Encryption for wordpress plugin code

Asked

Viewed 604 times

-1

I finished a wordpress plugin and do not want to leave open source. I’ve tried to use a simple obfuscator, but after obfuscating the wordpress does not recognize as plugin.

Someone has a light on how to protect my code?

  • 1

    Possible duplicate of How to protect source code?

  • A tip: obfuscate source code changes method and variable names, things that Wordpress trusts will be correct. What you need to do is simply set up the obfuscator to not touch anything that references or extends the Wordpress Apis. Please note that an obfuscator makes it difficult for other people to move your code, but it does not totally prevent them from making modifications or even using it without the proper license.

1 answer

0

Dude, if you want a protected plugin, I think it’s feasible to create a premium plugin and validate the license each new installation

However, I believe that if your plugin is important to other users, why not release access to the whole community, so, in addition to publicizing it, it can also be improved.

  • Its Validation is done by email! Without the confirmation of the purchase email there is no way to install it. But, this does not protect the code of the plugin. I need to protect, this plugin will not be open to the community! It is a commercial plugin.]

  • Note how this validation is done by email. If it is not easy to monitor the negative return network traffic and then create a false server returning positive. Imagine that there is an email field and when sending to meusite.com/verificar is returned true or false. So whenever you type an "invalid" email is returned false. Just have the person redirect meusite.com to another IP (on Windows does it on hosts) and then in this new IP always returns true. Ready, the installation will be done. PS: THIS IS JUST EXAMPLE, to summarize everything in one comment.

  • That’s exactly what I do, but it doesn’t worry me, if I encrypt the code, no one will know how the activation works!

  • 2

    @Andersoncosta Encryption is no use, because before it is executed it will have to be deciphered (or the computer will also not be able to interpret the code!), which means that the encryption key has to be sent along with the ciphertext code. And if the key is there, any attacker can decipher...

Browser other questions tagged

You are not signed in. Login or sign up in order to post.