Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Possible to view PHP code of a website?

People also ask

Can you view PHP code from a website?

Web developers and others who are knowledgeable about web pages know you can use a browser to view the HTML source code of a website. However, if the website contains PHP code, that code is not visible, because all the PHP code is executed on the server before the website is sent to a browser.

Can anyone see my PHP code?

With a correctly configured web server, the PHP code isn't visible to your website visitors. For the PHP code to be accessible by people who visit your website, the server would have to be configured to display it as text instead of processing it as PHP code.

Can you view the code of a website?

To view only the source code, press Ctrl + U on your computer's keyboard. Right-click a blank part of the web page and select View source from the pop-up menu that appears.

Can hackers see my PHP code?

So anyone who gets access to your server (via FTP, your web hosting control panel, a vulnerability in the PHP code you write) has potential to read through your PHP. The only reason usual users don't see the PHP is because Apache goes: Ah!


A bug or security vulnerability in the server (either Apache or the PHP engine), or your own PHP code, might allow an attacker to obtain access to your code.

For instance if you have a PHP script to allow people to download files, and an attacker can trick this script into download some of your PHP files, then your code can be leaked.

Since it's impossible to eliminate all bugs from the software you're using, if someone really wants to steal your code, and they have enough resources, there's a reasonable chance they'll be able to.

However, as long as you keep your server up-to-date, someone with casual interest is not able to see the PHP source unless there are some obvious security vulnerabilities in your code.

Read the Security section of the PHP manual as a starting point to keeping your code safe.


By using exploits or on badly configured servers it could be possible to download your PHP source. You could however either obfuscate and/or encrypt your code (using Zend Guard, Ioncube or a similar app) if you want to make sure your source will not be readable (to be accurate, obfuscation by itself could be reversed given enough time/resources, but I haven't found an IonCube or Zend Guard decryptor yet...).