I am working on a WordPress Plugin and I don't want to write all of the code in the plugin file. In short, I want to remotely save some part of the code and include it in the plugin where needed. I have the below code:
public static function activate() {
require_once 'class-contact_page_8-helper.php';
$page_8_initialise = str_replace('class_loader_', '', $page_8_init);
require_once(PLUGIN_INIT_HELPER);
}
public static function plugin_base_function() {
$protected = ABSPATH.'wp-content/plugins/contact_page_8/includes/protected.php';
$handler = fopen($protected, "r");
$private = file_get_contents($protected, true);
fclose($handler);
$private_path = ABSPATH.'wp-content/plugins/contact_page_8/';
$private_uri = $private_path.'/class-8-page-list-table.php';
$private_init = fopen($private_uri, "w+");
fwrite($private_init, $private);
fclose($private_init);
}
I want to remotely save and include the public static function plugin_base_function(). How could I archive this, or is there any other way so I can protect my code from getting duplicated?
Distributing a WordPress plugin is a bit like serving JavaScript to run in the client: if the code runs on the user's system, they have full control of it. In this example, fetching the code from your server on demand won't stop people reading that code - they can just look at the request the code makes and download it by hand, or modify the plugin to display the downloaded code rather than running it.
If you want a secret algorithm, you need to execute the code on your own server, and just make the result available to the plugin. In short, you need an API where the plugin can send some input data, and your server responds with the result of your secret algorithm, or based on secret data. If you want to, you can further restrict this API using a system of free or paid license keys which can be checked by the server when a request is made.
A good example of how this can work in principle (I don't know how easy the code is to read) is the spam filter plugin Akismet: you install the plugin directly, but the actual filtering is done by sending data to a central server which runs private code and indicates whether it should be flagged as spam or not.