About php-next

A modern VM-based encoder for PHP – built by developers who were tired of 20-year-old tools.

php-next turns your PHP code into ultra-compact encrypted blobs that run inside a hardened virtual machine. No fragile Zend opcodes. No legacy loaders. Just modern, auditable security.

What is php-next?

php-next is a next-generation PHP encoder and runtime that protects your source code with a dedicated virtual machine instead of patching into the Zend engine.

Instead of shipping plain PHP files or traditional obfuscated scripts, you:

1. Compile your project into one or more encrypted blobs (500–4000 bytes each).
2. Deploy them together with a small native loader.
3. Execute – let the php-next VM execute your code in a controlled, hardened environment.

Why php-next exists

Most PHP encoders on the market were designed more than a decade ago:

• tightly coupled to Zend engine internals,
• slow to support new PHP versions,
• predictable obfuscation patterns,
• limited protection against real reverse engineering.

We wanted something different:

• a VM-first design,
• future-proof against new PHP releases,
• strong cryptography and license binding by default,
• and a compact runtime that can be audited and hardened like any other security-critical component.

How php-next protects your code

At a high level, php-next follows three steps:

1. Compile

Your PHP code is parsed and converted into an intermediate representation (IR).

This IR is then transformed into bytecode designed specifically for the php-next VM.

2. Encrypt

The bytecode is packed into an ultra-compact runtime blob:

• encrypted with modern algorithms (ChaCha20-Poly1305 style construction),
• integrity-protected,
• optionally bound to domain, hardware or license ID,
• optionally split into multi-stream containers (ULTRA / ULTRA V1).

3. Execute

At runtime, a small native loader:

• validates the blob,
• checks integrity, license and environment,
• decrypts the internal VM runtime segments,
• executes your protected code inside the php-next virtual machine.

Editions designed for real teams

php-next comes in multiple editions so you can match protection level to your project:

• TRIAL – 7-day full PRO features, ideal to test the encoder and integration.
• PRO – production-grade protection for commercial projects, compatible with shared hosting.
• ULTRA – VM-based execution with multi-layer encryption, polymorphic opcodes and anti-debug / anti-tamper.
• ULTRA V1 – our flagship "zero-knowledge" edition with multi-stream blobs, decoy VM architecture and polyglot containers for high-risk and regulated applications.

Typical use cases:

• Commercial PHP products and SaaS backends
• License-based modules and plugins
• High-value business logic (pricing, scoring, routing)
• Security-sensitive integrations and proprietary frameworks

Security philosophy

php-next is built around a few key principles:

Defense in depth

We combine strong cryptography, VM isolation, multi-stream blobs, anti-debug, integrity checks and license binding. No single layer is assumed to be perfect.

Small, auditable runtime

The runtime blob is intentionally compact (~4 KB). A small footprint is easier to reason about, easier to harden and harder to attack reliably.

Future-proof by design

Because we execute our own bytecode in a dedicated VM, we are not tied to Zend internals. Supporting new PHP versions is largely a matter of rebuilding the loader, not reverse engineering new opcodes.

Realistic threat model

We design against real attackers: debuggers, patching attempts, static and dynamic analysis – not just "view source in a text editor".

Honest communication

No encryption system is "unbreakable", and we don't pretend otherwise. Instead, we publish security audits and test reports so teams can make informed decisions.

Roadmap & ecosystem

php-next is more than an encoder – it's evolving into a complete protection platform.

Our roadmap includes:

• A bundler for full-project builds (collect → bundle → encode in one step).
• Official CI/CD integrations (GitHub Actions, GitLab templates, etc.).
• A self-service online licensing dashboard for managing seats, activations and revocations.
• Advanced blob analytics and tamper alerts for ULTRA customers.

All of this is built on top of the same VM core and runtime technology used in the encoder today.

Who is behind php-next?

php-next is created and maintained by Nico, a long-time PHP developer and security enthusiast who has spent years building tools, platforms and media infrastructure under the Fanjora and madebynico.nl brands.