Here's my situation. I've created a proprietary theme framework for WordPress that I use to build all of my custom themes for clients. Usually clients don't know how to use WordPress and most of them would never even think about, let alone start to begin to steal my code.

But a current client that I'm working with is using a petitor for SEO and Social Media marketing. Had I known before I started the project I wouldn't have signed the contract, but basically we're stuck working with the petitor. They will have access to our files and everything on the site once we hand the site over.

My question is this: How do I minimize the risk of the petitor stealing our theme and using it again? I know that WordPress is open source, but our framework HTML and CSS are proprietary, right? Is there any way to encrypt the functions.php file or use an obfuscator or something like that to make the code unreadable?

I know there might not be a product or script that might do this necessarily, but I guess what I'm looking for is some input or knowledge of how I might go about reducing the probability that someone might copy my code.

Has anyone run into this situation before? Should I even bother? I know that if someone wants to copy something they're going to find a way to do it. But I'd really prefer not to just HAND it over to them.

Here's my situation. I've created a proprietary theme framework for WordPress that I use to build all of my custom themes for clients. Usually clients don't know how to use WordPress and most of them would never even think about, let alone start to begin to steal my code.

But a current client that I'm working with is using a petitor for SEO and Social Media marketing. Had I known before I started the project I wouldn't have signed the contract, but basically we're stuck working with the petitor. They will have access to our files and everything on the site once we hand the site over.

My question is this: How do I minimize the risk of the petitor stealing our theme and using it again? I know that WordPress is open source, but our framework HTML and CSS are proprietary, right? Is there any way to encrypt the functions.php file or use an obfuscator or something like that to make the code unreadable?

I know there might not be a product or script that might do this necessarily, but I guess what I'm looking for is some input or knowledge of how I might go about reducing the probability that someone might copy my code.

Has anyone run into this situation before? Should I even bother? I know that if someone wants to copy something they're going to find a way to do it. But I'd really prefer not to just HAND it over to them.

• php
• javascript
• wordpress
• encryption

5 Answers 5

There exists obfuscators for PHP.

• PHP Protect
• Zend Guard
• PHP Obfuscator

to mention a few. YMMV, but one thing is for sure: If they want to get hold of your code in a readable format, they will.

Get a lawyer and write a proper license.

There's no point in obfuscating functions.php. Obfuscate only the propietary code and then require that into functions.php. In any case, if it's not sensitive code then there's really no point in obfuscating anything. If someone has access to your server then they can copy your code. I guess you could try to at least prove that they copied it is to embed some kind of copyright within the code hidden somewhere, maybe shadowed in a WordPress function or something.

Unfortunately, if they have access to the files, they could try to decrypt anything you do to it.

Your best bet is to get a lawyer and copyright it. And sue them if they copy it. Or, you could find a "creative coding" method that makes it a pain to try and track down how things are done, while maintaining order for the person who wrote it. But the latter could be disastrous, as the other people could look at your code, tell the client you don't know how to code, then you'd get fired :/

I'd stick to a lawyer.

If he has the access to WordPress dashboard only, then you can hide your custom functions files from him.

Only thing to do is write your custom functions in separate files and just include it in your functions.php file like this:

require ( get_template_directory() . '/includes/theme-functions.php' );
require ( get_template_directory() . '/includes/theme-options.php' );
require ( get_template_directory() . '/includes/hooks.php' );

In the above example, I placed my custom functions in another folder called "includes". Through dashboard editor he will not be able to get these included files.

If he has the access to the server control panel, then this method will not works. In that case you needs to include some embedded copyrights in your codes.

Better to do a proper license.

Yes, there is ways you can obfuscate you php code.

This is what you are looking for.

Is there a code obfuscator for PHP?

You can also obfuscate you js, most of the pressors have that built in nowadays.