I wonder if there is a way to hide a Wordpress Plugin's source code from users. I know wordpress is open source but i dont want the users be able to access and see my plugins source code if possible.
If there is a way to include/require source code from external php file which is in other server, into the plugin files, it would be great. Please let me know the approach you suggest in order to hit my goal! Thanks guys
I wonder if there is a way to hide a Wordpress Plugin's source code from users. I know wordpress is open source but i dont want the users be able to access and see my plugins source code if possible.
If there is a way to include/require source code from external php file which is in other server, into the plugin files, it would be great. Please let me know the approach you suggest in order to hit my goal! Thanks guys
Share Improve this question edited Apr 10, 2020 at 21:50 fuxia♦ 107k39 gold badges255 silver badges459 bronze badges asked Apr 10, 2020 at 21:01 SahandSahand 212 bronze badges1 Answer
Reset to default 4I wonder if there is a way to hide a Wordpress Plugin's source code from users. I know wordpress is open source but i dont want the users be able to access and see my plugins source code if possible.
No.
In order to load the plugin it has to be runnable, and if it can be run it can be viewed.
What's more, such a plugin if it were possible would be:
- A violation of WordPress' license if distributed
- Impossible to debug
- Impossible to extend or incorporate, cutting off your biggest potential customers, agencies and freelance developers
- Impossible to code review, eliminating a large number of companies and agencies who would be unable to assess the plugin for use
- Much slower than a normal plugin due to the additional protections
And if it can be ran, then any protection can be undone by a developer.
If there is a way to include/require source code from external php file which is in other server, into the plugin files, it would be great.
This is not a good idea:
- Remote HTTP requests are expensive and significantly slow down page speeds
- You've introduced an ongoing cost for yourself that gets more and more expensive as each site gets more traffic. If your customers traffic doubles, so do your costs
- Your customers sites will be as slow as your servers, or slower
- Anybody can poke your server and retrieve the original files
- Because of the slowdowns you've given them a major incentive to do this
- By doing this, you're going to need to use some sort of
eval, which is a major security hole - If your server was hacked, all your customers would be hacked too
Fundamentally, this is a dead end. The solutions have major downsides and are trivial to circumvent.
The closest solution historically, was Ioncube. But Ioncube had a terrible reputation, had major performance issues, and was easy to get around.
But even if you could get around all those disadvantages, a lot of the main marketplaces would refuse to sell it.