6 {{ upvoteCount | shortNum }}
6 {{ upvoteCount | shortNum }}

How to Protect/Encrypt Premium WP Plugins?

by ccasselman
4 replies
I have written a premium WP plugin and want to try to protect it the best I can from free distribution.

Yes, I know there is only so much protection you can do, but I do not want the average person to just send it around.

I have read about ioncube and zend, but not sure if they work in WP or if there is a standard or generally accepted way to protect WP plugins.

All thoughts / recommendations welcome.
#plugins #premium #protect or encrypt
  • Profile picture of the author SteveJohnson
    zend and ioncube are not WP dependent, they are PHP extensions. You'll have to purchase a license to encode your script with either one.

    For my part, I won't use a plugin that has encryption for two reasons: first, I don't know what the encrypted code does. Is it a "phone home" routine? A tracker? A plugin has access to all the sensitive data in my database, including usernames - a known username is 50% of a hack attempt.

    Second, the plugin may not do exactly what I need it to do in the manner I need it done. If I can't modify it to suit my needs, it's worth little more than the 63 Buick brake master cylinder that is in my junkbox in the garage.

    If a plugin has encrypted code, I request a refund immediately.
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[2690389].message }}
    • Profile picture of the author ccasselman
      Originally Posted by SteveJohnson View Post

      If a plugin has encrypted code, I request a refund immediately.
      I understand that - I feel the same, but then just give your code out to be handed around is scary too.

      Wishlist which is widely used is using a basic encryption - does anyone know what that is? Or how to do it?
      {{ DiscussionBoard.errors[2690424].message }}
  • Profile picture of the author SteveJohnson
    You can base64 encode sections of your script then cause them to execute. That keeps most of the prying eyes away because very few people will write the simple code to unencode it.

    If your plugin does something in the background like Akismet, you can make it phone home with an application key - but if you do that you'd better make sure that it works once the initial key is entered and verified - AND that the server that verifies it has virtually 100% uptime or has a fallback method.
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[2690498].message }}
  • Profile picture of the author theIMgeek
    Look into a code obfuscator such as Code Eclipse - PHP Obfuscator

    Then inside your code you could have a "phone home" thing that checks a registration key against a database. To solve the "reliability" issue, perhaps make it so that the script is only disabled if it gets a true negative response from headquarters. (timeouts and fails will have no affect)

    As always, none of these measures wll stop somebody with time/energy/know-how from stealing your stuff if they really want to.

    -Ryan
    Signature
    FREE WSO: Protect and Automatically Deliver Your Digital Products

    Ask the Internet Marketing Geek     <-- Happy to help with technical challenges
    MiniSiteMaker.org <-- Free software to make your mini-sites fast and easy
    {{ DiscussionBoard.errors[2690859].message }}

Trending Topics