save myself the time of writing it myself; ill edit/make changes to whatever i buy to suit my needs, and this just makes it a PITA to do.

    But thats just my opinion, and you probably dont care abouty that

    You can do it easily enough with an md5 hash. You shouldnt need to pay someone to do it, there are scripts that will do it for you.

    E.G PHP LockIt! - PHP obfuscating encoder. Obfuscate, encrypt and protect your PHP script
    Signature
    Best Ways To Make Money Online

    Eight bytes walk into a bar. The bartender asks, “Can I get you anything?”
    “Yeah,” reply the bytes. “Make us a double.”
    {{ DiscussionBoard.errors[1417326].message }}
    • Profile picture of the author infinite
      lol - thanks...

      I will give that a whirl.

      My main reason for encrypting is simply because there is a free version of the plugin and all I am asking in return is a link back to the plugin download page.

      There IS an upgrade option with more features but I can only imagine how easy it would be for someone to change my link and sell the plugin as their own if I left it unencrypted. Unfortunately it's the old adage that the minority spoil things for the majority!

      Thanks for the link... :-)

      I was thinking about bringing out my VERY OLD paypal button encryption software (which I haven't used in about 7 years - lol) just this afternoon. ;-)

      Aaron
      Signature
      The VERY LAST Wordpress Popup Plugin You'll EVER NEED! => Download It Here

      Want FREE Access To Tons Of Internet Marketing Video Tutorials? Click HERE.

      Click HERE To Claim Your FREE Private Label Rights Membership!
      {{ DiscussionBoard.errors[1417345].message }}
  • Profile picture of the author mastermute
    Originally Posted by infinite View Post

    I get errors like "the plugin does not have a valid header" - I assume this is because they shouldn't encode the entire code but leave the header in tact?
    Zend encoder also needs a Zend component on the server when it executes, so the header error you see is correct unless you fork up and use Zend Engine on your server. And that is something you are not likely to see your potential users do to use your free version.
    {{ DiscussionBoard.errors[1417435].message }}
    • Profile picture of the author Kirk Ward
      About the only secure method is something that uses iocube or zend, which as you've found out, requires the zend engine on the users erver.

      Howsomever, that being said, I am of the opinion that the zend engine is a freebie as the developers want to sell as many of the encoders as possible. But, mayhaps I has it backwards.

      Would suggest you check a bit more on this as I also think most hosting companies provide the zend engine for free, so you may not have wasted your development money. It may just be that the php.ini file needs a flag switched.

      Kirk
      Signature
      "We are not here to sell a parcel of boilers and vats, but the potentiality of growing rich beyond the dreams of avarice."

      Dr. Samuel Johnson (Presiding at the sale of Thrales brewery, London, 1781)
      {{ DiscussionBoard.errors[1418634].message }}
      • Profile picture of the author infinite
        Hi Kirk

        Yes - I agree. I believe MOST "good" hosts provide zend and ioncube free of charge on their servers... although some may only offer one or the other. Ideally I was looking to have an ioncube version made and a zend version but it seems everyone who tries to encode this seems to fail.

        I noticed that the plugin has sections of HTML so therefore I have even tried a basic HTML encryption program to encrypt the vital bits of HTML and that "almost worked" but the output on the blog is not perfect yet.

        I never thought this would be as hard as it seems to be!

        Aaron
        Signature
        The VERY LAST Wordpress Popup Plugin You'll EVER NEED! => Download It Here

        Want FREE Access To Tons Of Internet Marketing Video Tutorials? Click HERE.

        Click HERE To Claim Your FREE Private Label Rights Membership!
        {{ DiscussionBoard.errors[1420456].message }}
        • Profile picture of the author infinite
          I give up! lol

          Anyone who thinks this might be easy, then feel free to let me know and I will PAY you to do it (assuming you can get it actually working!)

          Aaron
          Signature
          The VERY LAST Wordpress Popup Plugin You'll EVER NEED! => Download It Here

          Want FREE Access To Tons Of Internet Marketing Video Tutorials? Click HERE.

