Anybody has knowledge in Code Obfuscation/Encryption in WordPress?

wowthatsher

Regular Member
Jr. VIP
Joined
Mar 4, 2024
Messages
311
Reaction score
86
Hi, Share your experience in Code Obfuscation/Encryption in WordPress.

Have any of you give a try to obfuscation your source code from frontend? Or how you are securing the WP source code? Any plugin/tools available?

Thanks in advance... Cheers!
 
What do you mean by obfuscating your source code from frontend?

I assume you are speaking of obfuscating PHP code.

Frontend should NEVER have access to the PHP source code.

Your user's browser interacts with, let's say, index.php, be he is not able to read it, just to execute it and see a result of it's execution.

If there's a single way your user's can see PHP code that's a very serious security concern.

Now, if you want to hide it from a person who have access to the WP files (let's say a helper you have). Obfuscating WordPress code is mostly useless as they are standard files which one can download. Now, if you have a custom plugin/functionality, and you believe is it worth to obfuscate it (and just it). There's a tool called PHP magnify (dot com) in which you can do a simple obfuscation, and there's a nice read in medius of anshil dev.
 
What do you mean by obfuscating your source code from frontend?

I assume you are speaking of obfuscating PHP code.

Frontend should NEVER have access to the PHP source code.

Your user's browser interacts with, let's say, index.php, be he is not able to read it, just to execute it and see a result of it's execution.

If there's a single way your user's can see PHP code that's a very serious security concern.

Now, if you want to hide it from a person who have access to the WP files (let's say a helper you have). Obfuscating WordPress code is mostly useless as they are standard files which one can download. Now, if you have a custom plugin/functionality, and you believe is it worth to obfuscate it (and just it). There's a tool called PHP magnify (dot com) in which you can do a simple obfuscation, and there's a nice read in medius of anshil dev.

I want to tighten the WP security and make the source code hard to read and understand. Especially the CSS class, JS function, etc. (Refer as below). Instead of a regular class name, it should be Obfuscation/Encryption.

Eg class name:
Actual class: ".cf7-form row-4"
Obfuscation/Encryption class as "dfa4aw7a"

This will make it hard for hackers & scanning tools to find which plugins and it's version and avoid the website from getting easily caught from vulnerabilities.

1729683482214.png
 
I want to tighten the WP security and make the source code hard to read and understand. Especially the CSS class, JS function, etc. (Refer as below). Instead of a regular class name, it should be Obfuscation/Encryption.

Eg class name:
Actual class: ".cf7-form row-4"
Obfuscation/Encryption class as "dfa4aw7a"

This will make it hard for hackers & scanning tools to find which plugins and it's version and avoid the website from getting easily caught from vulnerabilities.

View attachment 387259
That makes sense.

If you want to change every classname of every plugin:
AFAIK, there's no tool to actually do that.
You could, in theory, change the class names from the source code, but it will likely take a lot of time until you get it right, and it will be gone once the plugin updates.

Changing classes dynamically, while WordPress is generating the html, is definitely going to impact perfomance and SEO, besides not letting JS code know about the change.

So automating that process is the only way I can see.

To remove your template's information.
You can remove the headers from styles.css and any reference to your template's name you find in editable text.
Change the directory name (you can also do that with plugins, but it is probably useless).

And I saw some guys changing .htaccess to actually hide the folder of the plugins changing the base url.
And also you can do minification and mix every CSS in a single file, but we know that usually breaks a thing or two.

That's all I can say
 
You can try WP-Encrypt which can encrypt JavaScript and PHP files.

Can you share the Plugin link?

That makes sense.

If you want to change every classname of every plugin:
AFAIK, there's no tool to actually do that.
You could, in theory, change the class names from the source code, but it will likely take a lot of time until you get it right, and it will be gone once the plugin updates.

Changing classes dynamically, while WordPress is generating the html, is definitely going to impact perfomance and SEO, besides not letting JS code know about the change.

So automating that process is the only way I can see.

To remove your template's information.
You can remove the headers from styles.css and any reference to your template's name you find in editable text.
Change the directory name (you can also do that with plugins, but it is probably useless).

And I saw some guys changing .htaccess to actually hide the folder of the plugins changing the base url.
And also you can do minification and mix every CSS in a single file, but we know that usually breaks a thing or two.

That's all I can say

I've used the .htaccess file to hide and rename folders, directories, files and CSS classes carefully and avoided getting the website break. But the problem I've had with a few plugins like "Elementor", "ACF" and more. If I modify those plugin's folders, files and classes it throws an error and breaks the site. That's why I just want to gather some knowledge from like-minded people.
 
You can use "Hide wp" plugin, it changes everything from the front end.
 
Can you share the Plugin link?



I've used the .htaccess file to hide and rename folders, directories, files and CSS classes carefully and avoided getting the website break. But the problem I've had with a few plugins like "Elementor", "ACF" and more. If I modify those plugin's folders, files and classes it throws an error and breaks the site. That's why I just want to gather some knowledge from like-minded people.
https://wordpress.org/plugins/wp-letsencrypt-ssl/
 
Back
Top