Hiding WordPress Plugin Source Code

I wonder if there is a way to hide a WordPress Plugin’s source code from users. I know wordpress is open source but i dont want the users be able to access and see my plugins source code if possible.

No.

In order to load the plugin it has to be runnable, and if it can be run it can be viewed.

What’s more, such a plugin if it were possible would be:

  • A violation of WordPress’ license if distributed
  • Impossible to debug
  • Impossible to extend or incorporate, cutting off your biggest potential customers, agencies and freelance developers
  • Impossible to code review, eliminating a large number of companies and agencies who would be unable to assess the plugin for use
  • Much slower than a normal plugin due to the additional protections

And if it can be ran, then any protection can be undone by a developer.

If there is a way to include/require source code from external php file which is in other server, into the plugin files, it would be great.

This is not a good idea:

  • Remote HTTP requests are expensive and significantly slow down page speeds
  • You’ve introduced an ongoing cost for yourself that gets more and more expensive as each site gets more traffic. If your customers traffic doubles, so do your costs
  • Your customers sites will be as slow as your servers, or slower
  • Anybody can poke your server and retrieve the original files
    • Because of the slowdowns you’ve given them a major incentive to do this
  • By doing this, you’re going to need to use some sort of eval, which is a major security hole
  • If your server was hacked, all your customers would be hacked too

Fundamentally, this is a dead end. The solutions have major downsides and are trivial to circumvent.

The closest solution historically, was Ioncube. But Ioncube had a terrible reputation, had major performance issues, and was easy to get around.

But even if you could get around all those disadvantages, a lot of the main marketplaces would refuse to sell it.

Related Posts:

  1. How to correctly escape an echo
  2. When to use Exceptions vs Error Objects vs just plain false/null
  3. WordPress URL Rewrite not working
  4. Detect a focus on wp_editor
  5. simple wordpress ajax plugin not working when not logged in
  6. Utilize WP-CLI from inside WordPress, not SSH
  7. Saving metabox repeatable fields
  8. how to create and show sessions in word press?
  9. Disable External Pingacks on WordPress Posts and Only Allow ‘Self Pings’
  10. Loading page template into shortcode
  11. do not show web page section when using advanced custom fields pro
  12. How to get all existing post types
  13. New Plugin Review
  14. Create custom blocks for bootstrap
  15. allow users to publish without admin approval
  16. action hook wp_head higher priority as all other plugins/hooks
  17. Do my defines need to be unique?
  18. Evaluations of two wordpress security plans against php code injection attack
  19. What does $wpdb->get_row return?
  20. WP add_action factory
  21. woocommerce subscriptions – get expiration date [closed]
  22. Delete a WordPress transient from a shortcode on Page/Post update
  23. Plugin CSS not enqueing
  24. Swapping wp_dropdown_categories function with wp_category_checklist
  25. How to show phpinfo() only in a new tab?
  26. How can I remove a function that has been added to wordpress with add_filter?
  27. PHP Fatal error: Uncaught mysqli_sql_exception: Table doesn’t exist in wordpress/wp-includes/wp-db.php
  28. How to call plugin function per site in a multisite?
  29. Generating an nonce for Content Security Policy and all scripts – How to make it match/persist for each page load?
  30. How wp-cron can run in background if PHP is single threaded?
  31. Options API get_option() and update_option() Not Correctly Updating or Returning
  32. wp_head function not outputting
  33. How to make own crop image function for WordPress plugin
  34. How can I hide that I Use WordPress (with W3 Total Cache)
  35. Saving plugin settings – ERROR: options page not found
  36. Correct and safe way to include php content in my page
  37. How to add API security keys into JS of wordpress securely
  38. Custom array from a query only write the last row of the query
  39. wp_insert_post: array only. wp_update_post: array|object (?)
  40. Is it possible to define variables in a wordpress shortcode, and then call the shortcode using a specific variable?
  41. Building a REST API for your web app exposes primary keys of DB records?
  42. Custom meta box values are not getting saved for my custom post type
  43. Can’t upload CSV file to plugin directory using custom upload form in admin panel
  44. Validate and Sanitize WP REST API Request using WP JSON Schema?
  45. Custom Registration username_exists / email_exists
  46. How can I search all plugins for composer’s vendor/autoload.php?
  47. Action Hook Inside WordPress Plugin Shortcode
  48. Can I remove or edit an include() from a function with a filter?
  49. Call to undefined function error in plugin
  50. How do I make this Metabox show current DB value?
  51. Updating From Mobile App – Exposing Site to Hacking
  52. Submit form to db
  53. Get category id when SEO URL is turned on
  54. Add a custom WooCommerce settings tab with sections
  55. PHP using external anonymous function inside class
  56. Using ACF Relationship field to set post type to draft or published status
  57. How to extend SelectControl with data from my theme
  58. Add Pre-Defined Value to Click Counter in WordPress
  59. How can i avoid duplicate same post in wp?
  60. Drop down question
  61. How do I disable cache for a certain page?
  62. code that I can run, or a plug in to show what sql tables something pulls information from
  63. Automatic email message after manual user approval
  64. custom mailchimp form using HTTP API
  65. How to override theme’s public static function inside of a trait?
  66. pass datetime using wp_localize_script to frontend from settings page
  67. add custom metabox to media library custom widget
  68. using filter and hook inside class
  69. $.ajax results in 403 forbidden
  70. Display attached images of a page or post that are insetred using gallery
  71. overwrite wordpress gallery with custom gallery shortcode
  72. Enqueue sripts and styles only if function is called
  73. Add widget area from visual editor
  74. Register/enqueue scripts only on certain admin pages
  75. Looping through custom data in a custom table to display all items in a post
  76. Priority call methods – PHPMailer->addAddress(NULL)
  77. not able to access $_POST on backend profile update
  78. Custom Plugin Develoment, Form Action
  79. WordPress Query Crashes Browser
  80. How to send logs to plugin owner for a plugin?
  81. How to Request a User to Register on Landing at a Site, Then Automatically Delete the Users Password on Logout?
  82. Plugin Modification Change Functionality For Logged User Only
  83. Force CSV download with template_redirect
  84. INCOMING: Wall of code for form and $_POST, not updating custom field’s value
  85. add shortcode heading showing multiple time
  86. WP multisite network plugin fails to see classes loaded with spl autoload
  87. AJAX & PHP | Call a specific PHP function from a PHP file via AJAX?
  88. What is this mark for “? function()” [closed]
  89. How to edit the default database of WordPress [closed]
  90. How to quickly/easily make an analysis (reverse engineering) of WordPress?
  91. using a shortcode in a hyperlink
  92. How to automatically convert images to WebP on WordPress?
  93. Check user last login date
  94. Transate plugin with js & wp_localize_script
  95. WP Custom tables query
  96. Authenticate + Authorize WP REST API request before built-in WP JSON Schema Payload Validation?
  97. Woocommerce Convert existing order to the cart
  98. Redirect posts to post editor page based on query string
  99. Load style and script for custom post type metabox
  100. Permissions error when I use my plugin to delete comments in the front-end