          Click HERE To Claim Your FREE Private Label Rights Membership!
          {{ DiscussionBoard.errors[1420942].message }}
          • Profile picture of the author Kirk Ward
            Originally Posted by infinite View Post

            I give up! lol

            Anyone who thinks this might be easy, then feel free to let me know and I will PAY you to do it (assuming you can get it actually working!)

            Aaron
            It ain't easy. But it can be done.

            In Wordpress, I think there has to be the unencrypted header part, that WP reads to show that the piece is a plugin, and in the list of Plugins. That is most likely all that needs to be HTML or regular PHP.

            The remainder of the file can be encrypted. I have several that are that way.

            One thought is to create the plugin header in one file, and encrypt another totally, and have the unencrypted file "include" the encrypted one with a PHP "include" statement.

            Maybe even look at a program called "SourceGuardian." I think that uses the IonCube or Zend engine, and it has a way to put a PHP header.

            One thought as I'm typing here just dawned on me. Are you creating these as HTML pages or PHP pages? They must be PHP files.

            Good luck
            Signature
            "We are not here to sell a parcel of boilers and vats, but the potentiality of growing rich beyond the dreams of avarice."

            Dr. Samuel Johnson (Presiding at the sale of Thrales brewery, London, 1781)
            {{ DiscussionBoard.errors[1421616].message }}
            • Profile picture of the author MemberWing
              There are 2 ways to encrypt wordpress plugin:
              1. IonCube. Just leave Wordpress plugin header file plain and unencrypted and have it include_once ("rest-of-encrypted-code.php");
                Advantages: security (99.99% protection against decoding efforts)
                Disadvantages:
                - cost of license.
                - must have support from hosting accounts. This is especially important if you are distributing Wordpress plugins - plenty of people are using lousy hosting services who doesn't have a clue how to enable IonCube suppport
              2. ZenCrypt. Disclosure - this is encoder I personally wrote and use to overcome problems with IonCube.
                Advantages:
                - Does not require server support
                - works with all PHP versions and hosting accounts allowing for widest distribution.
                - works from all operating systems
                - allows batch file builds
                - allows partial encoding of source files (in case you want to encode only few functions)
                - strip comments
                Disadvantages:
                - easier for decode for skillful professional
                - no binary code protection

              I am pretty good at using IonCube + generating batch build files + generating IonCube licenses that are safe from stealing via direct access. It works but as some mentioned Wordpress plugins community as biased toward free sources and free software - so any encoding could be met with resistance. Particularly hosting encoded plugins at wordpress.org is impossible.
              But if you are working for a given client - you are free to do whatever fits your business.

              Gleb
              Signature
              {{ DiscussionBoard.errors[1422214].message }}
              • Profile picture of the author MemberWing
                Anyone who thinks this might be easy, then feel free to let me know and I will PAY you to do it (assuming you can get it actually working!)
                Feel free to contact me. I am not cheap - but if you need this stuff to work per your specs - let me know. I own IonCube license, use it all the time and build plugins and custom solutions for living .

                Gleb
                Signature
                {{ DiscussionBoard.errors[1422247].message }}
                • Profile picture of the author Kirk Ward
                  Personally, if I was wanting to build and distribute past the little one I give away, I'd get Gleb's ZenCrypt. The description makes it sound like a more sophisticated version of the obfuscator (Obfuscator is correct, it was not an encryptor.) that I used.

                  Kirk
                  Signature
                  "We are not here to sell a parcel of boilers and vats, but the potentiality of growing rich beyond the dreams of avarice."

                  Dr. Samuel Johnson (Presiding at the sale of Thrales brewery, London, 1781)
                  {{ DiscussionBoard.errors[1422768].message }}
  • Profile picture of the author edynas
    Banned
    Done this with one of my plugins. Zend and ioncube was not the way I went as that does need to be installed on the client server and yes on most hosting it is but I didn't wanted the support questions etcetc. So I obfuscated it. It's not bulletproof and you have to know which functions to leave in tact as other wise wordpress will break on it if you rename for instance wp_post() to D564opKQJWE() then you will get those errors.

