For Web Application Developers
- Realize that “encoding” does nothing to “protect” your code. In order for your code to function, it has to be decoded in order to function. Simply encoding your app and slapping a “no reverse engineering” comment in it, does nothing to protect it. If you don’t want unauthorized use of your app to happen, licensing and encryption keys are the way to go.
- Adding multiple layers of compression and text encoding on the app simply makes it larger… and slower.
For Web Site Owners
- Trust your application developers, but verify that they aren’t putting backdoors or other malicious code into the applications or components that you are using.
- Do not use ‘Nulled’ components. It may be attractive because they are supposed to be ‘free’ FULL versions of commercial software, but they often come with malicious code inserted into them.
- Be aware of your billing model. Some application (plugin, theme, etc) developers will layer encoding and compression techniques on their code resulting in larger and slower code that consumes more CPU cycles. In a bill-by-use environment (Cloud environments, some shared hosting environments), this means higher bills for you.
- Use security plugins, web application firewalls, and/or security providers to help scan your website and keep it free of malicious code.