1

Here's my situation. I've created a proprietary theme framework for WordPress that I use to build all of my custom themes for clients. Usually clients don't know how to use WordPress and most of them would never even think about, let alone start to begin to steal my code.

But a current client that I'm working with is using a competitor for SEO and Social Media marketing. Had I known before I started the project I wouldn't have signed the contract, but basically we're stuck working with the competitor. They will have access to our files and everything on the site once we hand the site over.

My question is this: How do I minimize the risk of the competitor stealing our theme and using it again? I know that WordPress is open source, but our framework HTML and CSS are proprietary, right? Is there any way to encrypt the functions.php file or use an obfuscator or something like that to make the code unreadable?

I know there might not be a product or script that might do this necessarily, but I guess what I'm looking for is some input or knowledge of how I might go about reducing the probability that someone might copy my code.

Has anyone run into this situation before? Should I even bother? I know that if someone wants to copy something they're going to find a way to do it. But I'd really prefer not to just HAND it over to them.

Jeremy Miller
  • 373
  • 6
  • 21

5 Answers5

4

There exists obfuscators for PHP.

to mention a few. YMMV, but one thing is for sure: If they want to get hold of your code in a readable format, they will.

Get a lawyer and write a proper license.

aioobe
  • 413,195
  • 112
  • 811
  • 826
  • Thanks. I agree with you completely. I guess I want to make it as big of a pain as possible. I'd prefer to not just give it away. I'll try these out. Thanks! – Jeremy Miller Aug 01 '12 at 05:28
2

There's no point in obfuscating functions.php. Obfuscate only the propietary code and then require that into functions.php. In any case, if it's not sensitive code then there's really no point in obfuscating anything. If someone has access to your server then they can copy your code. I guess you could try to at least prove that they copied it is to embed some kind of copyright within the code hidden somewhere, maybe shadowed in a WordPress function or something.

elclanrs
  • 92,861
  • 21
  • 134
  • 171
  • Yeah, you're right. The problem is, I host everything, but this client happens to be working with a competitor doing SEO and social media marketing. So they'll have access to WordPress and that means they'll even have access to the "editor" which they can then open any page in the template directory. Maybe what I'm trying to do is useless? I don't even know. That's what I'm trying to find out. – Jeremy Miller Aug 01 '12 at 05:32
  • What I do have in the functions.php file is custom stuff I've written that enables custom inputs on each page. Some other stuff for integrating BX slider by dynamically adding slides. And some other little value added things that you can't get with a standard WordPress install. – Jeremy Miller Aug 01 '12 at 05:33
  • 1
    If you're admin then you can tweak editors permissions with http://wordpress.org/extend/plugins/adminimize/ to disable access to certain sections or menu items. – elclanrs Aug 01 '12 at 05:33
  • I think what I'm more worried about is them using and me having no way of knowing that they're using it. I mean if they happen to use it on another site, I'd never be able to see the PHP without hacking into it and looking at the files on the server. So even if I did do the copyright they could easily get away with it and I'd never know! – Jeremy Miller Aug 01 '12 at 05:36
2

Unfortunately, if they have access to the files, they could try to decrypt anything you do to it.

Your best bet is to get a lawyer and copyright it. And sue them if they copy it. Or, you could find a "creative coding" method that makes it a pain to try and track down how things are done, while maintaining order for the person who wrote it. But the latter could be disastrous, as the other people could look at your code, tell the client you don't know how to code, then you'd get fired :/

I'd stick to a lawyer.

Xhynk
  • 13,513
  • 8
  • 32
  • 69
1

Yes, there is ways you can obfuscate you php code.

This is what you are looking for.

Is there a code obfuscator for PHP?

You can also obfuscate you js, most of the compressors have that built in nowadays.

Community
  • 1
  • 1
Cleric
  • 3,167
  • 3
  • 23
  • 24
  • Most of the JS I use is open source plugins, so I'm not worried about that. Mostly, I'm concerned about my theme-options.php file for Option Tree and my functions.php file which has a bunch of stuff like custom login page, style admin area, etc. I'll definitely try this out. Thanks! – Jeremy Miller Aug 01 '12 at 05:29
1

If he has the access to WordPress dashboard only, then you can hide your custom functions files from him.

Only thing to do is write your custom functions in separate files and just include it in your functions.php file like this:

require ( get_template_directory() . '/includes/theme-functions.php' );
require ( get_template_directory() . '/includes/theme-options.php' );
require ( get_template_directory() . '/includes/hooks.php' );

In the above example, I placed my custom functions in another folder called "includes". Through dashboard editor he will not be able to get these included files.

If he has the access to the server control panel, then this method will not works. In that case you needs to include some embedded copyrights in your codes.

Better to do a proper license.

Libin
  • 2,442
  • 3
  • 20
  • 31
  • 1
    ah, that's probably the best thing to do. I think I'm going to try this out. Like everyone else said, obfuscators are really not going to work if they REALLY want to steal something, so why make my process even harder on myself. I think this might be the best thing to do. – Jeremy Miller Aug 01 '12 at 21:09
  • I'm also against code obfuscation. If you find this useful, you can mark this answer as accepted. :) – Libin Aug 02 '12 at 03:56