    Send me a pm if you want me to do it for you.

    Edwin
    {{ DiscussionBoard.errors[1422995].message }}
  • Profile picture of the author blur
    Please reconsider not encrypting our plugin.

    Every time you update the plugin you'll have to encode it. Plus not all servers have the capabilities to decode to files either. And if you do encode the files it's just more of a challenge for script nullers to crack it and redistribute it (without your link).

    I remember when I was part of the VB community that some people encoded their plugins for vBulletin. They had more issues due to the encoding then the actual plugin itself.

    I understand where you are coming from on this...
    Signature

    {{ DiscussionBoard.errors[1424368].message }}
  • Profile picture of the author MemberWing
    And if you do encode the files it's just more of a challenge for script nullers to crack it and redistribute it (without your link).
    ..and don't close the doors to your house while you're at work - otherwise thiefs won't be able to get in and take your possessions!
    Signature
    {{ DiscussionBoard.errors[1425603].message }}
  • Profile picture of the author MemberWing
    Use a good obfuscator. It will help 'prevent' it being ripped off (easily) from a script kiddie, etc.

    Johnathan
    I agree with Jonathan. IonCube is overkill for me in 95% of cases. 5% covers the case with my proprietary digital watermarking script that allows webmasters to trace back their digital content to member who illegally distributed it. The other 95% of my needs is to prevent kiddie to fiddle with my branding links and ZenCrypt obfuscator does it perfectly and works on all hosting accounts and all PHP versions.

    Gleb
    Signature
    {{ DiscussionBoard.errors[1425743].message }}
  • Profile picture of the author infinite
    Just wanted to say a HUGE THANKS to Gleb. His Zencrypt encoding software has done the trick where nothing else would. :-) This is fantastic and whilst it might not necessarily stop the most hardened hackers, this was never my intention - I was only ever interested in detering the casual user. Fantastic - thanks Gleb... it is VERY MUCH APPRECIATED!

    Aaron
    Signature
    The VERY LAST Wordpress Popup Plugin You'll EVER NEED! => Download It Here

    Want FREE Access To Tons Of Internet Marketing Video Tutorials? Click HERE.

    Click HERE To Claim Your FREE Private Label Rights Membership!
    {{ DiscussionBoard.errors[1430228].message }}
  • Profile picture of the author MemberWing
    My pleasure Aaron - ZenCrypt PHP encoder was specifically designed to accomodate sensitive nature of Wordpress plugins development - I glad it worked for you just like it does for me.
    Just like you - I tried *everything* under the sun and everything failed before I had to create my own stuff that works.

    Gleb
    Signature
    {{ DiscussionBoard.errors[1430256].message }}
    • Profile picture of the author customertools
      Why not just create a file called pluginname.php with the header information in it, and then do a simple include the zend or ioncube encoded file?
      example:
      Code:
      <?php
/*
Plugin Name: Plugin Name
Plugin URI: 
Description: blah blah blah blah
Version: 1.0.0
Author: blahblahblah
Author URI: 
*/

include "core.php";

?>
      Side note: Also, 99.9% of this stuff can be reverse engineered in a matter of days by someone with 1/2 a brain. And when you stop supporting your plugin and someone has relied on it to make a living with, and it breaks because wordpress 3.x comes out and they cannot have it updated by someone because you've encoded it.

      IMO Don't encode it, it will make your job more difficult. The beauty of open source is that if someone finds a bug, they can tell you and help fix it VS you having to find it and fix it.
      {{ DiscussionBoard.errors[1498604].message }}
      • Profile picture of the author Mark Ford
        My pleasure Aaron - ZenCrypt PHP encoder was specifically designed to accomodate sensitive nature of Wordpress plugins development - I glad it worked for you just like it does for me.
        Just like you - I tried *everything* under the sun and everything failed before I had to create my own stuff that works.
        Thanks for this, I will bookmark your page, and the next plugin job where I need it encoded will grab your Zencrypt. Looks like it will save me hours of work.

        Thanks
        Mark
        {{ DiscussionBoard.errors[1499144].message }}

Trending Topics